Plzzzzzzzzzzzzzz help retransmitting phase 1 AG_INIT_EXCH with from jeremy co on 2013-11-04 (Ccielab archives 12/2013)

From: jeremy co <jeremy.cool14_at_gmail.com>
Date: Mon, 4 Nov 2013 03:57:52 -0800

R3----R6 back to back conenction .

R3:Client

crypto ipsec client ezvpn EASY
connect manual
group ezvpn_DVTI key cisco123
local-address FastEthernet0/0
mode client
peer 7.7.19.6
username cisco password cisco
xauth userid mode local
!
!

!
interface Loopback0
ip address 7.7.53.3 255.255.255.255
crypto ipsec client ezvpn EASY inside
!
interface FastEthernet0/0
ip address 7.7.19.3 255.255.255.0
crypto ipsec client ezvpn EASY outside

R6: Server

aaa new-model
aaa authentication login ikev1-list local
aaa authorization network ikev1-list local
aaa session-id common

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2

crypto isakmp client configuration group ezvpn_DVTI
key cisco123
domain cisco.com
pool pool2
save-password

crypto isakmp profile isakmp_profile_dvti
   match identity group ezvpn_DVTI
   client authentication list lkey1-list
   isakmp authorization list lkey1-list
   client configuration address respond
   client configuration group ezvpn_DVTI
   virtual-template 2
   local-address FastEthernet0/0

crypto ipsec transform-set cisco esp-3des esp-sha-hmac

crypto ipsec profile ikev1
set transform-set cisco
set isakmp-profile isakmp_profile_dvti
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile ikev1

ip local pool pool2 13.1.1.1 13.1.1.10

interface FastEthernet0/0
ip address 7.7.19.6 255.255.255.0

Here is the debug: its not even passing IKE phase 1
--------------------------------------------------------------------------------------------------------------------------------

R3# crypto ipsec client ezvpn connect
R3#
*Mar 1 00:01:59.583: del_node src 7.7.19.3:500 dst 7.7.19.6:500 fvrf 0x0,
ivrf 0x0
*Mar 1 00:01:59.583: ISAKMP:(0):peer does not do paranoid keepalives.

*Mar 1 00:01:59.591: ISAKMP:(0): SA request profile is (NULL)
*Mar 1 00:01:59.591: ISAKMP: Created a peer struct for 7.7.19.6, peer port
500
*Mar 1 00:01:59.595: ISAKMP: New peer created peer = 0x66BCA8DC
peer_handle = 0x80000003
*Mar 1 00:01:59.595: ISAKMP: Locking peer struct 0x66BCA8DC, refcount 1
for isakmp_initiator
*Mar 1 00:01:59.595: ISAKMP:(0):Setting client config settings 664962C4
*Mar 1 00:01:59.595: ISAKMP: local port 500, remote port 500
*Mar 1 00:01:59.599: ISAKMP: Find a dup sa in the avl tree during calling
isadb_insert sa = 66651EA4
*Mar 1 00:01:59.599: ISAKMP:(0): client mode configured.
*Mar 1 00:01:59.611: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Mar 1 00:01:59.611: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Mar 1 00:01:59.611: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Mar 1 00:01:59.615: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Mar 1 00:01:59.615: ISKAMP: growing send buffer from 1024 to 3072
*Mar 1 00:01:59.615: ISAKMP:(0):SA is doing pre-shared key authentication
plus XAUTH using id type ID_KEY_ID
*Mar 1 00:01:59.619: ISAKMP (0:0): ID payload
        next-payload : 13
        type : 11
        group id : ezvpn_DVTI
        protocol : 17
        port : 0
        length : 18
*Mar 1 00:01:59.619: ISAKMP:(0):Total payload length: 18
*Mar 1 00:01:59.619: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
*Mar 1 00:01:59.619: ISAKMP:(0):Old State = IKE_READY New State =
IKE_I_AM1

*Mar 1 00:01:59.619: ISAKMP:(0): beginning Aggressive Mode exchange
*Mar 1 00:01:59.619: ISAKMP:(0): sending packet to 7.7.19.6 my_port 500
peer_port 500 (I) AG_INIT_EXCH
*Mar 1 00:01:59.619: ISAKMP:(0):Sending an IKE IPv4 Packet.
R3#
R3#
*Mar 1 00:02:09.619: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Mar 1 00:02:09.619: ISAKMP (0:0): incrementing error counter on sa,
attempt 1 of 5: retransmit phase 1
*Mar 1 00:02:09.619: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
*Mar 1 00:02:09.623: ISAKMP:(0): sending packet to 7.7.19.6 my_port 500
peer_port 500 (I) AG_INIT_EXCH
*Mar 1 00:02:09.623: ISAKMP:(0):Sending an IKE IPv4 Packet.
R3#
*Mar 1 00:02:19.623: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Mar 1 00:02:19.623: ISAKMP (0:0): incrementing error counter on sa,
attempt 2 of 5: retransmit phase 1
*Mar 1 00:02:19.623: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
*Mar 1 00:02:19.627: ISAKMP:(0): sending packet to 7.7.19.6 my_port 500
peer_port 500 (I) AG_INIT_EXCH
*Mar 1 00:02:19.627: ISAKMP:(0):Sending an IKE IPv4 Packet.
R3#
*Mar 1 00:02:29.627: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Mar 1 00:02:29.627: ISAKMP (0:0): incrementing error counter on sa,
attempt 3 of 5: retransmit phase 1
*Mar 1 00:02:29.627: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
*Mar 1 00:02:29.631: ISAKMP:(0): sending packet to 7.7.19.6 my_port 500
peer_port 500 (I) AG_INIT_EXCH
*Mar 1 00:02:29.631: ISAKMP:(0):Sending an IKE IPv4 Packet.
R3#
*Mar 1 00:02:39.631: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Mar 1 00:02:39.631: ISAKMP (0:0): incrementing error counter on sa,
attempt 4 of 5: retransmit phase 1
*Mar 1 00:02:39.631: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
*Mar 1 00:02:39.635: ISAKMP:(0): sending packet to 7.7.19.6 my_port 500
peer_port 500 (I) AG_INIT_EXCH
*Mar 1 00:02:39.635: ISAKMP:(0):Sending an IKE IPv4 Packet.
R3#
*Mar 1 00:02:49.635: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Mar 1 00:02:49.635: ISAKMP (0:0): incrementing error counter on sa,
attempt 5 of 5: retransmit phase 1
*Mar 1 00:02:49.635: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
*Mar 1 00:02:49.639: ISAKMP:(0): sending packet to 7.7.19.6 my_port 500
peer_port 500 (I) AG_INIT_EXCH
*Mar 1 00:02:49.639: ISAKMP:(0):Sending an IKE IPv4 Packet.
R3#
*Mar 1 00:02:53.079: ISAKMP:(0):purging SA., sa=66A6DCD4, delme=66A6DCD4
R3#
EZVPN(EASY): IPSec connection terminated
*Mar 1 00:02:59.639: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Mar 1 00:02:59.639: ISAKMP:(0):peer does not do paranoid keepalives.

*Mar 1 00:02:59.639: ISAKMP:(0):deleting SA reason "Death by
retransmission P1" state (I) AG_INIT_EXCH (peer 7.7.19.6)
*Mar 1 00:02:59.647: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=ezvpn_DVTI Client_public_addr=7.7.19.3 Server_public_addr=7.7.19.6
R3#
*Mar 1 00:02:59.655: ISAKMP:(0):deleting SA reason "Death by
retransmission P1" state (I) AG_INIT_EXCH (peer 7.7.19.6)
*Mar 1 00:02:59.655: ISAKMP: Unlocking peer struct 0x66BCA8DC for
isadb_mark_sa_deleted(), count 0
*Mar 1 00:02:59.659: ISAKMP: Deleting peer node by peer_reap for 7.7.19.6:
66BCA8DC
*Mar 1 00:02:59.659: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Mar 1 00:02:59.659: ISAKMP:(0):Old State = IKE_I_AM1 New State =
IKE_DEST_SA

Thanks

Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 04 2013 - 03:57:52 ART

This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 20:26:19 ART