I have a PIX 515E have the inside interface connected to a hub and the
outside interface connected to a hub. A 1600 router connected to the
outside interface hub with two addresses on Ethernet. A computer
connected to the outside hub on a totally different subnet and I get the
following error. Why? I think because they are on the hub, but not
sure
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
return status is IKMP_NO_ERROR
crypto_isakmp_process_block: src 10.1.1.2, dest 64.67.69.50
OAK_MM exchange
ISAKMP (0): processing ID payload. message ID = 0
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): SA has been authenticated
ISAKMP (0): ID payload
next-payload : 8
type : 2
protocol : 17
port : 500
length : 24
ISAKMP (0): Total payload length: 28
return status is IKMP_NO_ERROR
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending NOTIFY message 24578 protocol 1
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending phase 1 RESPONDER_LIFETIME notify
ISAKMP (0): sending NOTIFY message 24576 protocol 1
crypto_isakmp_process_block: src 10.1.1.2, dest 64.67.69.50
OAK_QM exchange
oakley_process_quick_mode:
OAK_QM_IDLE
ISAKMP (0): processing SA payload. message ID = 2232193573
ISAKMP : Checking IPSec proposal 1
ISAKMP: transform 1, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10
ISAKMP: SA life type in kilobytes
ISAKMP: SA life duration (VPI) of 0x0 0x3 0xd0 0x90
ISAKMP: encaps is 2
ISAKMP: authenticator is HMAC-MD5IPSEC(validate_proposal):
transform proposal (prot 3, trans 3, hmac_alg
1) not supported
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 2, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10
ISAKMP: SA life type in kilobytes
ISAKMP: SA life duration (VPI) of 0x0 0x3 0xd0 0x90
ISAKMP: encaps is 2
ISAKMP: authenticator is HMAC-SHA
ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request):
proposal part #1,
(key eng. msg.) dest= 64.67.69.50, src= 10.1.1.2,
dest_proxy= 64.67.69.50/255.255.255.255/17/0 (type=1),
src_proxy= 10.1.1.2/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
IPSEC(validate_transform_proposal): proxy identities not supported
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 63.167.65.150, src= 10.1.1.2,
dest_proxy= 10.1.1.2/255.255.255.255/17/1701 (type=1),
src_proxy= 64.67.69.50/255.255.255.255/17/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
IPSEC(validate_transform_proposal): proxy identities not supported
ISAKMP: IPSec policy invalidated proposal
ISAKMP : Checking IPSec proposal 2
ISAKMP: transform 1, AH_SHA
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10
ISAKMP: SA life type in kilobytes
ISAKMP: SA life duration (VPI) of 0x0 0x3 0xd0 0x90
ISAKMP: encaps is 2
ISAKMP: authenticator is HMAC-SHAIPSEC(validate_proposal):
transform proposal (prot 2, trans 3, hmac_alg
2) not supported
ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): skipping next ANDed proposal (2)
ISAKMP : Checking IPSec proposal 3
ISAKMP: transform 1, AH_MD5
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10
ISAKMP: SA life type in kilobytes
ISAKMP: SA life duration (VPI) of 0x0
crypto_isakmp_process_block: src 10.1.1.2, dest 64.67.69.50
ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
crypto_isakmp_process_block: src 10.1.1.2, dest 64.67.69.50
ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
crypto_isakmp_process_block: src 10.1.1.2, dest 64.67.69.50
ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
crypto_isakmp_process_block: src 10.1.1.2, dest 64.67.69.50
ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.30201
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=48875&t=48875
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
