Microsoft
Software
Hardware
Network
Question : Cisco VPN client and ASA 5510 not working
Greetings
I have an ASA that I use to terminate Cisco router EZVPN clients, and that works perfectly all the time.
I am now trying to get a Cisco VPN client (Windows) to make a connection to the ASA, and it is failing beyond belief.
My VPN client log says:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6001 Service Pack 1
2 11:34:33.899 07/31/10 Sev=Info/4 CM/0x63100002
Begin connection process
3 11:34:33.905 07/31/10 Sev=Info/4 CM/0x63100004
Establish secure connection
4 11:34:33.905 07/31/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "xxx.xxx.xxx.xxx"
5 11:34:33.916 07/31/10 Sev=Info/6 CM/0x6310002F
Allocated local TCP port 52305 for TCP connection.
6 11:34:34.357 07/31/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
7 11:34:34.357 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
8 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x6370002C
Sent 5 packets, 0 were fragmented.
9 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x63700020
TCP SYN sent to xxx.xxx.xxx.xxx, src port 52305, dst port 48590
10 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x6370001C
TCP SYN-ACK received from xxx.xxx.xxx.xxx, src port 48590, dst port 52305
11 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x63700021
TCP ACK sent to xxx.xxx.xxx.xxx, src port 52305, dst port 48590
12 11:34:34.357 07/31/10 Sev=Info/4 CM/0x63100029
TCP connection established on port 48590 with server "xxx.xxx.xxx.xxx"
13 11:34:34.867 07/31/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "xxx.xxx.xxx.xxx"
14 11:34:34.877 07/31/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with xxx.xxx.xxx.xxx.
15 11:34:34.884 07/31/10 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
16 11:34:34.898 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to xxx.xxx.xxx.xxx
17 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
18 11:34:34.955 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from xxx.xxx.xxx.xxx
19 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
20 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
21 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports DPD
22 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
23 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
24 11:34:34.969 07/31/10 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
25 11:34:34.969 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
ACT, VID(?), VID(Unity)) to xxx.xxx.xxx.xxx
26 11:34:34.969 07/31/10 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xC08B, Remote Port = 0x01F4
27 11:34:34.969 07/31/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
28 11:34:35.024 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
29 11:34:35.024 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xxx.xxx.xxx.xxx
30 11:34:35.024 07/31/10 Sev=Info/4 CM/0x63100015
Launch xAuth application
31 11:34:35.029 07/31/10 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
32 11:34:37.563 07/31/10 Sev=Info/4 CM/0x63100017
xAuth application returned
33 11:34:37.563 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
34 11:34:37.619 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
35 11:34:37.620 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xxx.xxx.xxx.xxx
36 11:34:37.620 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
37 11:34:37.620 07/31/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
38 11:34:37.627 07/31/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
39 11:34:37.628 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
40 11:34:37.684 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
41 11:34:37.685 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DWR) from xxx.xxx.xxx.xxx
42 11:34:37.685 07/31/10 Sev=Info/4 IKE/0x63000081
Delete Reason Code: 4 --> PEER_DELETE-IKE_DELETE_NO_
ERROR.
43 11:34:37.685 07/31/10 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=B0BFC7529CFC2955 R_Cookie=290593D3F51C1B1E
44 11:34:37.685 07/31/10 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=B0BFC7529CFC2955
R_Cookie=290593D3F51C1B1E)
reason = PEER_DELETE-IKE_DELETE_NO_
ERROR
45 11:34:37.909 07/31/10 Sev=Info/6 IPSEC/0x6370001D
TCP RST received from xxx.xxx.xxx.xxx, src port 48590, dst port 52305
46 11:34:38.410 07/31/10 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=B0BFC7529CFC2955
R_Cookie=290593D3F51C1B1E)
reason = PEER_DELETE-IKE_DELETE_NO_
ERROR
47 11:34:38.410 07/31/10 Sev=Info/4 CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "PEER_DELETE-IKE_DELETE_NO
_ERROR". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
48 11:34:38.411 07/31/10 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
49 11:34:38.416 07/31/10 Sev=Info/4 CM/0x6310002D
Resetting TCP connection on port 48590
50 11:34:38.417 07/31/10 Sev=Info/6 CM/0x63100030
Removed local TCP port 52305 for TCP connection.
51 11:34:38.420 07/31/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
52 11:34:38.420 07/31/10 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
53 11:34:38.429 07/31/10 Sev=Info/6 IPSEC/0x63700023
TCP RST sent to xxx.xxx.xxx.xxx, src port 52305, dst port 48590
54 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
55 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
56 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
57 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
My ASA debug (isakmp and ipsec) says:
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 00 00 00 00 00 00 00 00 | ..K.............
01 10 04 00 00 00 00 00 00 00 03 40 04 00 02 2c | ...........@...,
00 00 00 01 00 00 00 01 00 00 02 20 01 01 00 0e | ........... ....
03 00 00 28 01 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 01 00 03 00 00 28 02 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 fd e9 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 | ......... ......
03 00 00 28 03 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 01 00 03 00 00 28 04 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 | ......... ......
03 00 00 28 05 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 00 80 03 00 00 28 06 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 fd e9 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 | ......... ......
03 00 00 28 07 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 00 80 03 00 00 28 08 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 | ......... ......
03 00 00 24 09 01 00 00 80 01 00 05 80 02 00 02 | ...$............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 03 00 00 24 0a 01 00 00 80 01 00 05 | . .....$........
80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01 | ................
00 0c 00 04 00 20 c4 9b 03 00 00 24 0b 01 00 00 | ..... .....$....
80 01 00 05 80 02 00 02 80 04 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 03 00 00 24 | ......... .....$
0c 01 00 00 80 01 00 05 80 02 00 01 80 04 00 02 | ................
80 03 00 01 80 0b 00 01 00 0c 00 04 00 20 c4 9b | ............. ..
03 00 00 24 0d 01 00 00 80 01 00 01 80 02 00 01 | ...$............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 00 00 00 24 0e 01 00 00 80 01 00 01 | . .....$........
80 02 00 01 80 04 00 02 80 03 00 01 80 0b 00 01 | ................
00 0c 00 04 00 20 c4 9b 0a 00 00 84 aa d0 10 bb | ..... ..........
b3 75 4e 2b 30 b0 ae 16 30 6f 55 ca b3 3c 95 e6 | .uN+0...0oU..<..
42 d6 b4 70 a1 5e 71 9f 39 08 db 0b f7 c7 a6 7f | B..p.^q.9......
98 9f e2 7c cf 4a 2c df d8 88 ee af fc 85 e8 f1 | ...|.J,.........
3f 1b a2 73 eb f6 05 eb 53 6c 47 b8 4f 99 8f 22 | ?..s....SlG.O.."
a5 19 ea c3 ef d6 57 bf 4c 2b e7 96 5b c4 fe 7e | ......W.L+..[..~
ac e8 2d f3 18 7e 9a 53 49 1f bf 58 f5 78 92 36 | ..-..~.SI..X.x.6
0b b9 04 c4 36 15 4f 03 4f 74 c4 75 f0 7d 06 a7 | ....6.O.Ot.u.}..
29 54 41 bc 72 e7 8c 9e 34 7d eb 2d 05 00 00 18 | )TA.r...4}.-....
13 15 e9 82 af d4 ee 22 0d 84 8f ae 6c 30 fe 41 | ......."....l0.A
ce 74 79 29 0d 00 00 10 0b 11 01 f4 57 41 4e 53 | .ty)........WANGR
4e 4d 50 43 0d 00 00 0c 09 00 26 89 df d6 b7 12 | OUPX......&.....
0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | ........h...k...
77 57 01 00 0d 00 00 18 40 48 b7 d5 6e bc e8 85 |
[email protected]
...
25 e7 de 7f 00 d6 c2 d3 80 00 00 00 00 00 00 14 | %..............
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00 | ....Eqh.p-..t...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (none)
MessageID: 00000000
Length: 832
Payload Security Association
Next Payload: Key Exchange
Reserved: 00
Payload Length: 556
DOI: IPsec
Situation:(SIT_IDENTITY_ON
LY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 544
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 14
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 2
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 3
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 4
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 5
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 6
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 7
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 8
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 9
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 10
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 11
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 12
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 13
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 14
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
aa d0 10 bb b3 75 4e 2b 30 b0 ae 16 30 6f 55 ca
b3 3c 95 e6 42 d6 b4 70 a1 5e 71 9f 39 08 db 0b
f7 c7 a6 7f 98 9f e2 7c cf 4a 2c df d8 88 ee af
fc 85 e8 f1 3f 1b a2 73 eb f6 05 eb 53 6c 47 b8
4f 99 8f 22 a5 19 ea c3 ef d6 57 bf 4c 2b e7 96
5b c4 fe 7e ac e8 2d f3 18 7e 9a 53 49 1f bf 58
f5 78 92 36 0b b9 04 c4 36 15 4f 03 4f 74 c4 75
f0 7d 06 a7 29 54 41 bc 72 e7 8c 9e 34 7d eb 2d
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
13 15 e9 82 af d4 ee 22 0d 84 8f ae 6c 30 fe 41
ce 74 79 29
Payload Identification
Next Payload: Vendor ID
Reserved: 00
Payload Length: 16
ID Type: ID_KEY_ID (11)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: VPNGROUPX
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
80 00 00 00
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 832
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, Responder: IPSec over TCP encapsulation is used local TCP port: 48590 peer TCP port: 52338
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing SA payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing ke payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing ISA_KE payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing nonce payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing ID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received xauth V6 VID
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received DPD VID
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received Fragmentation VID
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received Cisco Unity client VID
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, Connection landed on tunnel_group VPNGROUPX
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing IKE SA payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing ISAKMP SA payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing ke payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing nonce payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Generating keys for Responder...
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing ID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing hash payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Computing hash for ISAKMP
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing Cisco Unity VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing xauth V6 VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing dpd vid payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing Fragmentation VID + extended capabilities payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Send IOS VID
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 392
SENDING PACKET to xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Security Association
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (none)
MessageID: 00000000
Length: 392
Payload Security Association
Next Payload: Key Exchange
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ON
LY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 9
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
f6 58 f8 d6 6d 74 7a 7c 24 f4 2d 56 12 47 bf 2b
3b 19 94 10 29 5f 03 5b a8 6e 9a fb 98 15 57 bf
aa 4f 37 89 cd 7d 36 e0 9b 85 85 6f bc e3 ca 26
54 23 77 9b 9d 69 0c 44 1c 8c c4 33 ce bb 8a 2b
f5 70 2f 5b 62 b2 44 e2 63 19 da 8e 7a 33 24 c0
ae f4 74 34 b4 57 04 32 6c 68 8b 19 6c 0e 1f 1c
e4 9c 97 c9 ee 65 c7 2d 0f 5d a8 d2 98 e4 d8 32
dc 4b ba a7 d5 e8 dd ed 96 3d c4 6f 85 20 19 ce
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
a0 9b 92 d6 10 3c e4 57 85 0d 8c 6f 50 59 0a 95
4c f8 57 50
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 0
ID Data: xxx.xxx.xxx.xxx
Payload Hash
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
7f d6 cd 2d 58 5e 44 37 be dd e8 6a ec cb 63 93
4f 9a 63 f4
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
c2 a6 22 de a8 0b f3 41 ae cc b7 18 81 5d 9d 22
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 04 01 00 00 00 00 00 00 00 7c 91 45 62 a6 | ...........|.Eb.
0a ad 3e e6 b9 3f 96 e0 be bd 63 12 4c d6 7b 3c | ..>..?....c.L.{<
8a 8f fb c3 d2 93 6f 66 8b de dc 17 81 09 ad 49 | ......of.......I
48 37 84 ce 56 1c 9f a7 94 9a 1b f3 24 76 44 21 | H7..V.......$vD!
e7 b9 f5 f8 f4 cb 25 2c 2d 4e ce 00 b5 5b 03 e9 | ......%,-N...[..
96 0e 83 eb ad 15 a7 a0 86 21 c5 32 0c b3 b4 78 | .........!.2...x
6a 29 d4 d0 eb 51 47 3b 06 e3 68 f7 | j)...QG;..h.
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (Encryption)
MessageID: 00000000
Length: 124
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (Encryption)
MessageID: 00000000
Length: 124
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
87 c1 69 a3 83 d9 9e 5c 69 9a e5 e1 25 e9 1e 3e
4f 95 e1 84
Payload Notification
Next Payload: Vendor ID
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7b dd ec 9e a2 c1 9f fb 12 74 fe 6c 3f c3 b5 7d
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 120
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing hash payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Computing hash for ISAKMP
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing notify payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Received Cisco Unity client VID
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing blank hash payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing qm hash payload
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=8cf6bd6a) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 00 6a bd f6 8c 1c 00 00 00 0e 00 00 18 | ....j...........
04 f2 48 b2 c6 a0 b0 4a b8 96 36 e3 48 0f 18 bc | ..H....J..6.H...
cd 63 d0 02 00 00 00 14 01 00 00 00 c0 88 00 00 | .c..............
40 89 00 00 40 8a 00 00 | @...@...
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (none)
MessageID: 6ABDF68C
Length: 469762048
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
04 f2 48 b2 c6 a0 b0 4a b8 96 36 e3 48 0f 18 bc
cd 63 d0 02
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 20
type: ISAKMP_CFG_REQUEST
Reserved: 00
Identifier: 0000
XAUTH Type: Generic
XAUTH User Name: (empty)
XAUTH User Password: (empty)
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 8CF6BD6A
Length: 76
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 01 8c f6 bd 6a 00 00 00 5c 19 5b d4 85 | .......j...\.[..
cb 71 c0 50 be f7 59 da 9f 5e 7c 20 f8 dc 84 69 | .q.P..Y..^| ...i
f2 67 fa 91 df 20 35 20 b5 ca 07 39 59 7e ca 6b | .g... 5 ...9Y~.k
14 d3 91 61 5b d5 87 3a 4d e8 11 a7 ec 14 b4 0d | ...a[..:M.......
60 87 22 30 9a 34 2f 96 d2 b7 1c 83 | `."0.4/.....
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 8CF6BD6A
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 8CF6BD6A
Length: 92
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
23 5b 1d c1 af da 62 ee 33 eb 77 a3 04 78 08 f7
76 d0 93 74
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 36
type: ISAKMP_CFG_REPLY
Reserved: 00
Identifier: 0000
XAUTH Type: Generic
XAUTH User Name: (data not displayed)
XAUTH User Password: (data not displayed)
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=8cf6bd6a) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 88
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, process_attr(): Enter!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Processing MODE_CFG Reply attributes.
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: primary DNS = 66.209.211.200
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: secondary DNS = cleared
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: primary WINS = cleared
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: secondary WINS = cleared
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: default domain = xxx.net
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: IP Compression = disabled
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, User (vpnusernameX) authenticated.
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing blank hash payload
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing qm hash payload
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=2b4586df) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 00 df 86 45 2b 1c 00 00 00 0e 00 00 18 | ......E+........
d6 3f ea 75 37 3c e1 7a 33 c0 ec 55 d3 7b fc c8 | .?.u7<.z3..U.{..
4d eb 9b cb 00 00 00 0c 03 00 00 00 c0 8f 00 01 | M...............
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (none)
MessageID: DF86452B
Length: 469762048
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
d6 3f ea 75 37 3c e1 7a 33 c0 ec 55 d3 7b fc c8
4d eb 9b cb
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 12
type: ISAKMP_CFG_SET
Reserved: 00
Identifier: 0000
XAUTH Status: Pass
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 2B4586DF
Length: 68
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 01 2b 45 86 df 00 00 00 3c 3f b5 14 da | ....+E.....<?...
1d d2 04 9a 73 6d f7 69 63 c1 38 97 02 8b fa 0f | ....sm.ic.8.....
91 ea 02 4e ca f0 38 c9 84 e0 cb 3b | ...N..8....;
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 2B4586DF
Length: 60
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 2B4586DF
Length: 60
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
b1 71 98 14 a5 29 94 8e dc c4 08 43 0a 6c 9c 6c
b1 e9 25 0a
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 8
type: ISAKMP_CFG_ACK
Reserved: 00
Identifier: 0000
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=2b4586df) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, process_attr(): Enter!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Processing cfg ACK attributes
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 01 bb 83 40 71 00 00 00 b4 a7 d2 64 ca |
[email protected]
.
89 fc 06 58 d4 75 cb 62 d9 1c f2 63 c2 50 10 34 | ...X.u.b...c.P.4
d5 f1 9d 5f 1b e7 c9 83 a3 11 4a 6f dd 82 09 1f | ..._......Jo....
06 5f 2d 76 a6 3a ed 6b e0 78 4a 49 ec be 42 c7 | ._-v.:.k.xJI..B.
84 d8 34 52 d6 a8 28 7a cb 77 17 f5 d5 d1 f1 9e | ..4R..(z.w......
c1 8f 04 9e 96 cd 31 4f 60 0f 06 e6 0f d1 ec 42 | ......1O`......B
b9 c6 ad 3c 90 ce c5 ec e9 48 d3 40 6c 6b 46 67 | ...<.....H.@lkFg
06 a9 de 26 19 0d bc ef e0 c6 b1 10 98 58 d3 0b | ...&.........X..
4b 4e 05 19 cb ec 90 66 c1 ad 78 26 56 b5 88 55 | KN.....f..x&V..U
d9 9a 71 fe a4 2d b1 ba 4e f4 d8 fb c9 65 c1 21 | ..q..-..N....e.!
ff 64 66 6c | .dfl
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: BB834071
Length: 180
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: BB834071
Length: 180
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
8b 05 3a 5d 1f ab 46 aa 36 7e ac cf 54 a7 9e 52
7c 80 36 a6
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 126
type: ISAKMP_CFG_REQUEST
Reserved: 00
Identifier: 0000
IPv4 Address: (empty)
IPv4 Netmask: (empty)
IPv4 DNS: (empty)
IPv4 NBNS (WINS): (empty)
Address Expiry: (empty)
Cisco extension: Banner: (empty)
Cisco extension: Save PWD: (empty)
Cisco extension: Default Domain Name: (empty)
Cisco extension: Split Include: (empty)
Cisco extension: Split DNS Name: (empty)
Cisco extension: Do PFS: (empty)
Unknown: (empty)
Cisco extension: Backup Servers: (empty)
Unknown: (empty)
Application Version:
43 69 73 63 6f 20 53 79 73 74 65 6d 73 20 56 50
4e 20 43 6c 69 65 6e 74 20 35 2e 30 2e 30 37 2e
30 32 39 30 3a 57 69 6e 4e 54
Cisco extension: Firewall Type: (empty)
Cisco extension: Dynamic DNS Hostname: 48 6f 73 74 69 6e 67 33
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=bb834071) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 178
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, process_attr(): Enter!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Processing cfg Request attributes
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for IPV4 address!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for IPV4 net mask!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for DNS server address!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for WINS server address!
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Received unsupported transaction mode attribute: 5
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Banner!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Save PW setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Default Domain Name!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Split Tunnel List!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Split DNS!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for PFS setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Client Browser Proxy Setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for backup ip-sec peer list!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Application Version!
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Client Type: WinNT Client Application Version: 5.0.07.0290
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for FWTYPE!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for DHCP hostname for DDNS is: Hosting3!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE received response of type [] to a request from the IP address utility
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Cannot obtain an IP address for remote peer
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE TM V6 FSM error history (struct &0xcc049470) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY,
NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ,
EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE AM Responder FSM error history (struct &0xcc043a28) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODE
CFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MO
DECFG_V6H,
NullEvent-->AM_TM_INIT_MOD
ECFG, EV_WAIT-->AM_TM_INIT_XAUTH
_V6H, EV_CHECK_QM_MSG-->AM_TM_IN
IT_XAUTH_V
6H, EV_TM_XAUTH_OK-->AM_TM_INI
T_XAUTH_V6
H, NullEvent-->AM_TM_INIT_XAU
TH_V6H, EV_ACTIVATE_NEW_SA
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE SA AM:c3856137 terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, sending delete/delete with reason message
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing blank hash payload
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing IKE delete with reason payload
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Sending IKE Delete With Reason message: No Reason Provided.
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing qm hash payload
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=cc002501) with payloads : HDR + HASH (8) + DWR (129) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 05 00 01 25 00 cc 1c 00 00 00 81 00 00 18 | .....%..........
24 f6 b4 34 2d aa 6f bc ae f8 90 21 eb bd ae c4 | $..4-.o....!....
0d ea c5 21 00 00 00 20 00 00 00 01 01 10 00 01 | ...!... ........
00 00 00 04 8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 | ......K.....7a..
a8 0a f3 41 | ...A
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 012500CC
Length: 469762048
Payload Hash
Next Payload: Private Use
Reserved: 00
Payload Length: 24
Data:
24 f6 b4 34 2d aa 6f bc ae f8 90 21 eb bd ae c4
0d ea c5 21
Payload Private Use
Next Payload: None
Reserved: 00
Payload Length: 32
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: CC002501
Length: 84
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Removing peer from peer table failed, no match!
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry
Answer : Cisco VPN client and ASA 5510 not working
is there any special reason for this dynamic-mao entries, as a workaround
can you delete those unwanted entries. I hope VPN is connecting to the outdide interface of FW , copy and paste the below commands
clear configure crypto dynamic-map Outside_dyn_map
no crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto isakmp nat-traversal 60
so your SYSTEM_DEFAULT_CRYPTO_MAP will will handle all the request , try and let me know .
what client log showing ?
Random Solutions
"bad request" when trying to access 'options' page in Exchange 2010 OWA
Crystal report 2008, draw graph with huge of data.
Iterating through a PDF file (stepping through) for validation purposes
Custom Search Page and Impersonation
Assigning a GPO to specific users and one Server only ?
IIS - Host header Value basic question
Vmware standalone convertor error
How do I populate a SQL Express table from Excel file?
What SAN cert Exchange 2010 for UM, OA?
How to configure Stuck In active in GNS3
