1. Home
  2. Cisco Systems
  3. VPN problem

VPN problem

When I try to VPN into my network I am getting debug messages on my PIX:

pixfirewall# pixfirewall# IPSEC(validate_proposal): invalid local address

191.196.37.5 IPSEC(validate_proposal): invalid local address 191.191.37.5 IPSEC(validate_proposal): invalid local address 191.191.37.5 IPSEC(validate_proposal): invalid local address 191.191.37.5

The address is correct in that users on the iunside can browse out from that interface and I can PING it from the outside. ( I have changed the addresses for this posting...)

I also get this debug:

debug crypto isakmp crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:13 dpt:500 OAK_AG exchange ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy ISAKMP: encryption AES-CBC ISAKMP: hash SHA ISAKMP: default group 2 ISAKMP: extended auth pre-share (init) ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b ISAKMP: keylength of 256 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy ISAKMP: encryption AES-CBC ISAKMP: hash MD5 ISAKMP: default group 2 ISAKMP: extended auth pre-share (init) ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b ISAKMP: keylength of 256 ISAKMP (0): atts are not acceptable. Next payload is 3

************************************************* Any ideas? TIA, Ned
Reply to
Ned
Loading thread data ...

I also get this debug output:

crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP: phase 2 packet is a duplicate of a previous packet ISAKMP: resending last response crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP (0): processing NOTIFY payload 11 protocol 1 spi 0, message ID = 2387466550IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with

191.191.37.35

return status is IKMP_NO_ERR_NO_TRANS crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP: phase 2 packet is a duplicate of a previous packet ISAKMP: resending last response crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP (0): processing NOTIFY payload 11 protocol 1 spi 0, message ID = 1206514397IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with

191.191.37.35

return status is IKMP_NO_ERR_NO_TRANS crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP (0): processing DELETE payload. message ID = 1118155919, spi size = 4IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

VPN Peer: ISAKMP: Peer ip:191.191.37.35/1027 Ref cnt decremented to:0 Total VPN Peers:1 VPN Peer: ISAKMP: Deleted peer: ip:191.191.37.35/1027 Total VPN peers:0IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 191.191.37.5

Reply to
Ned

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.