I have configured PIX for remote VPN client. It works for Cisco VPN client, however Cisco does not have support to Mac 8-9. I downloaded the software from Netlock. However it failed in Phase 1. Then I upgraded the PIX to 6.2(1), it seems making some progress. However the connection is killed in the end of Phase 2 (I guess) with "return status is IKMP_NO_ERR_NO_TRANS ".
Is anybody have experience in configuring VPN for Mac? I am attaching the log file, I do appreciate if someone could help me. Daniel crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 VPN Peer: ISAKMP: Added new peer: ip:63.11.28.147 Total VPN Peers:1 VPN Peer: ISAKMP: Peer ip:63.11.28.147 Ref cnt incremented to:1 Total VPN Peers: 1 OAK_AG exchange ISAKMP (0): processing SA payload. message ID = 0 ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: extended auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: extended auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are acceptable. Next payload is 3 ISAKMP (0): processing KE payload. message ID = 0 ISAKMP (0): processing NONCE payload. message ID = 0 ISAKMP (0): processing ID payload. message ID = 0 ISAKMP (0): processing vendor id payload ISAKMP (0): received xauth v6 vendor id ISAKMP (0): processing vendor id payload ISAKMP (0): remote peer supports dead peer detection ISAKMP (0): processing vendor id payload ISAKMP (0): speaking to a Unity client ISAKMP: Created a peer node for 63.11.28.147 ISAKMP (0): ID payload next-payload : 10 type : 2 protocol : 17 port : 500 length : 16 ISAKMP (0): Total payload length: 20 return status is IKMP_NO_ERROR crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_AG exchange ISAKMP (0): processing HASH payload. message ID = 0 ISAKMP (0): processing NOTIFY payload 24578 protocol 1 spi 0, message ID = 0 ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a queue even t... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 63.11.28.147 ISAKMP (0): SA has been authenticated return status is IKMP_NO_ERROR ISAKMP (0): sending phase 1 RESPONDER_LIFETIME notify ISAKMP (0): sending NOTIFY message 24576 protocol 1 crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_QM exchange oakley_process_quick_mode: OAK_QM_IDLE ISAKMP (0): processing SA payload. message ID = 3752133894 ISAKMP : Checking IPSec proposal 1 ISAKMP: transform 1, ESP_3DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: authenticator is HMAC-SHA ISAKMP: SA life type in seconds ISAKMP: SA life duration (VPI) of 0x1 0xe1 0x33 0x80 IPSEC(validate_propos al): transform proposal (prot 3, trans 3, hmac_alg 2) not supported ISAKMP (0): atts not acceptable. Next payload is 0 ISAKMP : Checking IPSec proposal 2 ISAKMP: transform 1, ESP_3DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: authenticator is HMAC-MD5 ISAKMP: SA life type in seconds ISAKMP: SA life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) dest= 67.32.141.226, src= 63.11.28.147, dest_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), src_proxy= 63.11.28.147/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4 ISAKMP (0): processing NONCE payload. message ID = 3752133894 ISAKMP (0): processing ID payload. message ID = 3752133894 ISAKMP (0): ID_IPV4_ADDR src 63.11.28.147 prot 0 port 0 ISAKMP (0): processing ID payload. message ID = 3752133894 ISAKMP (0): ID_IPV4_ADDR_RANGE dst 0.0.0.0/0.0.0.0 prot 0 port 0IPSEC(key_engine ): got a queue event... IPSEC(spi_response): getting spi 0xbc74b5c1(3161765313) for SA from 63.11.28.147 to 67.32.141.226 for prot 3 return status is IKMP_NO_ERROR crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_QM exchange oakley_process_quick_mode: OAK_QM_AUTH_AWAIT ISAKMP (0): Creating IPSec SAs inbound SA from 63.11.28.147 to 67.32.141.226 (proxy 63.11.28.14 7 to 0.0.0.0) has spi 3161765313 and conn_id 1 and flags 4 lifetime of 31536000 seconds outbound SA from 67.32.141.226 to 63.11.28.147 (proxy 0.0.0 .0 to 63.11.28.147) has spi 1668866929 and conn_id 2 and flags 4 lifetime of 31536000 secondsIPSEC(key_engine): got a queue event... IPSEC(initialize_sas): , (key eng. msg.) dest= 67.32.141.226, src= 63.11.28.147, dest_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), src_proxy= 63.11.28.147/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-md5-hmac , lifedur= 31536000s and 0kb, spi= 0xbc74b5c1(3161765313), conn_id= 1, keysize= 0, flags= 0x4 IPSEC(initialize_sas): , (key eng. msg.) crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 ISAKMP (0): processing DELETE payload. message ID = 296222340IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP VPN Peer: IPSEC: Peer ip:63.11.28.147 Decrementing Ref cnt to:2 Total VPN Peers: 1 VPN Peer: IPSEC: Peer ip:63.11.28.147 Decrementing Ref cnt to:1 Total VPN Peers: 1 return status is IKMP_NO_ERR_NO_TRANS crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 ISAKMP (0): processing DELETE payload. message ID = 2257656427 ISAKMP (0): deleting SA: src 63.11.28.147, dst 67.32.141.226 return status is IKMP_NO_ERR_NO_TRANS ISADB: reaper checking SA 0x80a4ba88, conn_id = 0 DELETE IT! VPN Peer: ISAKMP: Peer ip:63.11.28.147 Ref cnt decremented to:0 Total VPN Peers: 1 VPN Peer: ISAKMP: Deleted peer: ip:63.11.28.147 Total VPN peers:0IPSEC(key_engin e): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 63.11.28.147 crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 VPN Peer: ISAKMP: Added new peer: ip:63.11.28.147 Total VPN Peers:1 VPN Peer: ISAKMP: Peer ip:63.11.28.147 Ref cnt incremented to:1 Total VPN Peers: 1 OAK_AG exchange ISAKMP (0): processing SA payload. message ID = 0 ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: extended auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: extended auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are acceptable. Next payload is 3 ISAKMP (0): processing KE payload. message ID = 0 ISAKMP (0): processing NONCE payload. message ID = 0 ISAKMP (0): processing ID payload. message ID = 0 ISAKMP (0): processing vendor id payload ISAKMP (0): received xauth v6 vendor id ISAKMP (0): processing vendor id payload ISAKMP (0): remote peer supports dead peer detection ISAKMP (0): processing vendor id payload ISAKMP (0): speaking to a Unity client ISAKMP (0): ID payload next-payload : 10 type : 2 protocol : 17 port : 500 length : 16 ISAKMP (0): Total payload length: 20 return status is IKMP_NO_ERROR crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_AG exchange ISAKMP (0): processing HASH payload. message ID = 0 ISAKMP (0): processing NOTIFY payload 24578 protocol 1 spi 0, message ID = 0 ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a queue even t... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 63.11.28.147 ISAKMP (0): SA has been authenticated return status is IKMP_NO_ERROR ISAKMP (0): sending phase 1 RESPONDER_LIFETIME notify ISAKMP (0): sending NOTIFY message 24576 protocol 1 crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_QM exchange oakley_process_quick_mode: OAK_QM_IDLE ISAKMP (0): processing SA payload. message ID = 1608224600 ISAKMP : Checking IPSec proposal 1 ISAKMP: transform 1, ESP_3DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: authenticator is HMAC-SHA ISAKMP: SA life type in seconds ISAKMP: SA life duration (VPI) of 0x1 0xe1 0x33 0x80 IPSEC(validate_propos al): transform proposal (prot 3, trans 3, hmac_alg 2) not supported ISAKMP (0): atts not acceptable. Next payload is 0 ISAKMP : Checking IPSec proposal 2 ISAKMP: transform 1, ESP_3DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: authenticator is HMAC-MD5 ISAKMP: SA life type in seconds ISAKMP: SA life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) dest= 67.32.141.226, src= 63.11.28.147, dest_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), src_proxy= 63.11.28.147/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4 ISAKMP (0): processing NONCE payload. message ID = 1608224600 ISAKMP (0): processing ID payload. message ID = 1608224600 ISAKMP (0): ID_IPV4_ADDR src 63.11.28.147 prot 0 port 0 ISAKMP (0): processing ID payload. message ID = 1608224600 ISAKMP (0): ID_IPV4_ADDR_RANGE dst 0.0.0.0/0.0.0.0 prot 0 port 0IPSEC(key_engine ): got a queue event... IPSEC(spi_response): getting spi 0xd817b45a(3625432154) for SA from 63.11.28.147 to 67.32.141.226 for prot 3 return status is IKMP_NO_ERROR crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_QM exchange oakley_process_quick_mode: OAK_QM_AUTH_AWAIT ISAKMP (0): Creating IPSec SAs inbound SA from 63.11.28.147 to 67.32.141.226 (proxy 63.11.28.14 7 to 0.0.0.0) has spi 3625432154 and conn_id 2 and flags 4 lifetime of 31536000 seconds outbound SA from 67.32.141.226 to 63.11.28.147 (proxy 0.0.0 .0 to 63.11.28.147) has spi 2101326708 and conn_id 1 and flags 4 lifetime of 31536000 secondsIPSEC(key_engine): got a queue event... IPSEC(initialize_sas): , (key eng. msg.) dest= 67.32.141.226, src= 63.11.28.147, dest_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), src_proxy= 63.11.28.147/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-md5-hmac , lifedur= 31536000s and 0kb, spi= 0xd817b45a(3625432154), conn_id= 2, keysize= 0, flags= 0x4 IPSEC(initialize_sas): crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 ISAKMP (0): processing DELETE payload. message ID = 2972009236IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP VPN Peer: IPSEC: Peer ip:63.11.28.147 Decrementing Ref cnt to:2 Total VPN Peers: 1 VPN Peer: IPSEC: Peer ip:63.11.28.147 Decrementing Ref cnt to:1 Total VPN Peers: 1 return status is IKMP_NO_ERR_NO_TRANS crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 ISAKMP (0): processing DELETE payload. message ID = 3336293860 ISAKMP (0): deleting SA: src 63.11.28.147, dst 67.32.141.226 return status is IKMP_NO_ERR_NO_TRANS ISADB: reaper checking SA 0x80a4ba88, conn_id = 0 DELETE IT! VPN Peer: ISAKMP: Peer ip:63.11.28.147 Ref cnt decremented to:0 Total VPN Peers: 1 VPN Peer: ISAKMP: Deleted peer: ip:63.11.28.147 Total VPN peers:0IPSEC(key_engin e): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 63.11.28.147 ISAKMP: Deleting peer node for 63.11.28.147 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44744&t=44744 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
