Problema fase 1 VPN

[nicolac]

Salve a tutti,
questo è il debug di fase 1 di una VPN che non parte:


*Jul 18 08:19:47.851: ISAKMP:(0): SA request profile is (NULL)
*Jul 18 08:19:47.851: ISAKMP: Created a peer struct for 172.25.228.30, peer port 500
*Jul 18 08:19:47.851: ISAKMP: New peer created peer = 0x653A4B74 peer_handle = 0x80000003
*Jul 18 08:19:47.851: ISAKMP: Locking peer struct 0x653A4B74, refcount 1 for isakmp_initiator
*Jul 18 08:19:47.851: ISAKMP: local port 500, remote port 500
*Jul 18 08:19:47.851: ISAKMP: set new node 0 to QM_IDLE
*Jul 18 08:19:47.851: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 65ED52C0
*Jul 18 08:19:47.855: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
*Jul 18 08:19:47.855: ISAKMP:(0):found peer pre-shared key matching 172.25.228.30
*Jul 18 08:19:47.855: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Jul 18 08:19:47.855: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Jul 18 08:19:47.855: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Jul 18 08:19:47.855: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Jul 18 08:19:47.855: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

*Jul 18 08:19:47.855: ISAKMP:(0): beginning Main Mode exchange
*Jul 18 08:19:47.855: ISAKMP:(0): sending packet to 172.25.228.30 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jul 18 08:19:47.855: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jul 18 08:19:57.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jul 18 08:19:57.855: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Jul 18 08:19:57.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jul 18 08:19:57.855: ISAKMP:(0): sending packet to 172.25.228.30 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jul 18 08:19:57.855: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jul 18 08:20:07.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jul 18 08:20:07.855: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
*Jul 18 08:20:07.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jul 18 08:20:07.855: ISAKMP:(0): sending packet to 172.25.228.30 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jul 18 08:20:07.855: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jul 18 08:20:17.851: ISAKMP: set new node 0 to QM_IDLE
*Jul 18 08:20:17.851: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.28.19.133, remote 172.25.228.30)
*Jul 18 08:20:17.851: ISAKMP: Error while processing SA request: Failed to initialize SA
*Jul 18 08:20:17.851: ISAKMP: Error while processing KMI message 0, error 2.
*Jul 18 08:20:17.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jul 18 08:20:17.855: ISAKMP (0:0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
*Jul 18 08:20:17.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jul 18 08:20:17.855: ISAKMP:(0): sending packet to 172.25.228.30 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jul 18 08:20:17.855: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jul 18 08:20:24.743: ISAKMP:(0):purging node 1576335590
*Jul 18 08:20:24.743: ISAKMP:(0):purging node 1532659718
*Jul 18 08:20:27.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jul 18 08:20:27.855: ISAKMP (0:0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
*Jul 18 08:20:27.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jul 18 08:20:27.855: ISAKMP:(0): sending packet to 172.25.228.30 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jul 18 08:20:27.855: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jul 18 08:20:34.743: ISAKMP:(0):purging SA., sa=660FC584, delme=660FC584
*Jul 18 08:20:36.779: %SEC-6-IPACCESSLOGP: list ASI-INBOUND-out denied tcp 172.25.125.1(1749) -> 172.23.255.1(80), 1 packet
*Jul 18 08:20:37.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jul 18 08:20:37.855: ISAKMP (0:0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
*Jul 18 08:20:37.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jul 18 08:20:37.855: ISAKMP:(0): sending packet to 172.25.228.30 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jul 18 08:20:37.855: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jul 18 08:20:47.855: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jul 18 08:20:47.855: ISAKMP:(0):peer does not do paranoid keepalives.

*Jul 18 08:20:47.855: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 172.25.228.30)
*Jul 18 08:20:47.855: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 172.25.228.30)
*Jul 18 08:20:47.855: ISAKMP: Unlocking peer struct 0x653A4B74 for isadb_mark_sa_deleted(), count 0
*Jul 18 08:20:47.855: ISAKMP: Deleting peer node by peer_reap for 172.25.228.30: 653A4B74
*Jul 18 08:20:47.855: ISAKMP:(0):deleting node -434447399 error FALSE reason "IKE deleted"
*Jul 18 08:20:47.855: ISAKMP:(0):deleting node -1559605861 error FALSE reason "IKE deleted"
*Jul 18 08:20:47.855: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Jul 18 08:20:47.855: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_DEST_SA

qualcuno riesce ad aiutarmi e/o a vedere se ci sono errori che impediscono il completamento della fase 1?

Grazie
Nicola

[Wizard]

Tra che apparati la stai facendo la vpn?

[nicolac]

Tra un CISCO 1841 e un linuxbox