Cisco VPN Client

adminkg · July 16, 2009

Юзаем Cisco VPN Client.

Стоит тачка с дебиан и с vpnc, на ней поднято 1 езернет подключение, и там же прокинут вилан (тэгированый).

Через езернет нормально поднимается туннель и т.д.

Как только пытаюсь прописать маршрут до хоста (с которым необходимо поднять туннель) через вилан тут начинается самое интересное, vpnc (при попытке подключения) начинает выдавать сабж:

# /usr/sbin/vpnc: configuration response rejected: ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED(13)

На винде тоже не хочет цепляться.

Выдает сабж:

Cisco Systems VPN Client Version 5.0.05.0290
Copyright © 1998-2009 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.2.3790 Service Pack 1

992 18:03:15.977 07/14/09 Sev=Info/4 CM/0x63100002

Begin connection process

993 18:03:16.008 07/14/09 Sev=Info/4 CM/0x63100004

Establish secure connection

994 18:03:16.008 07/14/09 Sev=Info/4 CM/0x63100024

Attempt connection with server "х.х.х.х"

995 18:03:16.102 07/14/09 Sev=Info/6 GUI/0x63B00012

Authentication request attributes is 6h.

996 18:03:16.008 07/14/09 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with х.х.х.х.

997 18:03:16.024 07/14/09 Sev=Info/4 IKE/0x63000001

Starting IKE Phase 1 Negotiation

998 18:03:16.039 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to х.х.х.х

999 18:03:16.055 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

1000 18:03:16.055 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), KE, ID, NON, HASH) from х.х.х.х

1001 18:03:16.055 07/14/09 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

1002 18:03:16.071 07/14/09 Sev=Info/5 IKE/0x63000001

Peer supports DPD

1003 18:03:16.071 07/14/09 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text

1004 18:03:16.071 07/14/09 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

1005 18:03:16.086 07/14/09 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful

1006 18:03:16.086 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to х.х.х.х

1007 18:03:16.086 07/14/09 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x07AA, Remote Port = 0x01F4

1008 18:03:16.086 07/14/09 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

1009 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

1010 18:03:16.102 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from х.х.х.х

1011 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds

1012 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x63000047

This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now

1013 18:03:16.102 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

1014 18:03:16.102 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from х.х.х.х

1015 18:03:16.102 07/14/09 Sev=Info/4 CM/0x63100015

Launch xAuth application

1016 18:03:16.321 07/14/09 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

1017 18:03:16.321 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

1018 18:03:23.851 07/14/09 Sev=Info/4 CM/0x63100017

xAuth application returned

1019 18:03:23.851 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to х.х.х.х

1020 18:03:23.882 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

1021 18:03:23.882 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from х.х.х.х

1022 18:03:23.882 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to х.х.х.х

1023 18:03:23.882 07/14/09 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

1024 18:03:23.882 07/14/09 Sev=Info/5 IKE/0x6300005E

Client sending a firewall request to concentrator

1025 18:03:23.882 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to х.х.х.х

1026 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

1027 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from х.х.х.х

1028 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.252

1029 18:03:23.914 07/14/09 Sev=Info/5 IKE/0xA3000017

MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-4) is not supported

1030 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

1031 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000003

1032 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #1

subnet = у.у.у.у

mask = 255.255.255.252

protocol = 0

src port = 0

dest port=0

1033 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #2

subnet = у.у.у.у

mask = 255.255.255.252

protocol = 0

src port = 0

dest port=0

1034 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #3

subnet = у.у.у.у

mask = 255.255.255.255

protocol = 0

src port = 0

dest port=0

1035 18:03:23.914 07/14/09 Sev=Info/5 IKE/0xA3000015

MODE_CFG_REPLY: Received MODECFG_UNITY_SPLITDNS_NAME attribute with no data

1036 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(9)T7, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright © 1986-2008 by Cisco Systems, Inc.

Compiled Thu 10-Jan-08 16:35 by prod_rel_team

1037 18:03:23.914 07/14/09 Sev=Warning/2 IKE/0xE3000023

No private IP address was assigned by the peer

1038 18:03:23.914 07/14/09 Sev=Warning/2 IKE/0xE300009B

Failed to process ModeCfg Reply (NavigatorTM:175)

1039 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=25753BCFF5951277 R_Cookie=F3D65B1BF4CC9DED) reason = DEL_REASON_IKE_NEG_FAILED

1040 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to х.х.х.х

1041 18:03:23.914 07/14/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = х.х.х.х

1042 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000058

Received an ISAKMP message for a non-active SA, I_Cookie=25753BCFF5951277 R_Cookie=F3D65B1BF4CC9DED

1043 18:03:23.914 07/14/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(Dropped) from х.х.х.х

1044 18:03:27.304 07/14/09 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=25753BCFF5951277 R_Cookie=F3D65B1BF4CC9DED) reason = DEL_REASON_IKE_NEG_FAILED

1045 18:03:27.304 07/14/09 Sev=Info/4 CM/0x6310000F

Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

1046 18:03:27.320 07/14/09 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

1047 18:03:28.320 07/14/09 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

1048 18:03:28.320 07/14/09 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

1049 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

1050 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

1051 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

1052 18:03:28.335 07/14/09 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

1053 18:23:18.096 07/14/09 Sev=Warning/3 GUI/0xE3B00003

GI EnumPPP callback timed out.

В чем фмшка? Edited July 16, 2009 by adminkg

Sign In

Cisco VPN Client

Recommended Posts

adminkg

Join the conversation