From: adeolu@sympatico.ca
Date: Tue Sep 14 2004 - 17:24:47 GMT-3
Hi Josh,
Thanks for looking at this. I have asked them a few times but they say that they do not have any restrictions.
>
> From: "joshua lauer" <jslauer@hotmail.com>
> Date: 2004/09/14 Tue PM 03:51:47 EST
> To: <adeolu@sympatico.ca>,
> <ccielab@groupstudy.com>
> Subject: Re: IPSEC VPN PROBLEM
>
> Is your ISP blocking any ports that you know of? Could be why your
> connection isnt setting up. Make sure they are not blocking the critical
> ports (port 500) needed for your connection set up. I've had a similar issue
> working with nortel equipment in the past. Just a thought, I really didnt
> have time to drill down into your debugs. I'll check them out when I get
> home from work :)
>
>
> Josh Lauer
>
>
> ----- Original Message -----
> From: <adeolu@sympatico.ca>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, September 14, 2004 3:02 PM
> Subject: IPSEC VPN PROBLEM
>
>
> >I was wondering if anyone could bail me out.....this issue has me at my
> >wits' end. I am running a hub and spoke VPN for my company. The head-end
> >router is a Cisco 7204 running IOS 12.2(13)T3 and I am running IOS
> >12.3(7)T2 on the remote. The reason i am running such a recent version on
> >the remote router is because of a need to support the 4-port switch WIC in
> >the router.
> >
> > I was able to successfully test this using a PPPoE Internet connection
> > (ADSL) but so far, I have been unable to successfully use it with Cable
> > Internet (which is the link type on site). The connection just refuses to
> > be set up. I have checked the ISAKMP policies, crypto maps etc. and
> > ensured that they are matched.
> >
> > I have pasted some debugs below
> >
> > Any help will be appreciated.
> >
> > = 0x400A
> > *Mar 10 02:25:10: ISAKMP: received ke message (1/1)
> > *Mar 10 02:25:10: ISAKMP: set new node 0 to QM_IDLE
> > *Mar 10 02:25:10: ISAKMP:(0:1:HW:2):SA is still budding. Attached new
> > ipsec requ
> > est to it. (local 24.86.96.233, remote 209.5.96.157)
> > *Mar 10 02:25:10: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Mar 10 02:25:10: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit
> > phase 1
> > *Mar 10 02:25:10: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Mar 10 02:25:10: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500
> > peer_port 500 (I) MM_NO_STATE
> > *Mar 10 02:25:20: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Mar 10 02:25:20: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit
> > phase 1
> > *Mar 10 02:25:20: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Mar 10 02:25:20: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500
> > peer_port 500 (I) MM_NO_STATE
> > *Mar 10 02:25:28: IPSEC(key_engine): request timer fired: count = 1,
> > (identity) local= 24.86.96.233, remote= 209.5.96.157,
> > local_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > remote_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4)
> > *Mar 10 02:25:28: IPSEC(sa_request): ,
> > (key eng. msg.) OUTBOUND local= 24.86.96.233, remote= 209.5.96.157,
> > local_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > remote_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
> > lifedur= 3600s and 4608000kb,
> > spi= 0xD029AD14(3492392212), conn_id= 0, keysize= 0, flags= 0x400A
> > *Mar 10 02:25:28: ISAKMP: received ke message (1/1)
> > *Mar 10 02:25:28: ISAKMP: set new node 0 to QM_IDLE
> > *Mar 10 02:25:28: ISAKMP:(0:1:HW:2):SA is still budding. Attached new
> > ipsec requ
> > est to it. (local 24.86.96.233, remote 209.5.96.157)
> > *Mar 10 02:25:30: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Mar 10 02:25:30: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit
> > phase 1
> > *Mar 10 02:25:30: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Mar 10 02:25:30: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500
> > peer_port 500 (I) MM_NO_STATE
> > *Mar 10 02:25:40: IPSEC(key_engine): request timer fired: count = 2,
> > (identity) local= 24.86.96.233, remote= 209.5.96.157,
> > local_proxy= 142.225.130.0/255.255.255.0/0/0 (type=4),
> > remote_proxy= 192.168.0.0/255.255.0.0/0/0 (type=4)
> > *Mar 10 02:25:40: ISAKMP: received ke message (3/1)
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.
> >
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):deleting SA reason "receive request to
> > delet
> > e ike sa" state (I) MM_NO_STATE (peer 209.5.96.157) input queue 0
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):deleting SA reason "receive request to
> > delet
> > e ike sa" state (I) MM_NO_STATE (peer 209.5.96.157) input queue 0
> > *Mar 10 02:25:40: ISAKMP: Unlocking IKE struct 0x824C53A4 for
> > isadb_mark_sa_dele
> > ted(), count 0
> > *Mar 10 02:25:40: ISAKMP: Deleting peer node by peer_reap for
> > 209.5.96.157: 824C
> > 53A4
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):deleting node -938513491 error TRUE
> > reason "
> > receive request to delete ike sa"
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):deleting node -1343263010 error TRUE
> > reason
> > "receive request to delete ike sa"
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):deleting node -2146876017 error TRUE
> > reason
> > "receive request to delete ike sa"
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):deleting node -1379398450 error TRUE
> > reason
> > "receive request to delete ike sa"
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL,
> > IKE_PHASE1_DEL
> > *Mar 10 02:25:40: ISAKMP:(0:1:HW:2):Old State = IKE_I_MM1 New State =
> > IKE_DEST_
> > SA
> >
> > *Mar 10 02:25:50: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
> > 142.225.150.134 (V
> > lan521) is up: new adjacency
> > *Mar 10 02:25:58: IPSEC(key_engine): request timer fired: count = 2,
> > (identity) local= 24.86.96.233, remote= 209.5.96.157,
> > local_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > remote_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4)
> > *Mar 10 02:25:58: ISAKMP: received ke message (3/1)
> > *Mar 10 02:25:58: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.
> > Log Buffer (4096 bytes):
> > nding packet to 209.5.96.157 my_port 500 peer_port 500 (I) MM_NO_STATE
> > *Sep 13 20:57:54: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Sep 13 20:57:54: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit phase 1
> > *Sep 13 20:57:54: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Sep 13 20:57:54: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500 peer_port 500 (I) MM_NO_STATE
> > *Sep 13 20:58:04: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Sep 13 20:58:04: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit phase 1
> > *Sep 13 20:58:04: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Sep 13 20:58:04: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500 peer_port 500 (I) MM_NO_STATE
> > *Sep 13 20:58:14: IPSEC(key_engine): request timer fired: count = 1,
> > (identity) local= 209.5.255.142, remote= 209.5.96.157,
> > local_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > remote_proxy= 172.16.0.0/255.240.0.0/0/0 (type=4)
> > *Sep 13 20:58:14: IPSEC(sa_request): ,
> > (key eng. msg.) OUTBOUND local= 209.5.255.142, remote= 209.5.96.157,
> > local_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > remote_proxy= 172.16.0.0/255.240.0.0/0/0 (type=4),
> > protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
> > lifedur= 3600s and 4608000kb,
> > spi= 0x21BF4A39(566184505), conn_id= 0, keysize= 0, flags= 0x400A
> > *Sep 13 20:58:14: ISAKMP: received ke message (1/1)
> > *Sep 13 20:58:14: ISAKMP: set new node 0 to QM_IDLE
> > *Sep 13 20:58:14: ISAKMP:(0:1:HW:2):SA is still budding. Attached new
> > ipsec request to it. (local 209.5.255.142, remote 209.5.96.157)
> > *Sep 13 20:58:14: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Sep 13 20:58:14: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit phase 1
> > *Sep 13 20:58:14: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Sep 13 20:58:14: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500 peer_port 500 (I) MM_NO_STATE
> > *Sep 13 20:58:24: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Sep 13 20:58:24: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit phase 1
> > *Sep 13 20:58:24: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Sep 13 20:58:24: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500 peer_port 500 (I) MM_NO_STATE
> > *Sep 13 20:58:34: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE...
> > *Sep 13 20:58:34: ISAKMP:(0:1:HW:2):incrementing error counter on sa:
> > retransmit phase 1
> > *Sep 13 20:58:34: ISAKMP:(0:1:HW:2): retransmitting phase 1 MM_NO_STATE
> > *Sep 13 20:58:34: ISAKMP:(0:1:HW:2): sending packet to 209.5.96.157
> > my_port 500 peer_port 500 (I) MM_NO_STATE
> > Sep 13 20:58:44: IPSEC(key_engine): request timer fired: count = 2,
> > (identity) local= 209.5.255.142, remote= 209.5.96.157,
> > local_proxy= 142.225.0.0/255.255.0.0/0/0 (type=4),
> > remote_proxy= 172.16.0.0/255.240.0.0/0/0 (type=4)
> > *Sep 13 20:58:44: ISAKMP: received ke message (3/1)
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):deleting SA reason "receive request to
> > delete ike sa" state (I) MM_NO_STATE (peer 209.5.96.157) input queue 0
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):deleting SA reason "receive request to
> > delete ike sa" state (I) MM_NO_STATE (peer 209.5.96.157) input queue 0
> > *Sep 13 20:58:44: ISAKMP: Unlocking IKE struct 0x821712B4 for
> > isadb_mark_sa_deleted(), count 0
> > *Sep 13 20:58:44: ISAKMP: Deleting peer node by peer_reap for
> > 209.5.96.157: 821712B4
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):deleting node -862965495 error TRUE
> > reason "receive request to delete ike sa"
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):deleting node -542169726 error TRUE
> > reason "receive request to delete ike sa"
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL,
> > IKE_PHASE1_DEL
> > *Sep 13 20:58:44: ISAKMP:(0:1:HW:2):Old State = IKE_I_MM1 New State =
> > IKE_DEST_SA
> > Sep 13 20:59:34: ISAKMP:(0:1:HW:2):purging node -862965495
> > *Sep 13 20:59:34: ISAKMP:(0:1:HW:2):purging node -542169726
> > *Sep 13 20:59:44: ISAKMP:(0:1:HW:2):purging SA., sa=829FC038,
> > delme=829FC038
> > fnbur020#
> >
> >
> > I have pasted some debugs below
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:42 GMT-3