You can try out this script if you like, it may or may not help.
I created it so I could more easily remember all the VPN knobs that need
to be touched when creating a VPN.
http://www.roq.com/projects/vpnsetup/vpnsetup.pl
Mike
Subhro wrote:
Hello,
I am trying to connect to my workplace which uses a Cisco IW600. I am
putting the connect log from the router below.
------
terminal monitor
IW600#
*Feb 3 22:00:44.051: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 64.191.227.249, remote= 220.225.82.250,
local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1),
remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x5A88B8A1(1518909601), conn_id= 0, keysize= 0, flags= 0x400B
*Feb 3 22:00:44.051: ISAKMP: received ke message (1/1)
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
*Feb 3 22:00:44.051: ISAKMP: Created a peer struct for
220.225.82.250, peer port 500
*Feb 3 22:00:44.051: ISAKMP: New peer created peer = 0x447C2CF4
peer_handle = 0x80000286
*Feb 3 22:00:44.051: ISAKMP: Locking peer struct 0x447C2CF4, IKE
refcount 1 for isakmp_initiator
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Setting client config settings 448F7964
*Feb 3 22:00:44.051: ISAKMP: local port 500, remote port 500
*Feb 3 22:00:44.051: ISAKMP: set new node 0 to QM_IDLE
*Feb 3 22:00:44.051: ISAKMP: Find a dup sa in the avl tree during
calling isadb_insert sa = 447DC520
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Can not start Aggressive
mode, trying Main mode.
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Looking for a matching key
for 220.225.82.250 in default
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): : success
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):found peer pre-shared key
matching 220.225.82.250
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New
State = IKE_I_MM1
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 1798766697
*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 756905305
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:13.043: ISAKMP:(0:0:N/A:0):purging SA., sa=44872764,
delme=44872764
*Feb 3 22:01:13.727: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic
43EDF9F4
-Process= "IP Input", ipl= 4, pid= 74
-Traceback= 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
*Feb 3 22:01:14.051: IPSEC(key_engine): request timer fired: count = 1,
(identity) local= 64.191.227.249, remote= 220.225.82.250,
local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1),
remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4)
*Feb 3 22:01:14.051: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 64.191.227.249, remote= 220.225.82.250,
local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1),
remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x385ACC06(945474566), conn_id= 0, keysize= 0, flags= 0x400B
*Feb 3 22:01:14.051: ISAKMP: received ke message (1/1)
*Feb 3 22:01:14.051: ISAKMP: set new node 0 to QM_IDLE
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):SA is still budding. Attached
new ipsec request to it. (local 64.191.227.249, remote 220.225.82.250)
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:28.147: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic
43EDF2FC
-Process= "IP Input", ipl= 4, pid= 74
-Traceback= 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
-----
I am using the method mentioned in the freebsd handbook. Please help
me out by telling me what exactly is wrong.
Thanks and Best Regards
Subhro
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
