Hi, could you get configuration of PIX. Not all of it required, just isakmp and crypto map stuff. Do they use xauth ?
Petr R. On 5/6/05, Richard Green <[EMAIL PROTECTED]> wrote: > Hi > > I've been struggling with this one for a while, and > would appeciate some advice from someone with more > experiece that I on creating VPN tunnel between an > OpenBSD (mine) and Cisco PIX (not mine..). Previously > I /did/ test this using OpenBSD to OpenBSD in a test > environment without problems. > > Phase 1 seems to work (at least, if I use a > deliberatlye incorrect shared secret I don't get this > far...) > > Seems to fail at at phase 2 of creating a connection. > > . > . > . > 183745.235438 Trpt 95 transport_release: transport > 0x3c06c3c0 had 2 references > 183745.235447 SA 80 sa_release: SA 0x3c067900 had 7 > references > 183745.235465 Cryp 10 crypto_decrypt: before > decryption: > 183745.235483 Cryp 10 3de05661 1cf4f34a 3651e699 > 729bd793 7bd71a1e 82600c51 d3bdd8b6 799a2de5 > 183745.235493 Cryp 10 b8314032 10ac839b > 183745.235507 Cryp 30 crypto_decrypt: after > decryption: > 183745.235526 Cryp 30 0e000014 ade0a7a0 bcefb6d7 > a834796c 6f8997da 0000000c 03000000 80140000 > 183745.235537 Cryp 30 00000000 00000000 > 183745.235547 Mesg 50 message_parse_payloads: offset > 28 payload HASH > 183745.235556 Mesg 50 message_parse_payloads: offset > 48 payload ATTRIBUTE > 183745.235567 Mesg 60 message_validate_payloads: > payload HASH at 0x3c06b81c of message 0x3c06b600 > 183745.235577 Mesg 60 message_validate_payloads: > payload ATTRIBUTE at 0x3c06b830 of message 0x3c06b600 > 183745.235587 Mesg 70 TYPE: 3 > 183745.235596 Mesg 70 ID: 0 > 183745.235607 Exch 90 exchange_validate: checking for > required <Unknown -24112> > 183745.235619 Exch 90 exchange_validate: checking for > required <Unknown 7170> > 183745.235629 Mesg 70 exchange_validate: msg > 0x3c06b600 requires missing <Unknown 7170> > 183745.235637 Default exchange_run: exchange_validate > failed > 183745.235653 Default dropped message from > 202.148.145.81 port 500 due to notification type > PAYLOAD_MALFORMED > > On the Cisco side, the logs are not very helpful, nor > is it possible for me to get much detail from the > poeple I am connecting to... > 2005 19:24:31: %PIX-6-602202: ISAKMP session connected > (local 212.148.145.181 (responder), remote > 213.148.179.117/) > ./20050430/pfw85.wic.webcentral.com.au/messages:Apr 30 > 23:35:38 pix.somewhere.net Apr 30 > 2005 23:35:33: %PIX-6-109006: Authentication failed > for user '' from 213.148.179.117/0 to 202.148.145.81/0 > on interface outside > > My /etc/isakmpd/isakmpd.conf file uses transforms and > suites as per the Pix configuration. > > Using OpenBSD 3.6 (up to date). > > I don't really understand the actually error messages > in the isakmpd log (log level is -DA=99) - the error > messages start at about line 24000, so I have only > included a few lines from this in this request for > assistance working through this problem. > > Regards > Richard > > Find local movie times and trailers on Yahoo! Movies. > http://au.movies.yahoo.com
