Sujet Précédent Sujet Suivant

Cisco vpn client vpn

Fermé
salwayasalam - 13 mai 2010 à 10:06
 salwayasalam - 3 juin 2010 à 17:53

slt :)
j veux constitué 1 reseau local vpn et avoir l accé a ce reseux de vpnclient
voici ma config:

Building configuration...

Current configuration : 1800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn-rtr
!
boot-start-marker
boot-end-marker

no aaa new-model
ip cef

ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
username user password 0 cisco

crypto isakmp policy 3
encr aes
authentication pre-share
group 2

crypto isakmp client configuration group vpnclient
key cisco123
pool vpnpool
acl 101
crypto isakmp profile vpn-client-profile
match identity group vpnclient
client configuration address respond
virtual-template 1

crypto ipsec transform-set mytrans esp-aes esp-sha-hmac
crypto ipsec profile vpn-client-profile
set transform-set mytrans
set isakmp-profile vpn-client-profile

crypto dynamic-map dynmap 10
set transform-set mytrans
reverse-route

crypto map clientmap client configuration address initiate
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap

interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

interface FastEthernet0/1
ip address 10.128.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
!
ip local pool vpnpool 192.168.1.1 192.168.1.10
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source list 111 interface FastEthernet0/1 overload
!
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 deny ip 10.10.10.0 0.0.0.255 162.168.1.0 0.0.0.255
access-list 111 permit ip 10.10.10.0 0.0.0.255 any

kon j fé debug cry isakm il me donne:
*May 12 09:21:49.151: ISAKMP (0:0): received packet from 10.128.20.162 dport 500 sport 4806 Global (N) NEW SA
*May 12 09:21:49.151: ISAKMP: Created a peer struct for 10.128.20.162, peer port 4806
*May 12 09:21:49.151: ISAKMP: New peer created peer = 0x63EB5EA8 peer_handle = 0x80000009
*May 12 09:21:49.151: ISAKMP: Locking peer struct 0x63EB5EA8, IKE refcount 1 for crypto_isakmp_process_block
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0):Setting client config settings 639F16A0
*May 12 09:21:49.151: ISAKMP: local port 500, remote port 4806
*May 12 09:21:49.151: insert sa successfully sa = 63745AE4
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*May 12 09:21:49.151: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : vpnclient
protocol : 17
port : 500
length : 17
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0):: peer matches vpnclientprofile profile
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): processing vendor id payload
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): processing vendor id payload
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): processing vendor id payload
*May 12 09:21:49.151: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 194 mismatch
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0): processing vendor id payload
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0): processing vendor id payload
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*May 12 09:21:49.155: ISAKMP : Looking for xauth in profile vpnclientprofile
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy
*May 12 09:21:49.155: ISAKMP: encryption AES-CBC
*May 12 09:21:49.155: ISAKMP: hash SHA
*May 12 09:21:49.155: ISAKMP: default group 2
*May 12 09:21:49.155: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.155: ISAKMP: life type in seconds
*May 12 09:21:49.155: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.155: ISAKMP: keylength of 256
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 10 policy
*May 12 09:21:49.155: ISAKMP: encryption AES-CBC
*May 12 09:21:49.155: ISAKMP: hash MD5
*May 12 09:21:49.155: ISAKMP: default group 2
*May 12 09:21:49.155: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.155: ISAKMP: life type in seconds
*May 12 09:21:49.155: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.155: ISAKMP: keylength of 256
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 10 policy
*May 12 09:21:49.155: ISAKMP: encryption AES-CBC
*May 12 09:21:49.155: ISAKMP: hash SHA
*May 12 09:21:49.155: ISAKMP: default group 2
*May 12 09:21:49.155: ISAKMP: auth pre-share
*May 12 09:21:49.155: ISAKMP: life type in seconds
*May 12 09:21:49.155: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.155: ISAKMP: keylength of 256
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 10 policy
*May 12 09:21:49.155: ISAKMP: encryption AES-CBC
*May 12 09:21:49.155: ISAKMP: hash MD5
*May 12 09:21:49.155: ISAKMP: default group 2
*May 12 09:21:49.155: ISAKMP: auth pre-share
*May 12 09:21:49.155: ISAKMP: life type in seconds
*May 12 09:21:49.155: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.155: ISAKMP: keylength of 256
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.155: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption AES-CBC
*May 12 09:21:49.159: ISAKMP: hash SHA
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.159: ISAKMP: keylength of 128
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption AES-CBC
*May 12 09:21:49.159: ISAKMP: hash MD5
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.159: ISAKMP: keylength of 128
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption AES-CBC
*May 12 09:21:49.159: ISAKMP: hash SHA
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth pre-share
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.159: ISAKMP: keylength of 128
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption AES-CBC
*May 12 09:21:49.159: ISAKMP: hash MD5
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth pre-share
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.159: ISAKMP: keylength of 128
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.159: ISAKMP: hash SHA
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Xauth authentication by pre-shared key offered but does not match policy!
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.159: ISAKMP: hash MD5
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.159: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 10 policy
*May 12 09:21:49.159: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.159: ISAKMP: hash SHA
*May 12 09:21:49.159: ISAKMP: default group 2
*May 12 09:21:49.159: ISAKMP: auth pre-share
*May 12 09:21:49.159: ISAKMP: life type in seconds
*May 12 09:21:49.159: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Preshared authentication offered but does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 10 policy
*May 12 09:21:49.163: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.163: ISAKMP: hash MD5
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth pre-share
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 10 policy
*May 12 09:21:49.163: ISAKMP: encryption DES-CBC
*May 12 09:21:49.163: ISAKMP: hash MD5
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 10 policy
*May 12 09:21:49.163: ISAKMP: encryption DES-CBC
*May 12 09:21:49.163: ISAKMP: hash MD5
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth pre-share
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 65535 policy
*May 12 09:21:49.163: ISAKMP: encryption AES-CBC
*May 12 09:21:49.163: ISAKMP: hash SHA
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP: keylength of 256
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 65535 policy
*May 12 09:21:49.163: ISAKMP: encryption AES-CBC
*May 12 09:21:49.163: ISAKMP: hash MD5
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP: keylength of 256
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 65535 policy
*May 12 09:21:49.163: ISAKMP: encryption AES-CBC
*May 12 09:21:49.163: ISAKMP: hash SHA
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth pre-share
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP: keylength of 256
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 65535 policy
*May 12 09:21:49.163: ISAKMP: encryption AES-CBC
*May 12 09:21:49.163: ISAKMP: hash MD5
*May 12 09:21:49.163: ISAKMP: default group 2
*May 12 09:21:49.163: ISAKMP: auth pre-share
*May 12 09:21:49.163: ISAKMP: life type in seconds
*May 12 09:21:49.163: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.163: ISAKMP: keylength of 256
*May 12 09:21:49.163: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption AES-CBC
*May 12 09:21:49.167: ISAKMP: hash SHA
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP: keylength of 128
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption AES-CBC
*May 12 09:21:49.167: ISAKMP: hash MD5
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP: keylength of 128
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption AES-CBC
*May 12 09:21:49.167: ISAKMP: hash SHA
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth pre-share
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP: keylength of 128
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption AES-CBC
*May 12 09:21:49.167: ISAKMP: hash MD5
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth pre-share
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP: keylength of 128
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.167: ISAKMP: hash SHA
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.167: ISAKMP: hash MD5
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 65535 policy
*May 12 09:21:49.167: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.167: ISAKMP: hash SHA
*May 12 09:21:49.167: ISAKMP: default group 2
*May 12 09:21:49.167: ISAKMP: auth pre-share
*May 12 09:21:49.167: ISAKMP: life type in seconds
*May 12 09:21:49.167: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.167: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 65535 policy
*May 12 09:21:49.171: ISAKMP: encryption 3DES-CBC
*May 12 09:21:49.171: ISAKMP: hash MD5
*May 12 09:21:49.171: ISAKMP: default group 2
*May 12 09:21:49.171: ISAKMP: auth pre-share
*May 12 09:21:49.171: ISAKMP: life type in seconds
*May 12 09:21:49.171: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 65535 policy
*May 12 09:21:49.171: ISAKMP: encryption DES-CBC
*May 12 09:21:49.171: ISAKMP: hash MD5
*May 12 09:21:49.171: ISAKMP: default group 2
*May 12 09:21:49.171: ISAKMP: auth XAUTHInitPreShared
*May 12 09:21:49.171: ISAKMP: life type in seconds
*May 12 09:21:49.171: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 65535 policy
*May 12 09:21:49.171: ISAKMP: encryption DES-CBC
*May 12 09:21:49.171: ISAKMP: hash MD5
*May 12 09:21:49.171: ISAKMP: default group 2
*May 12 09:21:49.171: ISAKMP: auth pre-share
*May 12 09:21:49.171: ISAKMP: life type in seconds
*May 12 09:21:49.171: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):no offers accepted!
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0): phase 1 SA policy not acceptable! (local 10.128.20.1 remote 10.128.20.162)
*May 12 09:21:49.171: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0): sending packet to 10.128.20.162 my_port 500 peer_port 4806 (R) AG_NO_STATE
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):peer does not do paranoid keepalives.

*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 10.128.20.162)
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0): processing KE payload. message ID = 0
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0): group size changed! Should be 0, is 128
*May 12 09:21:49.171: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission
*May 12 09:21:49.171: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*May 12 09:21:49.171: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_READY

*May 12 09:21:49.171: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 10.128.20.162
*May 12 09:21:49.175: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 10.128.20.162)
*May 12 09:21:49.175: ISAKMP: Unlocking IKE struct 0x63EB5EA8 for isadb_mark_sa_deleted(), count 0
*May 12 09:21:49.175: ISAKMP: Deleting peer node by peer_reap for 10.128.20.162: 63EB5EA8
*May 12 09:21:49.175: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*May 12 09:21:49.175: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_DEST_SA

*May 12 09:21:54.323: ISAKMP (0:0): received packet from 10.128.20.162 dport 500 sport 4806 Global (R) MM_NO_STATE
*May 12 09:21:59.327: ISAKMP (0:0): received packet from 10.128.20.162 dport 500 sport 4806 Global (R) MM_NO_STATE
*May 12 09:22:04.327: ISAKMP (0:0): received packet from 10.128.20.162 dport 500 sport 4806 Global (R) MM_NO_STATEsh run
A voir également:

7 réponses

Réponse 1 / 7
salwayasalam
13 mai 2010 à 10:09
je c pa si je dois desactiver xauth!!!?
0
Réponse 2 / 7
salwayasalam
31 mai 2010 à 17:02
personne ne connait la réponse??? :'(
0
Réponse 3 / 7
falousse Messages postés 309 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 15 janvier 2013 35
31 mai 2010 à 17:42
Ta config est correctement paramétrer ou pas?
Ton test c'est avérer juste?
Parce que je pense que ta configuration est correctement paramétrer par contre pour le auth je le connait pas celui la si tu pourrai m'en parler un peu, ce serai cool
Merci!!
0
Réponse 4 / 7
salwayasalam
1 juin 2010 à 12:46
salut falousse :)
maintenant ma config marche bien, je suis connecteé, j ai ajouter deux lignes par coincidence :p et voila ,ca marche
- crypto map clientmap client authentication list userauthen
-crypto map clientmap isakmp authorization list groupauthor
mon, encadrant ma demander de ne pas utiliser le serveur aaa donc j ai crue que ces deux lignes correspond à AAA ,et j les pas mis, mais c toujours un probleme de 412 d apres le client vpn ==>jusqu à ce que je me suis demander pourquoi ne pas les essayé . c est tout
c est tu veux plus d'infos tu n as qu a me le dmander ;)
a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
falousse Messages postés 309 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 15 janvier 2013 35
1 juin 2010 à 17:31
Les deux lignes que tu as ajoutés c'est pour les régles de sécurités IPsec et les comptes utilisateurs? NAN ?


falousse06200@hotmail.fr
0
Réponse 6 / 7
salwayasalam
3 juin 2010 à 17:51
salut :) desolee pour le retard j ai trouver un doc
http://ww1.rapiddigger.com
il m a bien aider "mais c en anglai"
bon chance :)
0
Réponse 7 / 7
salwayasalam
3 juin 2010 à 17:53
sinon :p voila ce qu il ya apropos des lignes que j ai ajouter du mm doc :)

The crypto map static_map_name isakmp authorization list command specifies the aaa authorization network command to use to find the remote access group(s) configuration: the router looks for matching authorization_list_name values. If the method list is defined as local in the aaa authorization network command, the router looks for the group attributes locally; if you have specified group radius, the router looks for the group configuration on an AAA server.

The crypto map static_map_name client authentication list specifies the aaa authentication login command to use to authenticate users. The latter command tells the router to look for the user accounts on an AAA RADIUS server (a method list of group radius) or on the router itself (a method list of local specifies that the user accounts and passwords are defined locally with the username command).

The crypto map static_map_name client configuration address command specifies whether the Server initiates IKE Mode Config (initiate parameter) or the Remote initiates it (respond parameter). The Cisco VPN Client software and Easy VPN Remote hardware clients initiate IKE Mode config. The old Cisco Secure 1.1 VPN and Microsoft's L2TP/IPsec clients don't. Therefore, in most cases you'll need to configure just the respond parameter. If you have a mixture of both types of clients, enter the command twice: with one command specify the respond parameter and the other the initiate parameter.
0

Discussions similaires

le frigo ne marche pas....
Nemo6456 -
Templier Nocturne -

1 réponse
taxe foncière pour locataire
Cryséis -
irongege -

1 réponse
torrent sans VPN
lacloc45 -
madmyke -

2 réponses