secure.boy
Limp Gawd
- Joined
- Oct 22, 2007
- Messages
- 474
i have problem with l2tp lns,
i tried different guides but no luck,
can some body help me
i tried different guides but no luck,
can some body help me
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Router#sh runn
Building configuration...
Current configuration : 1494 bytes
!
! Last configuration change at 09:57:32 UTC Sun Nov 22 2009
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login LOCAL_DB local
!
!
!
!
!
aaa session-id common
!
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
username test password 0 test
!
redundancy
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group HOME
key test
pool CLIENT_ADDRESSES
!
!
crypto ipsec transform-set TEST_SET esp-aes esp-sha-hmac
!
crypto dynamic-map CLIENT_MAP 1
set transform-set TEST_SET
reverse-route
!
!
crypto map TEST_VPN client authentication list LOCAL_DB
crypto map TEST_VPN isakmp authorization list LOCAL_DB
crypto map TEST_VPN client configuration address respond
crypto map TEST_VPN 100 ipsec-isakmp dynamic CLIENT_MAP
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
crypto map TEST_VPN
!
!
interface FastEthernet0/1
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
!
ip local pool CLIENT_ADDRESSES 172.30.50.10 172.30.50.20
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
ip route 0.0.0.0 0.0.0.0 192.168.2.254
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
end
Router#
*Nov 22 10:11:58.679: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 19end 1
Router#debug crypto isakmp
Crypto ISAKMP debugging is on
Router#
*Nov 22 10:12:42.039: ISAKMP (0): received packet from 192.168.2.11 dport 500 sport 4392 Global (N) NEW SA
*Nov 22 10:12:42.039: ISAKMP: Created a peer struct for 192.168.2.11, peer port 4392
*Nov 22 10:12:42.039: ISAKMP: New peer created peer = 0x65B56D70 peer_handle = 0x80000006
*Nov 22 10:12:42.039: ISAKMP: Locking peer struct 0x65B56D70, refcount 1 for crypto_isakmp_process_block
*Nov 22 10:12:42.039: ISAKMP:(0):Setting client config settings 66087E84
*Nov 22 10:12:42.039: ISAKMP:(0):(Re)Setting client xauth list and state
*Nov 22 10:12:42.039: ISAKMP/xauth: initializing AAA request
*Nov 22 10:12:42.043: ISAKMP: local port 500, remote port 4392
*Nov 22 10:12:42.043: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 67090EF8
*Nov 22 10:12:42.043: ISAKMP:(0): processing SA payload. message ID = 0
*Nov 22 10:12:42.043: ISAKMP:(0): processing ID payload. message ID = 0
*Nov 22 10:12:42.043: ISAKMP (0): ID payload
next-payload : 13
type : 11
group id : test
protocol : 17
port : 500
length : 12
*Nov 22 10:12:42.043: ISAKMP:(0):: peer matches *none* of the profiles
*Nov 22 10:12:42.043: ISAKMP:(0): processing vendor id payload
*Nov 22 10:12:42.043: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch
*Nov 22 10:12:42.043: ISAKMP:(0): vendor ID is XAUTH
*Nov 22 10:12:42.043: ISAKMP:(0): processing vendor id payload
*Nov 22 10:12:42.043: ISAKMP:(0): vendor ID is DPD
*Nov 22 10:12:42.043: ISAKMP:(0): processing vendor id payload
*Nov 22 10:12:42.043: ISAKMP:(0): vendor ID is Unity
*Nov 22 10:12:42.043: ISAKMP:(0): Authentication by xauth preshared
*Nov 22 10:12:42.043: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Nov 22 10:12:42.047: ISAKMP: encryption AES-CBC
*Nov 22 10:12:42.047: ISAKMP: hash SHA
*Nov 22 10:12:42.047: ISAKMP: default group 2
*Nov 22 10:12:42.047: ISAKMP: auth XAUTHInitPreShared
*Nov 22 10:12:42.047: ISAKMP: life type in seconds
*Nov 22 10:12:42.047: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 22 10:12:42.047: ISAKMP: keylength of 256
*Nov 22 10:12:42.047: ISAKMP:(0):Proposed key length does not match policy
*Nov 22 10:12:42.047: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Nov 22 10:12:42.047: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
*Nov 22 10:12:42.047: ISAKMP: encryption AES-CBC
*Nov 22 10:12:42.047: ISAKMP: hash MD5
*Nov 22 10:12:42.047: ISAKMP: default group 2
*Nov 22 10:12:42.047: ISAKMP: auth XAUTHInitPreShared
*Nov 22 10:12:42.047: ISAKMP: life type in seconds
*Nov 22 10:12:42.047: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 22 10:12:42.047: ISAKMP: keylength of 256
*Nov 22 10:12:42.047: ISAKMP:(0):Hash algorithm offered does not match policy!
*Nov 22 10:12:42.047: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Nov 22 10:12:42.047: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy
*Nov 22 10:12:42.047: ISAKMP: encryption AES-CBC
*Nov 22 10:12:42.047: ISAKMP: hash SHA
*Nov 22 10:12:42.047: ISAKMP: default group 2
*Nov 22 10:12:42.047: ISAKMP: auth pre-share
*Nov 22 10:12:42.047: ISAKMP: life type in seconds
*Nov 22 10:12:42.047: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 22 10:12:42.047: ISAKMP: keylength of 256
*Nov 22 10:12:42.047: ISAKMP:(0):Proposed key length does not match policy
*Nov 22 10:12:42.047: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Nov 22 10:12:42.047: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy
*Nov 22 10:12:42.047: ISAKMP: encryption AES-CBC
*Nov 22 10:12:42.047: ISAKMP: hash MD5
*Nov 22 10:12:42.047: ISAKMP: default group 2
*Nov 22 10:12:42.047: ISAKMP: auth pre-share
*Nov 22 10:12:42.047: ISAKMP: life type in seconds
*Nov 22 10:12:42.047: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 22 10:12:42.047: ISAKMP: keylength of 256
*Nov 22 10:12:42.047: ISAKMP:(0):Hash algorithm offered does not match policy!
*Nov 22 10:12:42.047: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Nov 22 10:12:42.047: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy
*Nov 22 10:12:42.047: ISAKMP: encryption AES-CBC
*Nov 22 10:12:42.047: ISAKMP: hash SHA
*Nov 22 10:12:42.047: ISAKMP: default group 2
*Nov 22 10:12:42.047: ISAKMP: auth XAUTHInitPreShared
*Nov 22 10:12:42.047: ISAKMP: life type in seconds
*Nov 22 10:12:42.047: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 22 10:12:42.051: ISAKMP: keylength of 128
*Nov 22 10:12:42.051: ISAKMP:(0):atts are acceptable. Next payload is 3
*Nov 22 10:12:42.051: ISAKMP:(0):Acceptable atts:actual life: 86400
*Nov 22 10:12:42.051: ISAKMP:(0):Acceptable atts:life: 0
*Nov 22 10:12:42.051: ISAKMP:(0):Fill atts in sa vpi_length:4
*Nov 22 10:12:42.051: ISAKMP:(0):Fill atts in sa life_in_seconds:2147483
*Nov 22 10:12:42.051: ISAKMP:(0):Returning Actual lifetime: 86400
*Nov 22 10:12:42.051: ISAKMP:(0)::Started lifetime timer: 86400.
*Nov 22 10:12:42.051: ISAKMP:(0): processing KE payload. message ID = 0
*Nov 22 10:12:42.123: ISAKMP:(0): processing NONCE payload. message ID = 0
*Nov 22 10:12:42.123: ISAKMP:(0):peer does not do paranoid keepalives.
*Nov 22 10:12:42.123: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 192.168.2.11)
*Nov 22 10:12:42.123: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
*Nov 22 10:12:42.123: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Nov 22 10:12:42.123: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
*Nov 22 10:12:42.123: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 192.168.2.11)
*Nov 22 10:12:42.123: ISAKMP: Unlocking peer struct 0x65B56D70 for isadb_mark_sa_deleted(), count 0
*Nov 22 10:12:42.127: ISAKMP: Deleting peer node by peer_reap for 192.168.2.11: 65B56D70
*Nov 22 10:12:42.127: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Nov 22 10:12:42.127: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
*Nov 22 10:12:47.171: ISAKMP (0): received packet from 192.168.2.11 dport 500 sport 4392 Global (R) MM_NO_STATE
*Nov 22 10:12:52.175: ISAKMP (0): received packet from 192.168.2.11 dport 500 sport 4392 Global (R) MM_NO_STATE
*Nov 22 10:12:57.171: ISAKMP (0): received packet from 192.168.2.11 dport 500 sport 4392 Global (R) MM_NO_STATE
*Nov 22 10:12:58.679: ISAKMP:(0):purging SA., sa=65B55E98, delme=65B55E98
*Nov 22 10:13:12.411: ISAKMP:(0):purging SA., sa=65C55A70, delme=65C55A70
Router#