|
|
|
|
| Компьютерный форум OSzone.net » Железо » Сетевое оборудование » Cisco - Cisco - ipsec vpn - ISA |
|
|
Cisco - Cisco - ipsec vpn - ISA
|
Сообщения: 526 |
Добрый день.
Появилась задача - седалть vpn ipsec тунель между двумя офисами. В Главном стоит ISA Server 2006 на Windows Server 2003 r2 В Branch офисе стоит Cisco 871. Конфиг с Cisco ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname emwhgt01 ! boot-start-marker boot-end-marker ! logging message-counter syslog no logging buffered enable password service ! aaa new-model ! ! ! ! aaa session-id common clock timezone Moscow 3 clock summer-time Moscow date Mar 30 2003 2:00 Oct 26 2003 3:00 ! crypto pki trustpoint TP-self-signed-1042110583 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1042110583 revocation-check none rsakeypair TP-self-signed-1042110583 ! ! crypto pki certificate chain TP-self-signed-1042110583 certificate self-signed 01 nvram:IOS-Self-Sig#11.cer dot11 syslog ip source-route no ip dhcp use vrf connected ip dhcp excluded-address 171.10.2.1 171.10.2.10 ip dhcp excluded-address 171.10.2.231 171.10.2.254 ! ip dhcp pool branch import all network 171.10.2.0 255.255.255.0 domain-name emviko.ru dns-server 171.10.2.251 171.10.1.251 default-router 171.10.2.254 lease 8 ! ! ip cef ip domain name emviko.ru ip name-server 192.168.104.98 ip name-server 171.10.2.251 ip name-server 171.10.1.251 ntp server 82.98.86.179 prefer source Vlan1 ! ! ! ! username root privilege 15 password 0 service ! ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 lifetime 28800 crypto isakmp key 12345 address office ip ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-MD5-SHA esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel tooffice set peer office ip set security-association lifetime kilobytes 10000 set security-association idle-time 3600 set transform-set ESP-MD5-SHA match address 102 ! archive log config hidekeys ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip address branch ip 255.255.255.0 ip virtual-reassembly speed auto half-duplex crypto map SDM_CMAP_1 ! interface Vlan1 ip address 192.168.104.254 255.255.255.0 ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 branch gate ip route 171.10.1.0 255.255.255.0 vlan1 ip http server ip http secure-server ! ! access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.104.0 0.0.0.255 171.10.1.0 0.0.0.255 access-list 101 remark SDM_ACL Category=4 access-list 101 remark IPSec Rule access-list 101 permit ip 192.168.104.0 0.0.0.255 171.10.1.0 0.0.0.255 access-list 102 remark SDM_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 192.168.104.0 0.0.0.255 171.10.1.0 0.0.0.255 access-list 110 remark SDM_ACL Category=18 access-list 110 remark IPSec Rule access-list 110 deny ip 192.168.104.0 0.0.0.255 171.10.1.0 0.0.0.255 access-list 110 deny ip 192.168.104.0 0.0.0.255 any ! ! ! route-map nonat permit 10 match ip address 110 ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 password sservice transport input telnet ssh ! scheduler max-task-time 5000 end Sh ver с Cisco emwhgt01#sh ver Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Sat 20-Jun-09 02:20 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE emwhgt01 uptime is 2 days, 19 hours, 9 minutes System returned to ROM by reload at 16:32:13 Moscow Fri Oct 9 2009 System image file is "flash:c870-advsecurityk9-mz.124-24.t1.bin" Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 871 (MPC8272) processor (revision 0x300) with 118784K/12288K bytes of memory. Processor board ID FCZ122910CA MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10 5 FastEthernet interfaces 128K bytes of non-volatile configuration memory. 24576K bytes of processor board System flash (Intel Strataflash) Configuration register is 0x2102 Настройки с ISA Server Local Tunnel Endpoint: Office IP Remote Tunnel Endpoint: Branch IP To allow HTTP proxy or NAT traffic to the remote site, the remote site configuration must contain the local site tunnel end-point IP address. IKE Phase I Parameters: Mode: Main mode Encryption: 3DES Integrity: MD5 Diffie-Hellman group: Group 2 (1024 bit) Authentication Method: Pre-shared secret (12345) Security Association Lifetime: 28800 seconds IKE Phase II Parameters: Mode: ESP tunnel mode Encryption: 3DES Integrity: MD5 Perfect Forward Secrecy: OFF Diffie-Hellman group: Group 2 (1024 bit) Time Rekeying: ON Security Association Lifetime: 3600 seconds Kbyte Rekeying: ON Rekey After Sending: 100000 Kbytes Remote Network 'EMWH' IP Subnets: Subnet: 192.168.104.0/255.255.255.0 Local Network 'Internal' IP Subnets: Subnet: 171.10.1.0/255.255.255.0 Логи с Cisco *Oct 12 08:50:44.147: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (N) NEW SA *Oct 12 08:50:44.147: ISAKMP: Created a peer struct for office ip, peer port 500 *Oct 12 08:50:44.147: ISAKMP: New peer created peer = 0x8440DA30 peer_handle = 0x80000008 *Oct 12 08:50:44.147: ISAKMP: Locking peer struct 0x8440DA30, refcount 1 for crypto_isakmp_process_block *Oct 12 08:50:44.147: ISAKMP: local port 500, remote port 500 *Oct 12 08:50:44.147: ISAKMP  0):insert sa successfully sa = 84630040*Oct 12 08:50:44.147: ISAKMP 0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Oct 12 08:50:44.147: ISAKMP 0):Old State = IKE_READY New State = IKE_R_MM1*Oct 12 08:50:44.147: ISAKMP 0): processing SA payload. message ID = 0 *Oct 12 08:50:44.147: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.147: ISAKMP 0): processing IKE frag vendor id payload*Oct 12 08:50:44.147: ISAKMP 0):Support for IKE Fragmentation not enabled*Oct 12 08:50:44.147: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.147: ISAKMP 0): vendor ID seems Unity/DPD but major 194 mismatch*Oct 12 08:50:44.147: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.147: ISAKMP 0): vendor ID seems Unity/DPD but major 123 mismatch*Oct 12 08:50:44.151: ISAKMP 0): vendor ID is NAT-T v2*Oct 12 08:50:44.151: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.151: ISAKMP 0): vendor ID seems Unity/DPD but major 184 mismatch*Oct 12 08:50:44.151: ISAKMP 0):found peer pre-shared key matching office ip*Oct 12 08:50:44.151: ISAKMP 0): local preshared key found*Oct 12 08:50:44.151: ISAKMP : Scanning profiles for xauth ... *Oct 12 08:50:44.151: ISAKMP 0):Checking ISAKMP transform 1 against priority 1 policy*Oct 12 08:50:44.151: ISAKMP: encryption 3DES-CBC *Oct 12 08:50:44.151: ISAKMP: hash MD5 *Oct 12 08:50:44.151: ISAKMP: default group 2 *Oct 12 08:50:44.151: ISAKMP: auth pre-share *Oct 12 08:50:44.151: ISAKMP: life type in seconds *Oct 12 08:50:44.151: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Oct 12 08:50:44.151: ISAKMP 0):atts are acceptable. Next payload is 0*Oct 12 08:50:44.151: ISAKMP 0):Acceptable atts:actual life: 0*Oct 12 08:50:44.151: ISAKMP 0):Acceptable atts:life: 0*Oct 12 08:50:44.151: ISAKMP 0):Fill atts in sa vpi_length:4*Oct 12 08:50:44.151: ISAKMP 0):Fill atts in sa life_in_seconds:28800*Oct 12 08:50:44.151: ISAKMP 0):Returning Actual lifetime: 28800*Oct 12 08:50:44.151: ISAKMP 0)::Started lifetime timer: 28800.*Oct 12 08:50:44.151: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.151: ISAKMP 0): processing IKE frag vendor id payload*Oct 12 08:50:44.151: ISAKMP 0):Support for IKE Fragmentation not enabled*Oct 12 08:50:44.151: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.151: ISAKMP 0): vendor ID seems Unity/DPD but major 194 mismatch*Oct 12 08:50:44.151: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.151: ISAKMP 0): vendor ID seems Unity/DPD but major 123 mismatch*Oct 12 08:50:44.151: ISAKMP 0): vendor ID is NAT-T v2*Oct 12 08:50:44.155: ISAKMP 0): processing vendor id payload*Oct 12 08:50:44.155: ISAKMP 0): vendor ID seems Unity/DPD but major 184 mismatch*Oct 12 08:50:44.155: ISAKMP 0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE*Oct 12 08:50:44.155: ISAKMP 0):Old State = IKE_R_MM1 New State = IKE_R_MM1*Oct 12 08:50:44.155: ISAKMP 0): constructed NAT-T vendor-02 ID*Oct 12 08:50:44.155: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 12 08:50:44.155: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 12 08:50:44.155: ISAKMP 0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE*Oct 12 08:50:44.155: ISAKMP 0):Old State = IKE_R_MM1 New State = IKE_R_MM2*Oct 12 08:50:45.239: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 12 08:50:45.239: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 12 08:50:45.239: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 12 08:50:45.739: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 12 08:50:45.739: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Oct 12 08:50:45.739: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 12 08:50:45.739: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 12 08:50:45.739: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 12 08:50:47.227: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 12 08:50:47.227: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 12 08:50:47.227: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 12 08:50:47.727: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 12 08:50:47.727: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Oct 12 08:50:47.727: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 12 08:50:47.727: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 12 08:50:47.727: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 12 08:50:51.227: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 12 08:50:51.227: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 12 08:50:51.227: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 12 08:50:51.727: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 12 08:50:51.727: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Oct 12 08:50:51.727: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 12 08:50:51.727: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 12 08:50:51.727: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 12 08:50:59.231: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 12 08:50:59.231: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 12 08:50:59.231: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 12 08:50:59.731: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 12 08:50:59.731: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Oct 12 08:50:59.731: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 12 08:50:59.731: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 12 08:50:59.731: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 12 08:51:09.731: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 12 08:51:09.731: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Oct 12 08:51:09.731: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 12 08:51:09.731: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 12 08:51:09.731: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 12 08:51:15.235: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 12 08:51:15.235: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 12 08:51:15.235: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 12 08:51:15.735: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 12 08:51:15.735: ISAKMP 0):peer does not do paranoid keepalives.*Oct 12 08:51:15.735: ISAKMP 0):deleting SA reason "Death by retransmission P1" state (R) MM_SA_SETUP (peer office ip)*Oct 12 08:51:15.735: ISAKMP 0):deleting SA reason "Death by retransmission P1" state (R) MM_SA_SETUP (peer office ip)*Oct 12 08:51:15.735: ISAKMP: Unlocking peer struct 0x8440DA30 for isadb_mark_sa_deleted(), count 0 *Oct 12 08:51:15.735: ISAKMP: Deleting peer node by peer_reap for office ip: 8440DA30 *Oct 12 08:51:15.735: ISAKMP 0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL*Oct 12 08:51:15.735: ISAKMP 0):Old State = IKE_R_MM2 New State = IKE_DEST_SA*Oct 12 08:51:15.735: IPSEC(key_engine): got a queue event with 1 KMI message(s) |
|
|
------- Отправлено: 12:39, 12-10-2009 |
|
Сообщения: 526
|
Профиль | Сайт | Отправить PM | Цитировать kim-aa, Команда show ip interface brief недоступна.
|
|
------- Отправлено: 10:02, 14-10-2009 | #11 |
Назгул Сообщения: 2633
|
Профиль | Отправить PM | Цитировать Цитата Aleksey Potapov:
В книге "Проектирование виртуальных частных сетей в среде Windows 2000" Есть пример соединения Win 2000 и Cisco 8xx Там acl должен включать не только прямой трафик, но и обратный, т. к. криптокарта не только шифрует, но и расшифровывает должно быть так access-list 102 permit ip 192.168.104.0 0.0.0.255 171.10.1.0 0.0.0.255 access-list 102 permit ip 171.10.1.0 0.0.0.255 192.168.104.0 0.0.0.255 --- Проверить ACL можно либо show run либо show access-list |
|
|
------- Отправлено: 10:48, 15-10-2009 | #12 |
|
Сообщения: 526
|
Профиль | Сайт | Отправить PM | Цитировать Поправил
emwhgt01#sh access-lists Extended IP access list 110 10 permit ip 192.168.104.0 0.0.0.255 171.10.1.0 0.0.0.255 20 permit ip 171.10.1.0 0.0.0.255 192.168.104.0 0.0.0.255 30 deny ip 192.168.104.0 0.0.0.255 any Тунель не поднимается - вторая фаза не проходит. |
|
------- Последний раз редактировалось Aleksey Potapov, 16-10-2009 в 11:19. Отправлено: 10:18, 16-10-2009 | #13 |
|
Назгул Сообщения: 2633
|
Профиль | Отправить PM | Цитировать Цитата Aleksey Potapov:
2) А что ISA говорит? |
|
|
------- Отправлено: 11:42, 19-10-2009 | #14 |
|
Сообщения: 526
|
Профиль | Сайт | Отправить PM | Цитировать Мысли ещё есть ?
|
|
------- Отправлено: 09:19, 22-10-2009 | #15 |
|
Сообщения: 526
|
Профиль | Сайт | Отправить PM | Цитировать *Oct 16 23:30:42.175: ISAKMP (0): received packet from office ip dport 500 s port 500 Global (N) NEW SA
*Oct 16 23:30:42.175: ISAKMP: Created a peer struct for office ip, peer port 500 *Oct 16 23:30:42.175: ISAKMP: New peer created peer = 0x8445CB5C peer_handle = 0 x80000002 *Oct 16 23:30:42.175: ISAKMP: Locking peer struct 0x8445CB5C, refcount 1 for cry pto_isakmp_process_block *Oct 16 23:30:42.175: ISAKMP: local port 500, remote port 500 *Oct 16 23:30:42.175: ISAKMP 0):insert sa successfully sa = 8445CEC0*Oct 16 23:30:42.179: ISAKMP 0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Oct 16 23:30:42.179: ISAKMP 0):Old State = IKE_READY New State = IKE_R_MM1*Oct 16 23:30:42.179: ISAKMP 0): processing SA payload. message ID = 0*Oct 16 23:30:42.179: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.179: ISAKMP 0): processing IKE frag vendor id payload*Oct 16 23:30:42.179: ISAKMP 0):Support for IKE Fragmentation not enabled*Oct 16 23:30:42.179: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.179: ISAKMP 0): vendor ID seems Unity/DPD but major 194 mismat ch*Oct 16 23:30:42.179: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.179: ISAKMP 0): vendor ID seems Unity/DPD but major 123 mismat ch*Oct 16 23:30:42.179: ISAKMP 0): vendor ID is NAT-T v2*Oct 16 23:30:42.179: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.179: ISAKMP 0): vendor ID seems Unity/DPD but major 184 mismat ch*Oct 16 23:30:42.179: ISAKMP 0):found peer pre-shared key matching 81.211.32.16 3*Oct 16 23:30:42.179: ISAKMP 0): local preshared key found*Oct 16 23:30:42.179: ISAKMP : Scanning profiles for xauth ... *Oct 16 23:30:42.179: ISAKMP 0):Checking ISAKMP transform 1 against priority 1 policy*Oct 16 23:30:42.179: ISAKMP: encryption 3DES-CBC *Oct 16 23:30:42.183: ISAKMP: hash MD5 *Oct 16 23:30:42.183: ISAKMP: default group 2 *Oct 16 23:30:42.183: ISAKMP: auth pre-share *Oct 16 23:30:42.183: ISAKMP: life type in seconds *Oct 16 23:30:42.183: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Oct 16 23:30:42.183: ISAKMP 0):atts are acceptable. Next payload is 0*Oct 16 23:30:42.183: ISAKMP 0):Acceptable atts:actual life: 0*Oct 16 23:30:42.183: ISAKMP 0):Acceptable atts:life: 0*Oct 16 23:30:42.183: ISAKMP 0):Fill atts in sa vpi_length:4*Oct 16 23:30:42.183: ISAKMP 0):Fill atts in sa life_in_seconds:28800*Oct 16 23:30:42.183: ISAKMP 0):Returning Actual lifetime: 28800*Oct 16 23:30:42.183: ISAKMP 0)::Started lifetime timer: 28800.*Oct 16 23:30:42.183: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.183: ISAKMP 0): processing IKE frag vendor id payload*Oct 16 23:30:42.183: ISAKMP 0):Support for IKE Fragmentation not enabled*Oct 16 23:30:42.183: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.183: ISAKMP 0): vendor ID seems Unity/DPD but major 194 mismat ch*Oct 16 23:30:42.183: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.183: ISAKMP 0): vendor ID seems Unity/DPD but major 123 mismat ch*Oct 16 23:30:42.183: ISAKMP 0): vendor ID is NAT-T v2*Oct 16 23:30:42.183: ISAKMP 0): processing vendor id payload*Oct 16 23:30:42.183: ISAKMP 0): vendor ID seems Unity/DPD but major 184 mismat ch*Oct 16 23:30:42.183: ISAKMP 0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MOD E*Oct 16 23:30:42.183: ISAKMP 0):Old State = IKE_R_MM1 New State = IKE_R_MM1*Oct 16 23:30:42.187: ISAKMP 0): constructed NAT-T vendor-02 ID*Oct 16 23:30:42.187: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 16 23:30:42.187: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 16 23:30:42.187: ISAKMP 0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE*Oct 16 23:30:42.187: ISAKMP 0):Old State = IKE_R_MM1 New State = IKE_R_MM2*Oct 16 23:30:43.215: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 16 23:30:43.219: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 16 23:30:43.219: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 16 23:30:43.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 16 23:30:43.719: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Oct 16 23:30:43.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 16 23:30:43.719: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 16 23:30:43.719: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 16 23:30:45.215: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 16 23:30:45.215: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 16 23:30:45.215: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 16 23:30:45.715: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 16 23:30:45.715: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Oct 16 23:30:45.715: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 16 23:30:45.715: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 16 23:30:45.715: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 16 23:30:49.215: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 16 23:30:49.215: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 16 23:30:49.215: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 16 23:30:49.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 16 23:30:49.719: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Oct 16 23:30:49.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 16 23:30:49.719: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 16 23:30:49.719: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 16 23:30:57.219: ISAKMP (0): received packet from office ip dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 16 23:30:57.219: ISAKMP 0): phase 1 packet is a duplicate of a previous packet.*Oct 16 23:30:57.219: ISAKMP 0): retransmitting due to retransmit phase 1*Oct 16 23:30:57.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 16 23:30:57.719: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Oct 16 23:30:57.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 16 23:30:57.719: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 16 23:30:57.719: ISAKMP 0):Sending an IKE IPv4 Packet.*Oct 16 23:31:07.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP...*Oct 16 23:31:07.719: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Oct 16 23:31:07.719: ISAKMP 0): retransmitting phase 1 MM_SA_SETUP*Oct 16 23:31:07.719: ISAKMP 0): sending packet to office ip my_port 500 peer_port 500 (R) MM_SA_SETUP*Oct 16 23:31:07.719: ISAKMP 0):Sending an IKE IPv4 Packet. |
|
------- Отправлено: 13:16, 27-10-2009 | #16 |
|
Участник сейчас на форуме |
 |
Участник вне форума |
 |
Автор темы |
 |
Сообщение прикреплено |
| |||||
| Название темы | Автор | Информация о форуме | Ответов | Последнее сообщение | |
| Cisco - VPN IPSEC | Aleksey Potapov | Сетевое оборудование | 4 | 08-12-2008 00:13 | |
| VPN на FreeBSD через ipsec и ADSL | some-bastardo | Программное обеспечение Linux и FreeBSD | 2 | 14-10-2008 17:28 | |
| VPN - Cisco PIX - Internet - ISA Server - Cisco PIX VPN | rrew | Сетевое оборудование | 0 | 26-09-2008 09:31 | |
| Cisco - Cisco 871 и издевательства над l2tp+\- Ipsec | Gudy | Сетевое оборудование | 0 | 06-08-2008 19:54 | |
| Cisco - ISA 2004 не хочет дружить с cisco 851 через IPsec | Gudy | Сетевое оборудование | 26 | 15-11-2007 16:33 | |
|
|
Время: 00:56. | © OSzone.net 2001-
|
|
Powered by: vBulletin Copyright ©2000 - 2024, Jelsoft Enterprises Ltd. |
