Ciao a tutti... Ho dei problemi ad implementare una VPN IPSEC DDR tra un client MAC OS X e un 1841.
Vi riporto configurazioni e log ...
conf 1841:
version 12.4
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
!
hostname 1841
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret bla bla bla
!
aaa new-model
!
!
aaa authentication login vpn-remote-access local
aaa authorization network vpn-remote-access local
!
aaa session-id common
!
resource policy
!
no ip source-route
ip cef
!
!
!
!
ip domain name interbusiness.it
ip name-server 151.99.125.2
!
!
!
username blabla password 7 blabla
username cisco password 7 blabla
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 20 10
crypto isakmp xauth timeout 20
!
crypto isakmp client configuration group vpn-remote-access
key blablabla
dns 192.168.0.2
wins 192.168.0.2
domain bla.bla
pool remote-pool
acl 101
!
!
crypto ipsec transform-set vpntransform esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set vpntransform
reverse-route
!
!
crypto map dynamic isakmp authorization list vpn-remote-access
!
crypto map dynmap client authentication list vpn-remote-access
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 192.168.0.254 255.255.255.0 secondary
ip address xx.xx.xx.xx 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
crypto map dynmap
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description PVC verso r-pd
ip address xx.xx.xx.xx 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
vbr-nrt 640 640 1
oam-pvc manage 15
oam retry 5 5 1
encapsulation aal5snap
!
!
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
!
ip local pool remote-pool 10.0.1.100 10.0.1.150
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface ATM0/0/0.1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit ip any any
snmp-server community public RO 18
snmp-server community private RW 19
snmp-server enable traps tty
snmp-server host 192.168.0.5 private
!
tacacs-server host 151.99.126.2
tacacs-server directed-request
!
control-plane
!
line con 0
exec-timeout 120 0
stopbits 1
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 0 0
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
end
VPN Client (MAC OS X) --> 1841
Moderatore: Federico.Lagni
-
mcervaro
- n00b
- Messaggi: 24
- Iscritto il: lun 27 giu , 2005 10:44 am
- Contatta:
configurazione client
connessione a xx.xx.xx.xx
corrispondente a fa0/0
group : vpn-remote-access
key: blabla
connessione a xx.xx.xx.xx
corrispondente a fa0/0
group : vpn-remote-access
key: blabla
-
mcervaro
- n00b
- Messaggi: 24
- Iscritto il: lun 27 giu , 2005 10:44 am
- Contatta:
log client
Cisco Systems VPN Client Version 4.9.00 (0050)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Mac OS X
Running on: Darwin 8.7.1 Darwin Kernel Version 8.7.1: Wed Jun 7 16:19:56 PDT 2006; root:xnu-792.9.72.obj~2/RELEASE_I386 i386
462 12:08:51.572 08/23/2006 Sev=Info/4 CM/0x43100002
Begin connection process
463 12:08:51.573 08/23/2006 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0x0A2581FF, Src Addr: 0x0A258102 (DRVIFACE:1158).
464 12:08:51.574 08/23/2006 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet
465 12:08:51.574 08/23/2006 Sev=Info/4 CM/0x43100024
Attempt connection with server "xx.xx.xx.xx"
466 12:08:51.574 08/23/2006 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).
467 12:08:51.574 08/23/2006 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).
468 12:08:51.574 08/23/2006 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with xx.xx.xx.xx.
469 12:08:51.711 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to xx.xx.xx.xx
470 12:08:51.711 08/23/2006 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started
471 12:08:51.712 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
472 12:08:51.712 08/23/2006 Sev=Info/4 IPSEC/0x4370000D
Key(s) deleted by Interface (192.168.200.57)
473 12:08:51.795 08/23/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = xx.xx.xx.xx
474 12:08:51.795 08/23/2006 Sev=Warning/2 IKE/0xC300009B
Invalid SPI size (PayloadNotify:116)
475 12:08:51.795 08/23/2006 Sev=Info/4 IKE/0xC30000A6
Invalid payload: Stated payload length, 568, is not sufficient for Notification:(PayloadList:149)
476 12:08:51.795 08/23/2006 Sev=Warning/3 IKE/0x83000058
Received malformed message or negotiation no longer active (message id: 0x00000000)
477 12:08:57.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!
478 12:08:57.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 88.42.224.25
479 12:09:02.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!
480 12:09:02.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to xx.xx.xx.xx
481 12:09:07.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!
482 12:09:07.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to xx.xx.xx.xx
483 12:09:12.075 08/23/2006 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=4E6AC3DCA46C1C72 R_Cookie=9F9CDA3657BBB251) reason = DEL_REASON_PEER_NOT_RESPONDING
484 12:09:12.575 08/23/2006 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=4E6AC3DCA46C1C72 R_Cookie=9F9CDA3657BBB251) reason = DEL_REASON_PEER_NOT_RESPONDING
485 12:09:12.575 08/23/2006 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "xx.xx.xx.xx" because of "DEL_REASON_PEER_NOT_RESPONDING"
486 12:09:12.575 08/23/2006 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv
487 12:09:12.576 08/23/2006 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.
488 12:09:12.576 08/23/2006 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection
489 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
490 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
491 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
492 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
Cisco Systems VPN Client Version 4.9.00 (0050)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Mac OS X
Running on: Darwin 8.7.1 Darwin Kernel Version 8.7.1: Wed Jun 7 16:19:56 PDT 2006; root:xnu-792.9.72.obj~2/RELEASE_I386 i386
462 12:08:51.572 08/23/2006 Sev=Info/4 CM/0x43100002
Begin connection process
463 12:08:51.573 08/23/2006 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0x0A2581FF, Src Addr: 0x0A258102 (DRVIFACE:1158).
464 12:08:51.574 08/23/2006 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet
465 12:08:51.574 08/23/2006 Sev=Info/4 CM/0x43100024
Attempt connection with server "xx.xx.xx.xx"
466 12:08:51.574 08/23/2006 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).
467 12:08:51.574 08/23/2006 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).
468 12:08:51.574 08/23/2006 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with xx.xx.xx.xx.
469 12:08:51.711 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to xx.xx.xx.xx
470 12:08:51.711 08/23/2006 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started
471 12:08:51.712 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
472 12:08:51.712 08/23/2006 Sev=Info/4 IPSEC/0x4370000D
Key(s) deleted by Interface (192.168.200.57)
473 12:08:51.795 08/23/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = xx.xx.xx.xx
474 12:08:51.795 08/23/2006 Sev=Warning/2 IKE/0xC300009B
Invalid SPI size (PayloadNotify:116)
475 12:08:51.795 08/23/2006 Sev=Info/4 IKE/0xC30000A6
Invalid payload: Stated payload length, 568, is not sufficient for Notification:(PayloadList:149)
476 12:08:51.795 08/23/2006 Sev=Warning/3 IKE/0x83000058
Received malformed message or negotiation no longer active (message id: 0x00000000)
477 12:08:57.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!
478 12:08:57.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 88.42.224.25
479 12:09:02.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!
480 12:09:02.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to xx.xx.xx.xx
481 12:09:07.075 08/23/2006 Sev=Info/4 IKE/0x43000021
Retransmitting last packet!
482 12:09:07.075 08/23/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (Retransmission) to xx.xx.xx.xx
483 12:09:12.075 08/23/2006 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=4E6AC3DCA46C1C72 R_Cookie=9F9CDA3657BBB251) reason = DEL_REASON_PEER_NOT_RESPONDING
484 12:09:12.575 08/23/2006 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=4E6AC3DCA46C1C72 R_Cookie=9F9CDA3657BBB251) reason = DEL_REASON_PEER_NOT_RESPONDING
485 12:09:12.575 08/23/2006 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "xx.xx.xx.xx" because of "DEL_REASON_PEER_NOT_RESPONDING"
486 12:09:12.575 08/23/2006 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv
487 12:09:12.576 08/23/2006 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.
488 12:09:12.576 08/23/2006 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection
489 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
490 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
491 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
492 12:09:12.615 08/23/2006 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
