Date: Fri, 3 Feb 2006 17:16:01 -0500 From: Subhro <subhro.kar@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: VPN not working Message-ID: <b2807d040602031416k65b3d46dj2ed318013a4b18ce@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I am trying to connect to my workplace which uses a Cisco IW600. I am
putting the connect log from the router below.
------
terminal monitor
IW600#
*Feb 3 22:00:44.051: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local=3D 64.191.227.249, remote=3D 220.225.82.25=
0,
local_proxy=3D 172.16.3.151/255.255.255.255/0/0 (type=3D1),
remote_proxy=3D 192.168.100.0/255.255.255.0/0/0 (type=3D4),
protocol=3D ESP, transform=3D esp-3des esp-sha-hmac (Tunnel),
lifedur=3D 3600s and 4608000kb,
spi=3D 0x5A88B8A1(1518909601), conn_id=3D 0, keysize=3D 0, flags=3D 0x4=
00B
*Feb 3 22:00:44.051: ISAKMP: received ke message (1/1)
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
*Feb 3 22:00:44.051: ISAKMP: Created a peer struct for
220.225.82.250, peer port 500
*Feb 3 22:00:44.051: ISAKMP: New peer created peer =3D 0x447C2CF4
peer_handle =3D 0x80000286
*Feb 3 22:00:44.051: ISAKMP: Locking peer struct 0x447C2CF4, IKE
refcount 1 for isakmp_initiator
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Setting client config settings 448=
F7964
*Feb 3 22:00:44.051: ISAKMP: local port 500, remote port 500
*Feb 3 22:00:44.051: ISAKMP: set new node 0 to QM_IDLE
*Feb 3 22:00:44.051: ISAKMP: Find a dup sa in the avl tree during
calling isadb_insert sa =3D 447DC520
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Can not start Aggressive
mode, trying Main mode.
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Looking for a matching key
for 220.225.82.250 in default
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): : success
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):found peer pre-shared key
matching 220.225.82.250
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Input =3D IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Old State =3D IKE_READY New
State =3D IKE_I_MM1
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 1798766697
*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 756905305
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:13.043: ISAKMP:(0:0:N/A:0):purging SA., sa=3D44872764,
delme=3D44872764
*Feb 3 22:01:13.727: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic
43EDF9F4
-Process=3D "IP Input", ipl=3D 4, pid=3D 74
-Traceback=3D 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
*Feb 3 22:01:14.051: IPSEC(key_engine): request timer fired: count =3D 1,
(identity) local=3D 64.191.227.249, remote=3D 220.225.82.250,
local_proxy=3D 172.16.3.151/255.255.255.255/0/0 (type=3D1),
remote_proxy=3D 192.168.100.0/255.255.255.0/0/0 (type=3D4)
*Feb 3 22:01:14.051: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local=3D 64.191.227.249, remote=3D 220.225.82.25=
0,
local_proxy=3D 172.16.3.151/255.255.255.255/0/0 (type=3D1),
remote_proxy=3D 192.168.100.0/255.255.255.0/0/0 (type=3D4),
protocol=3D ESP, transform=3D esp-3des esp-sha-hmac (Tunnel),
lifedur=3D 3600s and 4608000kb,
spi=3D 0x385ACC06(945474566), conn_id=3D 0, keysize=3D 0, flags=3D 0x40=
0B
*Feb 3 22:01:14.051: ISAKMP: received ke message (1/1)
*Feb 3 22:01:14.051: ISAKMP: set new node 0 to QM_IDLE
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):SA is still budding. Attached
new ipsec request to it. (local 64.191.227.249, remote 220.225.82.250)
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E...
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
sa: retransmit phase 1
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STAT=
E
*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): sending packet to
220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 3 22:01:28.147: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic
43EDF2FC
-Process=3D "IP Input", ipl=3D 4, pid=3D 74
-Traceback=3D 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
-----
I am using the method mentioned in the freebsd handbook. Please help
me out by telling me what exactly is wrong.
Thanks and Best Regards
Subhro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2807d040602031416k65b3d46dj2ed318013a4b18ce>