Microsoft
Software
Hardware
Network
Question : Cisco VPN client and ASA 5510 not working
Greetings
I have an ASA that I use to terminate Cisco router EZVPN clients, and that works perfectly all the time.
I am now trying to get a Cisco VPN client (Windows) to make a connection to the ASA, and it is failing beyond belief.
My VPN client log says:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6001 Service Pack 1
2 11:34:33.899 07/31/10 Sev=Info/4 CM/0x63100002
Begin connection process
3 11:34:33.905 07/31/10 Sev=Info/4 CM/0x63100004
Establish secure connection
4 11:34:33.905 07/31/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "xxx.xxx.xxx.xxx"
5 11:34:33.916 07/31/10 Sev=Info/6 CM/0x6310002F
Allocated local TCP port 52305 for TCP connection.
6 11:34:34.357 07/31/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
7 11:34:34.357 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
8 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x6370002C
Sent 5 packets, 0 were fragmented.
9 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x63700020
TCP SYN sent to xxx.xxx.xxx.xxx, src port 52305, dst port 48590
10 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x6370001C
TCP SYN-ACK received from xxx.xxx.xxx.xxx, src port 48590, dst port 52305
11 11:34:34.357 07/31/10 Sev=Info/6 IPSEC/0x63700021
TCP ACK sent to xxx.xxx.xxx.xxx, src port 52305, dst port 48590
12 11:34:34.357 07/31/10 Sev=Info/4 CM/0x63100029
TCP connection established on port 48590 with server "xxx.xxx.xxx.xxx"
13 11:34:34.867 07/31/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "xxx.xxx.xxx.xxx"
14 11:34:34.877 07/31/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with xxx.xxx.xxx.xxx.
15 11:34:34.884 07/31/10 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
16 11:34:34.898 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to xxx.xxx.xxx.xxx
17 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
18 11:34:34.955 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from xxx.xxx.xxx.xxx
19 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
20 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
21 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports DPD
22 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
23 11:34:34.955 07/31/10 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
24 11:34:34.969 07/31/10 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
25 11:34:34.969 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
ACT, VID(?), VID(Unity)) to xxx.xxx.xxx.xxx
26 11:34:34.969 07/31/10 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xC08B, Remote Port = 0x01F4
27 11:34:34.969 07/31/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
28 11:34:35.024 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
29 11:34:35.024 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xxx.xxx.xxx.xxx
30 11:34:35.024 07/31/10 Sev=Info/4 CM/0x63100015
Launch xAuth application
31 11:34:35.029 07/31/10 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
32 11:34:37.563 07/31/10 Sev=Info/4 CM/0x63100017
xAuth application returned
33 11:34:37.563 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
34 11:34:37.619 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
35 11:34:37.620 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xxx.xxx.xxx.xxx
36 11:34:37.620 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
37 11:34:37.620 07/31/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
38 11:34:37.627 07/31/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
39 11:34:37.628 07/31/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
40 11:34:37.684 07/31/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = xxx.xxx.xxx.xxx
41 11:34:37.685 07/31/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DWR) from xxx.xxx.xxx.xxx
42 11:34:37.685 07/31/10 Sev=Info/4 IKE/0x63000081
Delete Reason Code: 4 --> PEER_DELETE-IKE_DELETE_NO_
ERROR.
43 11:34:37.685 07/31/10 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=B0BFC7529CFC2955 R_Cookie=290593D3F51C1B1E
44 11:34:37.685 07/31/10 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=B0BFC7529CFC2955
R_Cookie=290593D3F51C1B1E)
reason = PEER_DELETE-IKE_DELETE_NO_
ERROR
45 11:34:37.909 07/31/10 Sev=Info/6 IPSEC/0x6370001D
TCP RST received from xxx.xxx.xxx.xxx, src port 48590, dst port 52305
46 11:34:38.410 07/31/10 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=B0BFC7529CFC2955
R_Cookie=290593D3F51C1B1E)
reason = PEER_DELETE-IKE_DELETE_NO_
ERROR
47 11:34:38.410 07/31/10 Sev=Info/4 CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "PEER_DELETE-IKE_DELETE_NO
_ERROR". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
48 11:34:38.411 07/31/10 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
49 11:34:38.416 07/31/10 Sev=Info/4 CM/0x6310002D
Resetting TCP connection on port 48590
50 11:34:38.417 07/31/10 Sev=Info/6 CM/0x63100030
Removed local TCP port 52305 for TCP connection.
51 11:34:38.420 07/31/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
52 11:34:38.420 07/31/10 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
53 11:34:38.429 07/31/10 Sev=Info/6 IPSEC/0x63700023
TCP RST sent to xxx.xxx.xxx.xxx, src port 52305, dst port 48590
54 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
55 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
56 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
57 11:34:38.429 07/31/10 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
My ASA debug (isakmp and ipsec) says:
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 00 00 00 00 00 00 00 00 | ..K.............
01 10 04 00 00 00 00 00 00 00 03 40 04 00 02 2c | ...........@...,
00 00 00 01 00 00 00 01 00 00 02 20 01 01 00 0e | ........... ....
03 00 00 28 01 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 01 00 03 00 00 28 02 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 fd e9 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 | ......... ......
03 00 00 28 03 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 01 00 03 00 00 28 04 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 | ......... ......
03 00 00 28 05 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 00 80 03 00 00 28 06 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 fd e9 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 | ......... ......
03 00 00 28 07 01 00 00 80 01 00 07 80 02 00 02 | ...(............
80 04 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 80 0e 00 80 03 00 00 28 08 01 00 00 | . .........(....
80 01 00 07 80 02 00 01 80 04 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 | ......... ......
03 00 00 24 09 01 00 00 80 01 00 05 80 02 00 02 | ...$............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 03 00 00 24 0a 01 00 00 80 01 00 05 | . .....$........
80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01 | ................
00 0c 00 04 00 20 c4 9b 03 00 00 24 0b 01 00 00 | ..... .....$....
80 01 00 05 80 02 00 02 80 04 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 20 c4 9b 03 00 00 24 | ......... .....$
0c 01 00 00 80 01 00 05 80 02 00 01 80 04 00 02 | ................
80 03 00 01 80 0b 00 01 00 0c 00 04 00 20 c4 9b | ............. ..
03 00 00 24 0d 01 00 00 80 01 00 01 80 02 00 01 | ...$............
80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04 | ................
00 20 c4 9b 00 00 00 24 0e 01 00 00 80 01 00 01 | . .....$........
80 02 00 01 80 04 00 02 80 03 00 01 80 0b 00 01 | ................
00 0c 00 04 00 20 c4 9b 0a 00 00 84 aa d0 10 bb | ..... ..........
b3 75 4e 2b 30 b0 ae 16 30 6f 55 ca b3 3c 95 e6 | .uN+0...0oU..<..
42 d6 b4 70 a1 5e 71 9f 39 08 db 0b f7 c7 a6 7f | B..p.^q.9......
98 9f e2 7c cf 4a 2c df d8 88 ee af fc 85 e8 f1 | ...|.J,.........
3f 1b a2 73 eb f6 05 eb 53 6c 47 b8 4f 99 8f 22 | ?..s....SlG.O.."
a5 19 ea c3 ef d6 57 bf 4c 2b e7 96 5b c4 fe 7e | ......W.L+..[..~
ac e8 2d f3 18 7e 9a 53 49 1f bf 58 f5 78 92 36 | ..-..~.SI..X.x.6
0b b9 04 c4 36 15 4f 03 4f 74 c4 75 f0 7d 06 a7 | ....6.O.Ot.u.}..
29 54 41 bc 72 e7 8c 9e 34 7d eb 2d 05 00 00 18 | )TA.r...4}.-....
13 15 e9 82 af d4 ee 22 0d 84 8f ae 6c 30 fe 41 | ......."....l0.A
ce 74 79 29 0d 00 00 10 0b 11 01 f4 57 41 4e 53 | .ty)........WANGR
4e 4d 50 43 0d 00 00 0c 09 00 26 89 df d6 b7 12 | OUPX......&.....
0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | ........h...k...
77 57 01 00 0d 00 00 18 40 48 b7 d5 6e bc e8 85 |
[email protected]
...
25 e7 de 7f 00 d6 c2 d3 80 00 00 00 00 00 00 14 | %..............
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00 | ....Eqh.p-..t...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (none)
MessageID: 00000000
Length: 832
Payload Security Association
Next Payload: Key Exchange
Reserved: 00
Payload Length: 556
DOI: IPsec
Situation:(SIT_IDENTITY_ON
LY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 544
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 14
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 2
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 3
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 4
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 256
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 5
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 6
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 7
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 8
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Key Length: 128
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 9
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 10
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 11
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 12
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 13
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 14
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: DES-CBC
Hash Algorithm: MD5
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
aa d0 10 bb b3 75 4e 2b 30 b0 ae 16 30 6f 55 ca
b3 3c 95 e6 42 d6 b4 70 a1 5e 71 9f 39 08 db 0b
f7 c7 a6 7f 98 9f e2 7c cf 4a 2c df d8 88 ee af
fc 85 e8 f1 3f 1b a2 73 eb f6 05 eb 53 6c 47 b8
4f 99 8f 22 a5 19 ea c3 ef d6 57 bf 4c 2b e7 96
5b c4 fe 7e ac e8 2d f3 18 7e 9a 53 49 1f bf 58
f5 78 92 36 0b b9 04 c4 36 15 4f 03 4f 74 c4 75
f0 7d 06 a7 29 54 41 bc 72 e7 8c 9e 34 7d eb 2d
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
13 15 e9 82 af d4 ee 22 0d 84 8f ae 6c 30 fe 41
ce 74 79 29
Payload Identification
Next Payload: Vendor ID
Reserved: 00
Payload Length: 16
ID Type: ID_KEY_ID (11)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: VPNGROUPX
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
80 00 00 00
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 832
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, Responder: IPSec over TCP encapsulation is used local TCP port: 48590 peer TCP port: 52338
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing SA payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing ke payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing ISA_KE payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing nonce payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing ID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received xauth V6 VID
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received DPD VID
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received Fragmentation VID
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: IP = xxx.xxx.xxx.xxx, Received Cisco Unity client VID
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, Connection landed on tunnel_group VPNGROUPX
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing IKE SA payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing ISAKMP SA payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing ke payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing nonce payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Generating keys for Responder...
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing ID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing hash payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Computing hash for ISAKMP
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing Cisco Unity VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing xauth V6 VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing dpd vid payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing Fragmentation VID + extended capabilities payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Send IOS VID
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 392
SENDING PACKET to xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Security Association
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (none)
MessageID: 00000000
Length: 392
Payload Security Association
Next Payload: Key Exchange
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ON
LY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 9
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: XAUTH_INIT_PRESHRD
Life Type: seconds
Life Duration (Hex): 00 20 c4 9b
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
f6 58 f8 d6 6d 74 7a 7c 24 f4 2d 56 12 47 bf 2b
3b 19 94 10 29 5f 03 5b a8 6e 9a fb 98 15 57 bf
aa 4f 37 89 cd 7d 36 e0 9b 85 85 6f bc e3 ca 26
54 23 77 9b 9d 69 0c 44 1c 8c c4 33 ce bb 8a 2b
f5 70 2f 5b 62 b2 44 e2 63 19 da 8e 7a 33 24 c0
ae f4 74 34 b4 57 04 32 6c 68 8b 19 6c 0e 1f 1c
e4 9c 97 c9 ee 65 c7 2d 0f 5d a8 d2 98 e4 d8 32
dc 4b ba a7 d5 e8 dd ed 96 3d c4 6f 85 20 19 ce
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
a0 9b 92 d6 10 3c e4 57 85 0d 8c 6f 50 59 0a 95
4c f8 57 50
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 0
ID Data: xxx.xxx.xxx.xxx
Payload Hash
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
7f d6 cd 2d 58 5e 44 37 be dd e8 6a ec cb 63 93
4f 9a 63 f4
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
c2 a6 22 de a8 0b f3 41 ae cc b7 18 81 5d 9d 22
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 04 01 00 00 00 00 00 00 00 7c 91 45 62 a6 | ...........|.Eb.
0a ad 3e e6 b9 3f 96 e0 be bd 63 12 4c d6 7b 3c | ..>..?....c.L.{<
8a 8f fb c3 d2 93 6f 66 8b de dc 17 81 09 ad 49 | ......of.......I
48 37 84 ce 56 1c 9f a7 94 9a 1b f3 24 76 44 21 | H7..V.......$vD!
e7 b9 f5 f8 f4 cb 25 2c 2d 4e ce 00 b5 5b 03 e9 | ......%,-N...[..
96 0e 83 eb ad 15 a7 a0 86 21 c5 32 0c b3 b4 78 | .........!.2...x
6a 29 d4 d0 eb 51 47 3b 06 e3 68 f7 | j)...QG;..h.
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (Encryption)
MessageID: 00000000
Length: 124
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Aggressive Mode
Flags: (Encryption)
MessageID: 00000000
Length: 124
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
87 c1 69 a3 83 d9 9e 5c 69 9a e5 e1 25 e9 1e 3e
4f 95 e1 84
Payload Notification
Next Payload: Vendor ID
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7b dd ec 9e a2 c1 9f fb 12 74 fe 6c 3f c3 b5 7d
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 120
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing hash payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Computing hash for ISAKMP
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing notify payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, processing VID payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Received Cisco Unity client VID
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing blank hash payload
Jul 31 11:15:43 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, constructing qm hash payload
Jul 31 11:15:43 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=8cf6bd6a) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 00 6a bd f6 8c 1c 00 00 00 0e 00 00 18 | ....j...........
04 f2 48 b2 c6 a0 b0 4a b8 96 36 e3 48 0f 18 bc | ..H....J..6.H...
cd 63 d0 02 00 00 00 14 01 00 00 00 c0 88 00 00 | .c..............
40 89 00 00 40 8a 00 00 | @...@...
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (none)
MessageID: 6ABDF68C
Length: 469762048
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
04 f2 48 b2 c6 a0 b0 4a b8 96 36 e3 48 0f 18 bc
cd 63 d0 02
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 20
type: ISAKMP_CFG_REQUEST
Reserved: 00
Identifier: 0000
XAUTH Type: Generic
XAUTH User Name: (empty)
XAUTH User Password: (empty)
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 8CF6BD6A
Length: 76
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 01 8c f6 bd 6a 00 00 00 5c 19 5b d4 85 | .......j...\.[..
cb 71 c0 50 be f7 59 da 9f 5e 7c 20 f8 dc 84 69 | .q.P..Y..^| ...i
f2 67 fa 91 df 20 35 20 b5 ca 07 39 59 7e ca 6b | .g... 5 ...9Y~.k
14 d3 91 61 5b d5 87 3a 4d e8 11 a7 ec 14 b4 0d | ...a[..:M.......
60 87 22 30 9a 34 2f 96 d2 b7 1c 83 | `."0.4/.....
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 8CF6BD6A
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 8CF6BD6A
Length: 92
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
23 5b 1d c1 af da 62 ee 33 eb 77 a3 04 78 08 f7
76 d0 93 74
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 36
type: ISAKMP_CFG_REPLY
Reserved: 00
Identifier: 0000
XAUTH Type: Generic
XAUTH User Name: (data not displayed)
XAUTH User Password: (data not displayed)
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=8cf6bd6a) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 88
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, process_attr(): Enter!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, IP = xxx.xxx.xxx.xxx, Processing MODE_CFG Reply attributes.
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: primary DNS = 66.209.211.200
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: secondary DNS = cleared
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: primary WINS = cleared
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: secondary WINS = cleared
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: default domain = xxx.net
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: IP Compression = disabled
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, User (vpnusernameX) authenticated.
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing blank hash payload
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing qm hash payload
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=2b4586df) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 00 df 86 45 2b 1c 00 00 00 0e 00 00 18 | ......E+........
d6 3f ea 75 37 3c e1 7a 33 c0 ec 55 d3 7b fc c8 | .?.u7<.z3..U.{..
4d eb 9b cb 00 00 00 0c 03 00 00 00 c0 8f 00 01 | M...............
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (none)
MessageID: DF86452B
Length: 469762048
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
d6 3f ea 75 37 3c e1 7a 33 c0 ec 55 d3 7b fc c8
4d eb 9b cb
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 12
type: ISAKMP_CFG_SET
Reserved: 00
Identifier: 0000
XAUTH Status: Pass
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 2B4586DF
Length: 68
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 01 2b 45 86 df 00 00 00 3c 3f b5 14 da | ....+E.....<?...
1d d2 04 9a 73 6d f7 69 63 c1 38 97 02 8b fa 0f | ....sm.ic.8.....
91 ea 02 4e ca f0 38 c9 84 e0 cb 3b | ...N..8....;
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 2B4586DF
Length: 60
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: 2B4586DF
Length: 60
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
b1 71 98 14 a5 29 94 8e dc c4 08 43 0a 6c 9c 6c
b1 e9 25 0a
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 8
type: ISAKMP_CFG_ACK
Reserved: 00
Identifier: 0000
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=2b4586df) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, process_attr(): Enter!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Processing cfg ACK attributes
IKE Recv RAW packet dump
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 06 01 bb 83 40 71 00 00 00 b4 a7 d2 64 ca |
[email protected]
.
89 fc 06 58 d4 75 cb 62 d9 1c f2 63 c2 50 10 34 | ...X.u.b...c.P.4
d5 f1 9d 5f 1b e7 c9 83 a3 11 4a 6f dd 82 09 1f | ..._......Jo....
06 5f 2d 76 a6 3a ed 6b e0 78 4a 49 ec be 42 c7 | ._-v.:.k.xJI..B.
84 d8 34 52 d6 a8 28 7a cb 77 17 f5 d5 d1 f1 9e | ..4R..(z.w......
c1 8f 04 9e 96 cd 31 4f 60 0f 06 e6 0f d1 ec 42 | ......1O`......B
b9 c6 ad 3c 90 ce c5 ec e9 48 d3 40 6c 6b 46 67 | ...<.....H.@lkFg
06 a9 de 26 19 0d bc ef e0 c6 b1 10 98 58 d3 0b | ...&.........X..
4b 4e 05 19 cb ec 90 66 c1 ad 78 26 56 b5 88 55 | KN.....f..x&V..U
d9 9a 71 fe a4 2d b1 ba 4e f4 d8 fb c9 65 c1 21 | ..q..-..N....e.!
ff 64 66 6c | .dfl
RECV PACKET from xxx.xxx.xxx.xxx
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: BB834071
Length: 180
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Transaction
Flags: (Encryption)
MessageID: BB834071
Length: 180
Payload Hash
Next Payload: Attributes
Reserved: 00
Payload Length: 24
Data:
8b 05 3a 5d 1f ab 46 aa 36 7e ac cf 54 a7 9e 52
7c 80 36 a6
Payload Attributes
Next Payload: None
Reserved: 00
Payload Length: 126
type: ISAKMP_CFG_REQUEST
Reserved: 00
Identifier: 0000
IPv4 Address: (empty)
IPv4 Netmask: (empty)
IPv4 DNS: (empty)
IPv4 NBNS (WINS): (empty)
Address Expiry: (empty)
Cisco extension: Banner: (empty)
Cisco extension: Save PWD: (empty)
Cisco extension: Default Domain Name: (empty)
Cisco extension: Split Include: (empty)
Cisco extension: Split DNS Name: (empty)
Cisco extension: Do PFS: (empty)
Unknown: (empty)
Cisco extension: Backup Servers: (empty)
Unknown: (empty)
Application Version:
43 69 73 63 6f 20 53 79 73 74 65 6d 73 20 56 50
4e 20 43 6c 69 65 6e 74 20 35 2e 30 2e 30 37 2e
30 32 39 30 3a 57 69 6e 4e 54
Cisco extension: Firewall Type: (empty)
Cisco extension: Dynamic DNS Hostname: 48 6f 73 74 69 6e 67 33
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=bb834071) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 178
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, process_attr(): Enter!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Processing cfg Request attributes
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for IPV4 address!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for IPV4 net mask!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for DNS server address!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for WINS server address!
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Received unsupported transaction mode attribute: 5
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Banner!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Save PW setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Default Domain Name!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Split Tunnel List!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Split DNS!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for PFS setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Client Browser Proxy Setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for backup ip-sec peer list!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for Application Version!
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Client Type: WinNT Client Application Version: 5.0.07.0290
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for FWTYPE!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, MODE_CFG: Received request for DHCP hostname for DDNS is: Hosting3!
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE received response of type [] to a request from the IP address utility
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Cannot obtain an IP address for remote peer
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE TM V6 FSM error history (struct &0xcc049470) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY,
NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ,
EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE AM Responder FSM error history (struct &0xcc043a28) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODE
CFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MO
DECFG_V6H,
NullEvent-->AM_TM_INIT_MOD
ECFG, EV_WAIT-->AM_TM_INIT_XAUTH
_V6H, EV_CHECK_QM_MSG-->AM_TM_IN
IT_XAUTH_V
6H, EV_TM_XAUTH_OK-->AM_TM_INI
T_XAUTH_V6
H, NullEvent-->AM_TM_INIT_XAU
TH_V6H, EV_ACTIVATE_NEW_SA
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, IKE SA AM:c3856137 terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, sending delete/delete with reason message
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing blank hash payload
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing IKE delete with reason payload
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Sending IKE Delete With Reason message: No Reason Provided.
Jul 31 11:15:46 [IKEv1 DEBUG]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, constructing qm hash payload
Jul 31 11:15:46 [IKEv1]: IP = xxx.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=cc002501) with payloads : HDR + HASH (8) + DWR (129) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 a8 0a f3 41 | ..K.....7a.....A
08 10 05 00 01 25 00 cc 1c 00 00 00 81 00 00 18 | .....%..........
24 f6 b4 34 2d aa 6f bc ae f8 90 21 eb bd ae c4 | $..4-.o....!....
0d ea c5 21 00 00 00 20 00 00 00 01 01 10 00 01 | ...!... ........
00 00 00 04 8e 1a 4b 83 a2 c0 9f fb 37 61 85 c3 | ......K.....7a..
a8 0a f3 41 | ...A
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 012500CC
Length: 469762048
Payload Hash
Next Payload: Private Use
Reserved: 00
Payload Length: 24
Data:
24 f6 b4 34 2d aa 6f bc ae f8 90 21 eb bd ae c4
0d ea c5 21
Payload Private Use
Next Payload: None
Reserved: 00
Payload Length: 32
ISAKMP Header
Initiator COOKIE: 8e 1a 4b 83 a2 c0 9f fb
Responder COOKIE: 37 61 85 c3 a8 0a f3 41
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: CC002501
Length: 84
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Removing peer from peer table failed, no match!
Jul 31 11:15:46 [IKEv1]: Group = VPNGROUPX, Username = vpnusernameX, IP = xxx.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry
Answer : Cisco VPN client and ASA 5510 not working
is there any special reason for this dynamic-mao entries, as a workaround
can you delete those unwanted entries. I hope VPN is connecting to the outdide interface of FW , copy and paste the below commands
clear configure crypto dynamic-map Outside_dyn_map
no crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto isakmp nat-traversal 60
so your SYSTEM_DEFAULT_CRYPTO_MAP will will handle all the request , try and let me know .
what client log showing ?
Random Solutions
Need to monitor specific events in SCOM 2007 R2
Secure Email for HIPAA compliance
RegisterArrayDeclaration and RegisterClientScriptBlock
How does one preload an entire image directory?
Mail folders->knowing what FILE is for what message
Winsock error in XP Professional Error 12029 Provider entry MSAFD Could not make an HTTP connection.
Unable to open Excel files...recieving error " Repairs to PDFMaker.xla
I have designed an website in flash as well in html, if the browser dont have flash then i want them to be directed to the html version, or else they need to directed to flash version
Lost User Selection on XP start up screen
What is the best Raid stripe size and Windows allocation unit size for large files?
