VPN erreur "CRYPTO-6-IKMP_MODE_FAILURE: ..."

Bonjour,

L'erreur en entier c'est ça :
CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 62.160.XXX.XXX

Je veux faire un client pour un routeur Cisco existant. d'adresse comme ci-dessus : 62.160.XXX.XXX
Alors je lui ai mis cette config (au client VPN) :

! NVRAM config last updated at 01:02:23 CET Sat Mar 10 2018
! NVRAM config last updated at 01:02:23 CET Sat Mar 10 2018
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname C860-Paysage
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login vpn_client local
aaa authorization network vpn_client local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CET 1 0
clock summer-time CEST recurring
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3453975763
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3453975763
revocation-check none
rsakeypair TP-self-signed-3453975763
!
!
crypto pki certificate chain TP-self-signed-3453975763
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
ip source-route
!
!
!
ip dhcp pool MonDHCP
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.240
dns-server 8.8.8.8
lease 0 2
!
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
license udi pid CISCO861-K9 sn FCZ1706C2N6
!
!
username toto privilege 15 password 0 tutu
username lseclient privilege 15 password 0 Graorr
!
!
!
policy-map TSE
class class-default
!
!
crypto keyring vpnL2L
pre-shared-key address 0.0.0.0 0.0.0.0 key blabla-1
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp fragmentation
!
crypto isakmp client configuration group vpn_client
key blabla-1
pool vpn_pool
acl 120
include-local-lan
crypto isakmp profile L2L
keyring vpnL2L
match identity address 0.0.0.0
crypto isakmp profile VPNNomade
match identity group vpn_client
client authentication list vpn_client
isakmp authorization list vpn_client
client configuration address respond
!
!
crypto ipsec transform-set Strong esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile vpntunnel
set security-association lifetime seconds 120
set isakmp-profile L2L
!
!
crypto dynamic-map dynmap 10
set transform-set Strong
set isakmp-profile VPNNomade
reverse-route
!
!
crypto map dynmap 2 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 172.16.1.2 255.255.255.0
ip mtu 1440
no ip split-horizon
tunnel destination 62.160.XXX.XXX
tunnel key 100000
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description To Internet
ip address 192.168.1.240 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map dynmap
!
interface Vlan1
description to lan
ip address 192.168.2.240 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
router odr
network 172.16.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.7.0
network 192.168.8.0
!
ip local pool vpn_pool 192.168.210.1 192.168.210.50
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 110 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.15.1.0 255.255.255.0 Tunnel0
!
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.210.0 0.0.0.255
access-list 110 deny ip 192.168.2.0 0.0.0.255 192.168.210.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 10.15.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip 192.168.2.0 0.0.0.255 any
access-list 120 permit ip 192.168.2.0 0.0.0.255 192.168.210.0 0.0.0.255
access-list 150 permit tcp any eq 3389 any eq 3389
no cdp run
!
!
banner exec ^C


ET LE CISCO que je veux atteindre, il a cette config (le serveur, quoi...) :


C871-siemo#sh conf
Using 2275 out of 262136 bytes, uncompressed size = 3852 bytes
Uncompressed configuration from 2275 bytes to 3852 bytes
!
! Last configuration change at 13:27:56 CET Mon Jan 2 2006
! NVRAM config last updated at 13:28:01 CET Mon Jan 2 2006
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname C871-Toto
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$PfrL$Q9SnMsuSpuVoIZUll5eyH0
!
aaa new-model
!
!
aaa authentication login vpn_client local

aaa authorization network vpn_client local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CET 1
clock summer-time CEST recurring
!
!
ip source-route
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1533C0PL
!
!
archive
log config
hidekeys
username toto privilege 15 password 0 blabla-2
! etc...
!
!
!
class-map match-all TSE
match access-group 150
!
!
policy-map TSE
class class-default
bandwith 60
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp fragmentation
!
crypto isakmp client configuration group vpn_client
key blabla-1
pool vpn_pool
acl 120
include-local-lan
crypto isakmp profile VPNNomade
match identity group vpn_client
client authentication list vpn_client
isakmp authorization list vpn_client
client configuration address respond
!
!
crypto ipsec transform-set Strong esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile vpntunnel
set security-association lifetime seconds 120
set transform-set Strong
!
!
crypto dynamic-map dynmap 10
set transform-set Strong
set isakmp-profile VPNNomade
reverse-route
!
!
crypto map dynmap 2 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description To Internet
ip address 62.160.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe-client dial-pool-number 1
crypto map dynmap
service-policy output TSE
!
interface Vlan1
description to lan
ip address 10.43.59.240 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool vpn_pool 192.168.200.1 192.168.200.50
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 110 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 217.167.140.50
!
access-list 10 permit 10.43.59.0 0.0.0.255
access-list 110 deny ip 10.43.59.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 110 permit ip 10.43.59.0 0.0.0.255 any
access-list 120 permit ip 10.43.59.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 150 permit tcp any eq 3389 any eq 3389
!
control-plane
!
banner exec ^CCCCC
-----
-------------------------------------------------
^C
banner login ^CCCCC
-------------------------------------------------
console d'administration du Routeur
societe TOTO site
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end



et si je fais ...

C860-Paysage>en
C860-Paysage#debug crypto isakmp
Crypto ISAKMP debugging is on
C860-Paysage#ping 10.15.1.240
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.15.1.240, timeout is 2 seconds:

Mar 10 01:16:34.083: ISAKMP:(0): SA request profile is L2L
Mar 10 01:16:34.083: ISAKMP: Created a peer struct for 62.160.XXX.XXX, peer port 500
Mar 10 01:16:34.083: ISAKMP: New peer created peer = 0x8453F55C peer_handle = 0x8000000D
Mar 10 01:16:34.083: ISAKMP: Locking peer struct 0x8453F55C, refcount 1 for isakmp_initiator
Mar 10 01:16:34.083: ISAKMP: local port 500, remote port 500
Mar 10 01:16:34.083: ISAKMP: set new node 0 to QM_IDLE
Mar 10 01:16:34.087: ISAKMP:(0):insert sa successfully sa = 85FC2A60
Mar 10 01:16:34.087: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Mar 10 01:16:34.087: ISAKMP:(0):Found ADDRESS key in keyring vpnL2L
Mar 10 01:16:34.087: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Mar 10 01:16:34.087: ISAKMP:(0): constructed NAT-T vendor-07 ID
Mar 10 01:16:34.087: ISAKMP:(0): constructed NAT-T vendor-03 ID
Mar 10 01:16:34.087: ISAKMP:(0): constructed NAT-T vendor-02 ID
Mar 10 01:16:34.087: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Mar 10 01:16:34.087: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

Mar 10 01:16:34.087: ISAKMP:(0): beginning Main Mode exchange
Mar 10 01:16:34.087: ISAKMP:(0): sending packet to 62.160.XXX.XXX my_port 500 peer_port 500 (I) MM_NO_STATE
Mar 10 01:16:34.087: ISAKMP:(0):Sending an IKE IPv4 Packet.
Mar 10 01:16:34.171: ISAKMP (0): received packet from 62.160.XXX.XXX dport 500 sport 500 Global (I) MM_NO_STATE
Mar 10 01:16:34.175: ISAKMP:(0):Notify has no hash. Rejected.
Mar 10 01:16:34.175: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1
Mar 10 01:16:34.175: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Mar 10 01:16:34.175: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM1

Mar 10 01:16:34.175: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 62.160..195.169....
Success rate is 0 percent (0/5)
C860-Paysage#
Mar 10 01:16:44.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
Mar 10 01:16:44.087: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Mar 10 01:16:44.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
Mar 10 01:16:44.087: ISAKMP:(0): sending packet to 62.160.XXX.XXX my_port 500 peer_port 500 (I) MM_NO_STATE
Mar 10 01:16:44.087: ISAKMP:(0):Sending an IKE IPv4 Packet.
Mar 10 01:16:54.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
Mar 10 01:16:54.087: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Mar 10 01:16:54.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
Mar 10 01:16:54.087: ISAKMP:(0): sending packet to 62.160.XXX.XXX my_port 500 peer_port 500 (I) MM_NO_STATE
Mar 10 01:16:54.087: ISAKMP:(0):Sending an IKE IPv4 Packet.
Mar 10 01:17:04.083: ISAKMP: set new node 0 to QM_IDLE
Mar 10 01:17:04.083: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 192.168.1.240, remote 62.160.195.169)
Mar 10 01:17:04.083: ISAKMP: Error while processing SA request: Failed to initialize SA
Mar 10 01:17:04.083: ISAKMP: Error while processing KMI message 0, error 2.
Mar 10 01:17:04.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
Mar 10 01:17:04.087: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
Mar 10 01:17:04.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
Mar 10 01:17:04.087: ISAKMP:(0): sending packet to 62.160.XXX.XXX my_port 500 peer_port 500 (I) MM_NO_STATE
Mar 10 01:17:04.087: ISAKMP:(0):Sending an IKE IPv4 Packet.
Mar 10 01:17:14.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
Mar 10 01:17:14.087: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Mar 10 01:17:14.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
Mar 10 01:17:14.087: ISAKMP:(0): sending packet to 62.160.XXX.XXXmy_port 500 peer_port 500 (I) MM_NO_STATE
Mar 10 01:17:14.087: ISAKMP:(0):Sending an IKE IPv4 Packet.
Mar 10 01:17:24.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
Mar 10 01:17:24.087: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Mar 10 01:17:24.087: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
Mar 10 01:17:24.087: ISAKMP:(0): sending packet to 62.160.XXX.XXX my_port 500 peer_port 500 (I) MM_NO_STATE
Mar 10 01:17:24.087: ISAKMP:(0):Sending an IKE IPv4 Packet.

AU S'COUUUUUUUUURS !!!!!

ça fait des jours, des heures, que je fais des essais, que je cherche... rien à faire ! (j'en peux plus en fait...)

Si quelqu'un peut m'aider, ce serait super. Je ne suis pas très bon en Cisco. non. Je suis mauvais. Oui, voilà. Mais je le sais ! Et sans des sites pour aider, je pourrais rester bloqué sans jamais trouver jusqu'à la fin de ma vie.

Merci par avance !

Salut!

Christophe

<config>Windows / Internet Explorer 11.0</confi