From owner-freebsd-questions@FreeBSD.ORG  Fri Feb  3 22:16:03 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4BE3916A420
	for <freebsd-questions@freebsd.org>;
	Fri,  3 Feb 2006 22:16:03 +0000 (GMT)
	(envelope-from subhro.kar@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C194D43D45
	for <freebsd-questions@freebsd.org>;
	Fri,  3 Feb 2006 22:16:02 +0000 (GMT)
	(envelope-from subhro.kar@gmail.com)
Received: by zproxy.gmail.com with SMTP id 8so723447nzo
	for <freebsd-questions@freebsd.org>;
	Fri, 03 Feb 2006 14:16:01 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=Jo29HLgQeJy3W4X/EviOwdyM0WbRuAJNKgbGrXznLavrXSSpkJE+k/IcK7lJaYzu+qxGcViRqruGtCQSaq4t3xnymWZVqgDrp8MGG6YwjIc08FePfJ6xT7pQtKu7qZrhsusewkzpOZLPGUcz/RHkyYbFOjVKGgEK+BU4V9+xeDw=
Received: by 10.65.155.17 with SMTP id h17mr1379954qbo;
	Fri, 03 Feb 2006 14:16:01 -0800 (PST)
Received: by 10.65.211.7 with HTTP; Fri, 3 Feb 2006 14:16:01 -0800 (PST)
Message-ID: <b2807d040602031416k65b3d46dj2ed318013a4b18ce@mail.gmail.com>
Date: Fri, 3 Feb 2006 17:16:01 -0500
From: Subhro <subhro.kar@gmail.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: VPN not working
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2006 22:16:03 -0000

Hello,

I am trying to connect to my workplace which uses a Cisco IW600. I am
putting the connect log from the router below.

------
terminal monitor
IW600#
*Feb  3 22:00:44.051: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local=3D 64.191.227.249, remote=3D 220.225.82.25=
0,
    local_proxy=3D 172.16.3.151/255.255.255.255/0/0 (type=3D1),
    remote_proxy=3D 192.168.100.0/255.255.255.0/0/0 (type=3D4),
    protocol=3D ESP, transform=3D esp-3des esp-sha-hmac  (Tunnel),
    lifedur=3D 3600s and 4608000kb,
    spi=3D 0x5A88B8A1(1518909601), conn_id=3D 0, keysize=3D 0, flags=3D 0x4=
00B
*Feb  3 22:00:44.051: ISAKMP: received ke message (1/1)
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
*Feb  3 22:00:44.051: ISAKMP: Created a peer struct for
220.225.82.250, peer port 500
*Feb  3 22:00:44.051: ISAKMP: New peer created peer =3D 0x447C2CF4
peer_handle =3D 0x80000286
*Feb  3 22:00:44.051: ISAKMP: Locking peer struct 0x447C2CF4, IKE
refcount 1 for isakmp_initiator
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0):Setting client config settings 448=
F7964
*Feb  3 22:00:44.051: ISAKMP: local port 500, remote port 500
*Feb  3 22:00:44.051: ISAKMP: set new node 0 to QM_IDLE
*Feb  3 22:00:44.051: ISAKMP: Find a dup sa in the avl tree during
calling isadb_insert sa =3D 447DC520
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0):Can not start Aggressive
mode, trying Main mode.
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0):Looking for a matching key
for 220.225.82.250 in default
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): : success
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0):found peer pre-shared key
matching 220.225.82.250
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0):Input =3D IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0):Old State =3D IKE_READY  New
State =3D IKE_I_MM1

*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
*Feb  3 22:00:44.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb  3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb  3 22:00:54.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb  3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb  3 22:00:54.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb  3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 1798766697
*Feb  3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 756905305
*Feb  3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb  3 22:01:04.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb  3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb  3 22:01:04.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb  3 22:01:13.043: ISAKMP:(0:0:N/A:0):purging SA., sa=3D44872764,
delme=3D44872764
*Feb  3 22:01:13.727: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
header, chunk 0  data 446BFA58  chunkmagic 400B97A8  chunk_freemagic
43EDF9F4
-Process=3D "IP Input", ipl=3D 4, pid=3D 74
-Traceback=3D 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
*Feb  3 22:01:14.051: IPSEC(key_engine): request timer fired: count =3D 1,
  (identity) local=3D 64.191.227.249, remote=3D 220.225.82.250,
    local_proxy=3D 172.16.3.151/255.255.255.255/0/0 (type=3D1),
    remote_proxy=3D 192.168.100.0/255.255.255.0/0/0 (type=3D4)
*Feb  3 22:01:14.051: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local=3D 64.191.227.249, remote=3D 220.225.82.25=
0,
    local_proxy=3D 172.16.3.151/255.255.255.255/0/0 (type=3D1),
    remote_proxy=3D 192.168.100.0/255.255.255.0/0/0 (type=3D4),
    protocol=3D ESP, transform=3D esp-3des esp-sha-hmac  (Tunnel),
    lifedur=3D 3600s and 4608000kb,
    spi=3D 0x385ACC06(945474566), conn_id=3D 0, keysize=3D 0, flags=3D 0x40=
0B
*Feb  3 22:01:14.051: ISAKMP: received ke message (1/1)
*Feb  3 22:01:14.051: ISAKMP: set new node 0 to QM_IDLE
*Feb  3 22:01:14.051: ISAKMP:(0:0:N/A:0):SA is still budding. Attached
new ipsec request to it. (local 64.191.227.249, remote 220.225.82.250)
*Feb  3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb  3 22:01:14.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb  3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb  3 22:01:14.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb  3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb  3 22:01:24.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb  3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb  3 22:01:24.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb  3 22:01:28.147: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
header, chunk 0  data 446BFA58  chunkmagic 400B97A8  chunk_freemagic
43EDF2FC
-Process=3D "IP Input", ipl=3D 4, pid=3D 74
-Traceback=3D 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
-----


I am using the method mentioned in the freebsd handbook. Please help
me out by telling me what exactly is wrong.

Thanks and Best Regards
Subhro