Jump to content
Калькуляторы

Cisco VPN Client

Юзаем Cisco VPN Client.

Стоит тачка с дебиан и с vpnc, на ней поднято 1 езернет подключение, и там же прокинут вилан (тэгированый).

Через езернет нормально поднимается туннель и т.д.

Как только пытаюсь прописать маршрут до хоста (с которым необходимо поднять туннель) через вилан тут начинается самое интересное, vpnc (при попытке подключения) начинает выдавать сабж:

# /usr/sbin/vpnc: configuration response rejected: ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED(13)
На винде тоже не хочет цепляться.

Выдает сабж:

Cisco Systems VPN Client Version 5.0.05.0290

Copyright © 1998-2009 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.2.3790 Service Pack 1

 

992 18:03:15.977 07/14/09 Sev=Info/4 CM/0x63100002

Begin connection process

 

993 18:03:16.008 07/14/09 Sev=Info/4 CM/0x63100004

Establish secure connection

 

994 18:03:16.008 07/14/09 Sev=Info/4 CM/0x63100024

Attempt connection with server "х.х.х.х"

 

995 18:03:16.102 07/14/09 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

 

996 18:03:16.008 07/14/09 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with х.х.х.х.

 

997 18:03:16.024 07/14/09 Sev=Info/4 IKE/0x63000001

Starting IKE Phase 1 Negotiation

 

998 18:03:16.039 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to х.х.х.х

 

999 18:03:16.055 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

 

1000 18:03:16.055 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), KE, ID, NON, HASH) from х.х.х.х

 

1001 18:03:16.055 07/14/09 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

 

1002 18:03:16.071 07/14/09 Sev=Info/5 IKE/0x63000001

Peer supports DPD

 

1003 18:03:16.071 07/14/09 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text

 

1004 18:03:16.071 07/14/09 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

 

1005 18:03:16.086 07/14/09 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful

 

1006 18:03:16.086 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to х.х.х.х

 

1007 18:03:16.086 07/14/09 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x07AA, Remote Port = 0x01F4

 

1008 18:03:16.086 07/14/09 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

 

1009 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

 

1010 18:03:16.102 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from х.х.х.х

 

1011 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds

 

1012 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x63000047

This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now

 

1013 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

 

1014 18:03:16.102 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from х.х.х.х

 

1015 18:03:16.102 07/14/09 Sev=Info/4 CM/0x63100015

Launch xAuth application

 

1016 18:03:16.321 07/14/09 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

 

1017 18:03:16.321 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

 

1018 18:03:23.851 07/14/09 Sev=Info/4 CM/0x63100017

xAuth application returned

 

1019 18:03:23.851 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to х.х.х.х

 

1020 18:03:23.882 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

 

1021 18:03:23.882 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from х.х.х.х

 

1022 18:03:23.882 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to х.х.х.х

 

1023 18:03:23.882 07/14/09 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

 

1024 18:03:23.882 07/14/09 Sev=Info/5 IKE/0x6300005E

Client sending a firewall request to concentrator

 

1025 18:03:23.882 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to х.х.х.х

 

1026 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

 

1027 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from х.х.х.х

 

1028 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.252

 

1029 18:03:23.914 07/14/09 Sev=Info/5 IKE/0xA3000017

MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-4) is not supported

 

1030 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

 

1031 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000003

 

1032 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #1

subnet = у.у.у.у

mask = 255.255.255.252

protocol = 0

src port = 0

dest port=0

 

1033 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #2

subnet = у.у.у.у

mask = 255.255.255.252

protocol = 0

src port = 0

dest port=0

 

1034 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #3

subnet = у.у.у.у

mask = 255.255.255.255

protocol = 0

src port = 0

dest port=0

 

1035 18:03:23.914 07/14/09 Sev=Info/5 IKE/0xA3000015

MODE_CFG_REPLY: Received MODECFG_UNITY_SPLITDNS_NAME attribute with no data

 

1036 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(9)T7, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright © 1986-2008 by Cisco Systems, Inc.

Compiled Thu 10-Jan-08 16:35 by prod_rel_team

 

1037 18:03:23.914 07/14/09 Sev=Warning/2 IKE/0xE3000023

No private IP address was assigned by the peer

 

1038 18:03:23.914 07/14/09 Sev=Warning/2 IKE/0xE300009B

Failed to process ModeCfg Reply (NavigatorTM:175)

 

1039 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=25753BCFF5951277 R_Cookie=F3D65B1BF4CC9DED) reason = DEL_REASON_IKE_NEG_FAILED

 

1040 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to х.х.х.х

 

1041 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

 

1042 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000058

Received an ISAKMP message for a non-active SA, I_Cookie=25753BCFF5951277 R_Cookie=F3D65B1BF4CC9DED

 

1043 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(Dropped) from х.х.х.х

 

1044 18:03:27.304 07/14/09 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=25753BCFF5951277 R_Cookie=F3D65B1BF4CC9DED) reason = DEL_REASON_IKE_NEG_FAILED

 

1045 18:03:27.304 07/14/09 Sev=Info/4 CM/0x6310000F

Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

 

1046 18:03:27.320 07/14/09 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

 

1047 18:03:28.320 07/14/09 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

 

1048 18:03:28.320 07/14/09 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

 

1049 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

 

1050 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

 

1051 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

 

1052 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

 

1053 18:23:18.096 07/14/09 Sev=Warning/3 GUI/0xE3B00003

GI EnumPPP callback timed out.

В чем фмшка?
Edited by adminkg

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.