*Nov 14 17:38:52.374: IPSEC(key_engine): got a queue event with 1 kei
messages
*Nov 14 17:39:00.106: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-md5-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x400
*Nov 14 17:39:00.106: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.110: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes 256 esp-md5-hmac comp-lzs }
*Nov 14 17:39:00.110: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x400
*Nov 14 17:39:00.110: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.110: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes 256 esp-sha-hmac comp-lzs }
*Nov 14 17:39:00.110: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-md5-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x400
*Nov 14 17:39:00.110: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.110: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes esp-md5-hmac comp-lzs }
*Nov 14 17:39:00.110: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x400
*Nov 14 17:39:00.110: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.114: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes esp-sha-hmac comp-lzs }
*Nov 14 17:39:00.114: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-md5-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x400
*Nov 14 17:39:00.114: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes 256 esp-md5-hmac }
*Nov 14 17:39:00.114: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x400
*Nov 14 17:39:00.114: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes 256 esp-sha-hmac }
*Nov 14 17:39:00.114: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-md5-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x400
*Nov 14 17:39:00.114: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes esp-md5-hmac }
*Nov 14 17:39:00.114: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x400
*Nov 14 17:39:00.114: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-aes esp-sha-hmac }
*Nov 14 17:39:00.118: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.118: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.118: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-3des esp-md5-hmac comp-lzs }
*Nov 14 17:39:00.118: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.118: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.118: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-3des esp-sha-hmac comp-lzs }
*Nov 14 17:39:00.118: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.118: IPSEC(validate_transform_proposal): transform proposal
not supported for identity:
{esp-3des esp-md5-hmac }
*Nov 14 17:39:00.118: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel-UDP),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.122: IPSEC(key_engine): got a queue event with 1 kei
messages
*Nov 14 17:39:00.122: IPSEC(spi_response): getting spi 1145696299 for SA
from 62.90.200.226 to 83.244.99.181 for prot 3
*Nov 14 17:39:00.126: IPSEC(key_engine): got a queue event with 2 kei
messages
*Nov 14 17:39:00.126: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel-UDP),
lifedur= 2147483s and 0kb,
spi= 0x4449F02B(1145696299), conn_id= 0, keysize= 0, flags= 0x400
*Nov 14 17:39:00.126: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 62.90.200.226, remote= 83.244.99.181,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 10.10.10.27/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel-UDP),
lifedur= 2147483s and 0kb,
spi= 0xF22AA50A(4062881034), conn_id= 0, keysize= 0, flags= 0x408
*Nov 14 17:39:00.126: IPSEC(rte_mgr): VPN Route Event static keyword or
dynamic SA create for peer 83.244.99.181
*Nov 14 17:39:00.126: IPSEC(rte_mgr): VPN Route Refcount 1 FastEthernet0/0
*Nov 14 17:39:00.126: IPSEC(rte_mgr): VPN Route Added 10.10.10.27
255.255.255.255 via 83.244.99.181 in IP DEFAULT TABLE with tag 0
*Nov 14 17:39:00.126: IPSec: Flow_switching Allocated flow for sibling
8000001F
*Nov 14 17:39:00.126: IPSEC(policy_db_add_ident): src 0.0.0.0, dest
10.10.10.27, dest_port 0
*Nov 14 17:39:00.126: IPSEC(create_sa): sa created,
(sa) sa_dest= 62.90.200.226, sa_proto= 50,
sa_spi= 0x4449F02B(1145696299),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3009
*Nov 14 17:39:00.126: IPSEC(create_sa): sa created,
(sa) sa_dest= 83.244.99.181, sa_proto= 50,
sa_spi= 0xF22AA50A(4062881034),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3010
*Nov 14 17:39:00.314: IPSEC(key_engine): got a queue event with 1 kei
messages
*Nov 14 17:39:00.314: IPSEC(key_engine_enable_outbound): rec'd enable notify
from ISAKMP
*Nov 14 17:39:00.314: IPSEC(key_engine_enable_outbound): enable SA with spi
4062881034/50
*Nov 14 17:39:04.390: ICMP: echo reply rcvd, src 62.90.200.225, dst
62.90.200.226
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Johnny B CCIE
Sent: Saturday, November 14, 2009 6:46 PM
To: groupstudy
Subject: Re: strange remote VPN
SDM? Ok.
What does your routing table look like from both the client and the
vpn device? I suspect that the route you injecting the reverse route
into is not getting redistributed properly into your routing table. So
you will probably need to either create a static route, redistribute,
or add the network of the client into the routing process.
debug crypto ipsec - this command will tell us a little more about the
problem you are having and what routes are known.
On Sat, Nov 14, 2009 at 11:08 AM, CCIE <ccie_at_axizo.com> wrote:
>
>
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> !
> crypto isakmp client configuration group MICO_CAT_GROUP
> key CISCO
> pool SDM_POOL_1
> acl 100
> netmask 255.255.255.0
> !
> ip local pool SDM_POOL_1 10.10.10.1 10.10.10.254
> !
> crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
> !
> crypto dynamic-map SDM_DYNMAP_1 1
> set transform-set ESP-3DES-SHA
> reverse-route
> !
> !
> crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
> crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
> crypto map SDM_CMAP_1 client configuration address respond
> crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
> !
>
> !
> interface FastEthernet0/0
>
> crypto map SDM_CMAP_1
> !
>
> access-list 100 permit ip 192.168.2.0 0.0.0.255 any
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Johnny B CCIE
> Sent: Saturday, November 14, 2009 5:53 PM
> To: groupstudy
> Subject: Re: strange remote VPN
>
> Amin would you be willing to submit the configuration? You have asked
> the question on a technical study forum and unless you just want an
> opinion on your question you might want the proof.
>
> On Sat, Nov 14, 2009 at 10:49 AM, CCIE <ccie_at_axizo.com> wrote:
>> Hi experts,
>>
>> I have a VPN server on 1841 router, whenever I connect to it using the
VPN
>> client software I can access just on device behind that VPN server (this
> is
>> the first one that I start access),if I disconnect then reconnect I can
>> access another one and continue accessing just this new one, and so on
> just
>> one device per session (the one that I start access).
>>
>> Any advice about that?
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 4607 (20091114) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 4607 (20091114) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
Blogs and organic groups at http://www.ccie.net
Received on Sat Nov 14 2009 - 19:28:21 ART
This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART