Salve a tutti inizio con il dire che sono un vostro appassionato lettore in quanto siete una fonte inesauribile di consigli.Detto ciò avrei bisogno di un consiglio su questa conf.
L'obiettivo è far connettere un pc con win xp sp2 da una sede remota su cui è installato il sw cisco VPN client ver. 5.0.04.0300 verso una LAN dove il VPN server è il router cisco 1801. La prova che io faccio dal client al router prevede l'impiego di un modem a 56k mentre a regime le sedi remote avranno una linea adsl senza ip pubblico statico.
Vi allego sia la conf del router
Current configuration : 5474 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret xxxxxxxxxxxxxxxxxxxxxxxxx.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization exec default local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3348418481
enrollment selfsigned
ip-address admission max-nodata-conns 3
subject-name cn=IOS-Self-Signed-Certificate-3348418481
revocation-check none
rsakeypair TP-self-signed-3348418481
!
!
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username xxxxx privilege 15 secret xxxxxxxxxxxxxxxxxxxxx
username xxxxxx password 7 xxxxxxxxxxxx
!
crypto logging session
!
crypto isakmp policy 8
authentication pre-share
group 2
!
crypto isakmp policy 9
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 3600
!
crypto isakmp client configuration group REMOTE-VPN
key xxxxxx
pool REMOTE-POOL
!
!
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac comp-lzs
crypto ipsec transform-set ESP-AES-MD5 esp-aes esp-md5-hmac comp-lzs
!
crypto dynamic-map remote-dyn 10
set transform-set ESP-AES-MD5 ESP-DES-SHA
reverse-route
!
!
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
archive
log config
hidekeys
!
!
!
!
!
interface Loopback1
ip address IND_PUBBLICO_2 255.255.255.248
crypto map remotemap
!
interface FastEthernet0
description LAN Interna$ES_LAN$
ip address 192.168.1.X 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed 100
keepalive 30
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
mtu 1500
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description Adsl Telecom P2P XXXXXXXXX
mtu 1300
ip address IND_PUNTO_PUNTO 255.255.255.252
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip mroute-cache
pvc 8/35
encapsulation aal5snap
!
!
interface Vlan1
bandwidth 5000000
ip address 10.1.X.X 255.0.0.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
hold-queue 100 out
!
interface Dialer0
no ip address
shutdown
no cdp enable
!
ip local pool REMOTE-POOL 192.168.1.151 192.168.1.160
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
ip http server
no ip http secure-server
ip nat inside source static 10.1.1.2 IND_PUBBLICO_1 extendable
ip nat inside source static 192.168.1.2 IND_PUBBLICO_3 extendable
!
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit ip any any
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq smtp
access-list 103 permit udp host 151.99.125.1 eq domain host IND_PUNTO_PUNTO
access-list 103 permit udp host 151.99.125.2 eq domain host IND_PUNTO_PUNTO
access-list 103 permit ip host IND_PUBBLICO_ALTRO_PROVIDER host IND_PUBBLICO_1
access-list 103 permit icmp any any echo
access-list 103 permit icmp any any echo-reply
access-list 103 permit tcp any host IND_PUBBLICO_1 eq smtp
access-list 103 permit tcp any host IND_PUBBLICO_1 eq pop3
access-list 103 permit tcp any host IND_PUBBLICO_1 eq ftp
access-list 103 permit tcp any host IND_PUBBLICO_1 eq ftp-data
access-list 103 permit tcp any host IND_PUBBLICO_1 eq 81
access-list 103 deny tcp any host IND_PUBBLICO_1 eq www
access-list 103 permit ip any host IND_PUBBLICO_1
access-list 103 permit tcp any host IND_PUBBLICO_3 eq 1433
access-list 103 permit esp any any
access-list 103 permit udp any any eq isakmp
access-list 103 permit udp any any eq non500-isakmp
access-list 103 permit udp any eq isakmp any
access-list 103 permit udp any eq non500-isakmp any
!
!
!
!
!
!
control-plane
!
banner login ^CCQuesto dispositivo e' di proprieta' della CE.R.IN. s.r.l. L 'ute
n
te che accede sara' monitorato e registrato dal personale della CE.R.IN. L' uso
improprio o non autorizzato di questo dispositivo sara' perseguito a termini di
legge.^C
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password XXXXXXXXXXXXXXXX
transport input none
line vty 5 15
privilege level 15
transport input telnet ssh
!
end
il log del router
*Jun 26 08:35:21.287: ISAKMP: default group 2
*Jun 26 08:35:21.287: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.287: ISAKMP: life type in seconds
*Jun 26 08:35:21.287: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.287: ISAKMP: keylength of 128
*Jun 26 08:35:21.287: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.287: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.287: ISAKMP:(0):Checking ISAKMP transform 7 against priority 10
policy
*Jun 26 08:35:21.287: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.287: ISAKMP: hash SHA
*Jun 26 08:35:21.287: ISAKMP: default group 2
*Jun 26 08:35:21.287: ISAKMP: auth pre-share
*Jun 26 08:35:21.287: ISAKMP: life type in seconds
*Jun 26 08:35:21.287: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.287: ISAKMP: keylength of 128
*Jun 26 08:35:21.287: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.287: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.287: ISAKMP:(0):Checking ISAKMP transform 8 against priority 10
policy
*Jun 26 08:35:21.287: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.287: ISAKMP: hash MD5
*Jun 26 08:35:21.287: ISAKMP: default group 2
*Jun 26 08:35:21.287: ISAKMP: auth pre-share
*Jun 26 08:35:21.287: ISAKMP: life type in seconds
*Jun 26 08:35:21.287: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.287: ISAKMP: keylength of 128
*Jun 26 08:35:21.287: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.287: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.287: ISAKMP:(0):Checking ISAKMP transform 9 against priority 10
policy
*Jun 26 08:35:21.291: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash SHA
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 10 against priority 1
0 policy
*Jun 26 08:35:21.291: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash MD5
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 11 against priority 1
0 policy
*Jun 26 08:35:21.291: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash SHA
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth pre-share
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 12 against priority 1
0 policy
*Jun 26 08:35:21.291: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash MD5
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth pre-share
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 13 against priority 1
0 policy
*Jun 26 08:35:21.291: ISAKMP: encryption DES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash MD5
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP:(0):Xauth authentication by pre-shared key offered
but does not match policy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 14 against priority 1
0 policy
*Jun 26 08:35:21.291: ISAKMP: encryption DES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash MD5
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth pre-share
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP:(0):Preshared authentication offered but does not m
atch policy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 0
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65
535 policy
*Jun 26 08:35:21.291: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash SHA
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP: keylength of 256
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65
535 policy
*Jun 26 08:35:21.291: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash MD5
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP: keylength of 256
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65
535 policy
*Jun 26 08:35:21.291: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash SHA
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth pre-share
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP: keylength of 256
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65
535 policy
*Jun 26 08:35:21.291: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash MD5
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.291: ISAKMP: auth pre-share
*Jun 26 08:35:21.291: ISAKMP: life type in seconds
*Jun 26 08:35:21.291: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.291: ISAKMP: keylength of 256
*Jun 26 08:35:21.291: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.291: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.291: ISAKMP:(0):Checking ISAKMP transform 5 against priority 65
535 policy
*Jun 26 08:35:21.291: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.291: ISAKMP: hash SHA
*Jun 26 08:35:21.291: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP: keylength of 128
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 6 against priority 65
535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash MD5
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP: keylength of 128
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 7 against priority 65
535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash SHA
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth pre-share
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP: keylength of 128
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 8 against priority 65
535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption AES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash MD5
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth pre-share
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP: keylength of 128
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 9 against priority 65
535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash SHA
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 10 against priority 6
5535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash MD5
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 11 against priority 6
5535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash SHA
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth pre-share
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 12 against priority 6
5535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption 3DES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash MD5
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth pre-share
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP:(0):Encryption algorithm offered does not match pol
icy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 13 against priority 6
5535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption DES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash MD5
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth XAUTHInitPreShared
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP:(0):Hash algorithm offered does not match policy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 26 08:35:21.295: ISAKMP:(0):Checking ISAKMP transform 14 against priority 6
5535 policy
*Jun 26 08:35:21.295: ISAKMP: encryption DES-CBC
*Jun 26 08:35:21.295: ISAKMP: hash MD5
*Jun 26 08:35:21.295: ISAKMP: default group 2
*Jun 26 08:35:21.295: ISAKMP: auth pre-share
*Jun 26 08:35:21.295: ISAKMP: life type in seconds
*Jun 26 08:35:21.295: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 26 08:35:21.295: ISAKMP:(0):Hash algorithm offered does not match policy!
*Jun 26 08:35:21.295: ISAKMP:(0):atts are not acceptable. Next payload is 0
*Jun 26 08:35:21.295: ISAKMP:(0):no offers accepted!
*Jun 26 08:35:21.295: ISAKMP:(0): phase 1 SA policy not acceptable! (local 88.59
.238.74 remote 151.30.232.4)
*Jun 26 08:35:21.299: ISAKMP (0:0): incrementing error counter on sa, attempt 1
of 5: construct_fail_ag_init
*Jun 26 08:35:21.299: ISAKMP:(0): sending packet to 151.30.232.4 my_port 500 pee
r_port 1076 (R) AG_NO_STATE
*Jun 26 08:35:21.299: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jun 26 08:35:21.299: ISAKMP:(0):peer does not do paranoid keepalives.
*Jun 26 08:35:21.299: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal n
ot accepted" state (R) AG_NO_STATE (peer 151.30.232.4)
*Jun 26 08:35:21.299: ISAKMP:(0): processing KE payload. message ID = 0
*Jun 26 08:35:21.299: ISAKMP:(0): group size changed! Should be 0, is 128
*Jun 26 08:35:21.299: ISAKMP (0:0): incrementing error counter on sa, attempt 2
of 5: reset_retransmission
*Jun 26 08:35:21.299: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXC
H: state = IKE_READY
*Jun 26 08:35:21.299: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Jun 26 08:35:21.299: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
*Jun 26 08:35:21.299: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode
failed with peer at 151.30.232.4
*Jun 26 08:35:21.299: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal n
ot accepted" state (R) AG_NO_STATE (peer 151.30.232.4)
*Jun 26 08:35:21.299: ISAKMP: Unlocking peer struct 0x85195C08 for isadb_mark_sa
_deleted(), count 0
*Jun 26 08:35:21.299: ISAKMP: Deleting peer node by peer_reap for 151.30.232.4:
85195C08
*Jun 26 08:35:21.299: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Jun 26 08:35:21.299: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
*Jun 26 08:35:21.299: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Jun 26 08:35:26.571: ISAKMP (0:0): received packet from 151.30.232.4 dport 500
sport 1076 Global (R) MM_NO_STATE
*Jun 26 08:35:31.571: ISAKMP (0:0): received packet from 151.30.232.4 dport 500
sport 1076 Global (R) MM_NO_STATE
*Jun 26 08:35:36.675: ISAKMP (0:0): received packet from 151.30.232.4 dport 500
sport 1076 Global (R) MM_NO_STATE
*Jun 26 08:36:21.299: ISAKMP:(0):purging SA., sa=8480F3D4, delme=8480F3D4
il log del client VPN
Cisco Systems VPN Client Version 5.0.04.0300
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
Config file directory: C:\Programmi\Cisco Systems\VPN Client\
1 09:18:47.828 06/26/09 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
09:23:08.343 06/26/09 Sev=Info/4 CM/0x63100002
Begin connection process
3 09:23:08.359 06/26/09 Sev=Info/4 CM/0x63100004
Establish secure connection
4 09:23:08.359 06/26/09 Sev=Info/4 CM/0x63100024
Attempt connection with server "IND_PUBBLICO_2"
5 09:23:08.375 06/26/09 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with IND_PUBBLICO_2.
6 09:23:08.375 06/26/09 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
7 09:23:08.468 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to 88.59.238.74
8 09:23:08.703 06/26/09 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
9 09:23:08.703 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
10 09:23:13.703 06/26/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
11 09:23:13.703 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to IND_PUBBLICO_2
12 09:23:18.703 06/26/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
13 09:23:18.703 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to IND_PUBBLICO_2
14 09:23:23.703 06/26/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
15 09:23:23.703 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to IND_PUBBLICO_2
16 09:23:28.703 06/26/09 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=600A098923483E5A R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
17 09:23:29.203 06/26/09 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=600A098923483E5A R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
18 09:23:29.203 06/26/09 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "IND_PUBBLICO_2" because of "DEL_REASON_PEER_NOT_RESPONDING"
19 09:23:29.203 06/26/09 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
20 09:23:29.203 06/26/09 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
21 09:23:29.203 06/26/09 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
22 09:23:29.203 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
23 09:23:29.203 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
24 09:23:29.203 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
25 09:23:29.203 06/26/09 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
26 10:32:24.078 06/26/09 Sev=Info/4 CM/0x63100002
Begin connection process
27 10:32:24.125 06/26/09 Sev=Info/4 CM/0x63100004
Establish secure connection
28 10:32:24.125 06/26/09 Sev=Info/4 CM/0x63100024
Attempt connection with server "IND_PUBBLICO_2"
29 10:32:24.125 06/26/09 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with IND_PUBBLICO_2.
30 10:32:24.140 06/26/09 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
31 10:32:24.140 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to 88.59.238.74
32 10:32:24.765 06/26/09 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
33 10:32:24.765 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
34 10:32:24.765 06/26/09 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (151.30.243.102)
35 10:32:24.812 06/26/09 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = IND_PUBBLICO_2
36 10:32:24.812 06/26/09 Sev=Warning/2 IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)
37 10:32:24.812 06/26/09 Sev=Info/4 IKE/0xE30000A6
Invalid payload: Stated payload length, 568, is not sufficient for Notification:(PayloadList:149)
38 10:32:24.812 06/26/09 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0x00000000)
39 10:32:29.578 06/26/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
40 10:32:29.578 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to IND_PUBBLICO_2
41 10:32:34.578 06/26/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
42 10:32:34.578 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to IND_PUBBLICO_2
43 10:32:39.578 06/26/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
44 10:32:39.578 06/26/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to IND_PUBBLICO_2
45 10:32:44.578 06/26/09 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=7A0FC86C505EBDDA R_Cookie=DBD47398DFD2C73A) reason = DEL_REASON_PEER_NOT_RESPONDING
46 10:32:45.078 06/26/09 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=7A0FC86C505EBDDA R_Cookie=DBD47398DFD2C73A) reason = DEL_REASON_PEER_NOT_RESPONDING
47 10:32:45.078 06/26/09 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "IND_PUBBLICO_2" because of "DEL_REASON_PEER_NOT_RESPONDING"
48 10:32:45.078 06/26/09 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
49 10:32:45.218 06/26/09 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
50 10:32:45.218 06/26/09 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
51 10:32:45.218 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
52 10:32:45.218 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
53 10:32:45.218 06/26/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
54 10:32:45.218 06/26/09 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Vi ringrazio
