Errore 877W e Client VPN: NO_PROPOSAL_CHOSEN
Inviato: gio 27 dic , 2007 11:02 pm
Non so più da che parte farmi, in qualsiasi modo riconfiguri il router continuo ad avere questo errore sul client:
154 22:17:48.395 12/27/07 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.2.11, GW IP = 88.61.XXX.XXX, Remote IP = 0.0.0.0
155 22:17:48.395 12/27/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 88.61.XXX.XXX
156 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 88.61.XXX.XXX
157 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 88.61.XXX.XXX
158 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=E8D5A3E1
159 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=06BBED14D8FB2472 R_Cookie=0C91CE740C58438A) reason = DEL_REASON_IKE_NEG_FAILED
Vi mostro la mia ultima configurazione, dove cerco di attivare la connessione VPN. Col client arrivo alla richiesta della password, se inserisco quella giusta ottengo l'errore che vi ho esposto.
Avete suggerimenti per questo tipo di errore?
Grazie.
154 22:17:48.395 12/27/07 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.2.11, GW IP = 88.61.XXX.XXX, Remote IP = 0.0.0.0
155 22:17:48.395 12/27/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 88.61.XXX.XXX
156 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 88.61.XXX.XXX
157 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 88.61.XXX.XXX
158 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=E8D5A3E1
159 22:17:49.407 12/27/07 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=06BBED14D8FB2472 R_Cookie=0C91CE740C58438A) reason = DEL_REASON_IKE_NEG_FAILED
Vi mostro la mia ultima configurazione, dove cerco di attivare la connessione VPN. Col client arrivo alla richiesta della password, se inserisco quella giusta ottengo l'errore che vi ho esposto.
Codice: Seleziona tutto
Using 3916 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
!
hostname T-UnicaPrimoMaggio
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 XXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
!
resource policy
!
no ip source-route
ip cef
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.3.1 192.168.3.99
!
ip dhcp pool interbusiness
network 192.168.3.0 255.255.255.0
domain-name interbusiness.it
dns-server 151.99.125.1
default-router 192.168.3.1
!
ip dhcp pool wi-fi
network 192.168.100.0 255.255.255.0
default-router 192.168.100.254
dns-server 151.99.125.2 151.99.0.100
!
!
ip domain name interbusiness.it
ip name-server 151.99.125.2
!
!
!
username unica privilege 15 secret 5 $1$9RFXXXXXXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group unica
key unica
pool SDM_POOL_1
acl 151
max-users 10
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set security-association idle-time 1800
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address initiate
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
bridge irb
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 88.PuntoAPunto 255.255.255.0
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
ip address 192.168.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
encryption key 1 size 40bit 7 FFFFFFFFFFFFF transmit-key
encryption mode wep mandatory
!
ssid UNICA
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.3.1 255.255.255.0 secondary
ip address 88.61.IP1 255.255.255.248
ip nat inside
ip virtual-reassembly
!
ip local pool SDM_POOL_1 10.10.20.1 10.10.20.10
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
no ip http secure-server
ip nat pool interbusiness 88.61.IP2 88.61.107.250 netmask 255.255.255.248
ip nat pool wi-fi 88.61.107.251 88.61.IP3 netmask 255.255.255.248
ip nat inside source list 1 pool interbusiness overload
ip nat inside source list 2 pool wi-fi overload
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 2 permit 192.168.100.0 0.0.0.255
access-list 151 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 log
no cdp run
!
!
control-plane
!
banner motd ^CC
TESTO
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
login local
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Grazie.