CiscoForums.it

Cisco Users Group
https://ciscoforums.it/

VPN Client (MAC OS X) --> 1841

https://ciscoforums.it/viewtopic.php?f=16&t=3021

Pagina 1 di 1

VPN Client (MAC OS X) --> 1841

Inviato: mer 23 ago , 2006 11:08 am
da mcervaro
Ciao a tutti... Ho dei problemi ad implementare una VPN IPSEC DDR tra un client MAC OS X e un 1841.

Vi riporto configurazioni e log ...

conf 1841:

version 12.4
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
!
hostname 1841
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret bla bla bla
!
aaa new-model
!
!
aaa authentication login vpn-remote-access local
aaa authorization network vpn-remote-access local
!
aaa session-id common
!
resource policy
!
no ip source-route
ip cef
!
!
!
!
ip domain name interbusiness.it
ip name-server 151.99.125.2
!
!
!
username blabla password 7 blabla
username cisco password 7 blabla
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 20 10
crypto isakmp xauth timeout 20

!
crypto isakmp client configuration group vpn-remote-access
key blablabla
dns 192.168.0.2
wins 192.168.0.2
domain bla.bla
pool remote-pool
acl 101
!
!
crypto ipsec transform-set vpntransform esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set vpntransform
reverse-route
!
!
crypto map dynamic isakmp authorization list vpn-remote-access
!
crypto map dynmap client authentication list vpn-remote-access
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 192.168.0.254 255.255.255.0 secondary
ip address xx.xx.xx.xx 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
crypto map dynmap
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description PVC verso r-pd
ip address xx.xx.xx.xx 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
vbr-nrt 640 640 1
oam-pvc manage 15
oam retry 5 5 1
encapsulation aal5snap
!
!
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
!
ip local pool remote-pool 10.0.1.100 10.0.1.150
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface ATM0/0/0.1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit ip any any
snmp-server community public RO 18
snmp-server community private RW 19
snmp-server enable traps tty
snmp-server host 192.168.0.5 private
!
tacacs-server host 151.99.126.2
tacacs-server directed-request
!
control-plane
!
line con 0
exec-timeout 120 0
stopbits 1
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 0 0
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
end

Inviato: mer 23 ago , 2006 11:09 am
da mcervaro
configurazione client

connessione a xx.xx.xx.xx
corrispondente a fa0/0

group : vpn-remote-access
key: blabla

Inviato: mer 23 ago , 2006 11:12 am
da mcervaro
log client

Cisco Systems VPN Client Version 4.9.00 (0050)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Mac OS X
Running on: Darwin 8.7.1 Darwin Kernel Version 8.7.1: Wed Jun 7 16:19:56 PDT 2006; root:xnu-792.9.72.obj~2/RELEASE_I386 i386

462 12:08:51.572 08/23/2006 Sev=Info/4 CM/0x43100002
Begin connection process

463 12:08:51.573 08/23/2006 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0x0A2581FF, Src Addr: 0x0A258102 (DRVIFACE:1158).

464 12:08:51.574 08/23/2006 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet

465 12:08:51.574 08/23/2006 Sev=Info/4 CM/0x43100024
Attempt connection with server "xx.xx.xx.xx"

466 12:08:51.574 08/23/2006 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).

467 12:08:51.574 08/23/2006 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).

468 12:08:51.574 08/23/2006 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with xx.xx.xx.xx.

469 12:08:51.711 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to xx.xx.xx.xx

470 12:08:51.711 08/23/2006 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started

471 12:08:51.712 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

472 12:08:51.712 08/23/2006 Sev=Info/4 IPSEC/0x4370000D
Key(s) deleted by Interface (192.168.200.57)

473 12:08:51.795 08/23/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = xx.xx.xx.xx

474 12:08:51.795 08/23/2006 Sev=Warning/2 IKE/0xC300009B
Invalid SPI size (PayloadNotify:116)

475 12:08:51.795 08/23/2006 Sev=Info/4 IKE/0xC30000A6
Invalid payload: Stated payload length, 568, is not sufficient for Notification:(PayloadList:149)

476 12:08:51.795 08/23/2006 Sev=Warning/3 IKE/0x83000058
Received malformed message or negotiation no longer active (message id: 0x00000000)

477 12:08:57.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!

478 12:08:57.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 88.42.224.25

479 12:09:02.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!

480 12:09:02.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to xx.xx.xx.xx

481 12:09:07.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!

482 12:09:07.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to xx.xx.xx.xx

483 12:09:12.075 08/23/2006 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=4E6AC3DCA46C1C72 R_Cookie=9F9CDA3657BBB251) reason = DEL_REASON_PEER_NOT_RESPONDING

484 12:09:12.575 08/23/2006 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=4E6AC3DCA46C1C72 R_Cookie=9F9CDA3657BBB251) reason = DEL_REASON_PEER_NOT_RESPONDING

485 12:09:12.575 08/23/2006 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "xx.xx.xx.xx" because of "DEL_REASON_PEER_NOT_RESPONDING"

486 12:09:12.575 08/23/2006 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv

487 12:09:12.576 08/23/2006 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.

488 12:09:12.576 08/23/2006 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection

489 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

490 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

491 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

492 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
Tutti gli orari sono UTC+01:00
Pagina 1 di 1

Creato da phpBB® Forum Software © phpBB Limited

Traduzione Italiana phpBB-Store.it