Εμφάνιση 1-3 από 3
  1. 27-11-12, 12:58 Cisco Vpn Server 1841 #1
    Το avatar του μέλους ELTAINER
    ELTAINER
    Το μέλος ELTAINER δεν είναι συνδεδεμένο Banned
    Εγγραφή
    27-11-2012
    Μηνύματα
    1
    Downloads
    0
    Uploads
    0
    ISP
    Cyta Hellas
    Εχω ενα προβλημα εδω και μια εβδομαδα δεν μπορω να στεισω εναν vpn server
    Αυτο ειναι το conf και το debug
    ευχαριστω

    Κώδικας:
    Building configuration...

Current configuration : 4279 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VPNSERVER
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 **********************
!
aaa new-model
!
!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_1 local 
!
!
!
!
!
aaa session-id common
!
memory-size iomem 20
clock timezone PCTime 2 0
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2821696920
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2821696920
 revocation-check none
 rsakeypair TP-self-signed-2821696920
!
!
crypto pki certificate chain TP-self-signed-2821696920
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32383231 36393639 3230301E 170D3132 31313236 31373434 
  34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38323136 
  39363932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100A98B AF09EF5A 252A6E54 076A752D D6143A44 DBF46A2B 1D62264D 5CEF3278 
  A9713632 C0234AD0 3A2D830F 1B18F22A 98053730 D555B630 13A03403 4CA57B31 
  58EBF976 7DA0FF06 845BC66F 391D4FEA 40B916E8 D8977825 E5C2AD7E EFD30AEA 
  BC73B62A 32CCD14B F4998E64 50D1AEAB FC3D8853 0C46EED0 C1F0F992 F43C6D23 
  BCD10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 146385CB BD423AF5 D81211C9 9D3F73EB A04DDC0B C9301D06 
  03551D0E 04160414 6385CBBD 423AF5D8 1211C99D 3F73EBA0 4DDC0BC9 300D0609 
  2A864886 F70D0101 05050003 818100A8 55B5D969 14BA5590 85A3EBDA BC07C5BF 
  F37BC48E 200E73B6 2977DD4F 94533D26 49D7970A 5C93EE92 032AE300 0F167D2E 
  A45BB711 34C8D097 78D0C0F9 11169BDB 6F8870DD 66690871 54DC2933 D127AF1C 
  977B1DB6 7D7222EE 5293080A DDBDD756 31687A6D 88DD044E 92A84859 BDE16369 
  9716C71C BEBF1D30 75F01B54 2D6842
  	quit
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip name-server 192.168.3.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1841 sn ********
username ******* privilege 15 password 7 **************
!
redundancy
!
!
! 
crypto ctcp port 10000 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group EXGR
 key *******
 pool SDM_POOL_1
 save-password
 include-local-lan
 max-users 2
 netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
   match identity group EXGR
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set EXENC esp-aes 256 esp-md5-hmac 
!
crypto ipsec profile CiscoCP_Profile1
 set transform-set EXENC 
 set isakmp-profile ciscocp-ike-profile-1
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-WAN$$FW_OUTSIDE$
 ip address 192.168.3.252 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ETH-LAN$$FW_INSIDE$
 ip address 10.10.10.252 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface ATM0/1/0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Virtual-Template1 type tunnel
 description $FW_INSIDE$
 ip unnumbered FastEthernet0/1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
ip local pool SDM_POOL_1 10.10.10.60 10.10.10.65
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.3.1
!
logging esm config
!
!
!
!
!
!
!
!
control-plane
!
!
banner login ^CWellcome!!!^C
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 1.gr.pool.ntp.org source FastEthernet0/0
end
    Κώδικας:
    Nov 27 09:49:57.627: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at ααα.βββ.γγγ.δδδ
    Κώδικας:
    Nov 27 09:53:24.945: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 27 09:53:24.945: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:53:24.945: ISAKMP:(0):Checking ISAKMP transform 12 against priority 2 policy
Nov 27 09:53:24.945: ISAKMP:      encryption 3DES-CBC
Nov 27 09:53:24.945: ISAKMP:      hash MD5
Nov 27 09:53:24.945: ISAKMP:      default group 2
Nov 27 09:53:24.945: ISAKMP:      auth pre-share
Nov 27 09:53:24.945: ISAKMP:      life type in seconds
Nov 27 09:53:24.945: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
Nov 27 09:53:24.945: ISAKMP:(0):Preshared authentication offered but does not match policy!
Nov 27 09:53:24.945: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:53:24.945: ISAKMP:(0):Checking ISAKMP transform 13 against priority 2 policy
Nov 27 09:53:24.945: ISAKMP:      encryption DES-CBC
Nov 27 09:53:24.945: ISAKMP:      hash MD5
Nov 27 09:53:24.945: ISAKMP:      default group 2
Nov 27 09:53:24.945: ISAKMP:      auth XAUTHInitPreShared
Nov 27 09:53:24.945: ISAKMP:      life type in seconds
Nov 27 09:53:24.945: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
Nov 27 09:53:24.945: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:53:24.945: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:53:24.949: ISAKMP:(0):Checking ISAKMP transform 14 against priority 2 policy
Nov 27 09:53:24.949: ISAKMP:      encryption DES-CBC
Nov 27 09:53:24.949: ISAKMP:      hash MD5
Nov 27 09:53:24.949: ISAKMP:      default group 2
Nov 27 09:53:24.949: ISAKMP:      auth pre-share
Nov 27 09:53:24.949: ISAKMP:      life type in seconds
Nov 27 09:53:24.949: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
Nov 27 09:53:24.949: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:53:24.949: ISAKMP:(0):atts are not acceptable. Next payload is 0
Nov 27 09:53:24.949: ISAKMP:(0):no offers accepted!
Nov 27 09:53:24.949: ISAKMP:(0): phase 1 SA policy not acceptable! (local 192.168.3.252 remote 176.92.22.xxx)
Nov 27 09:53:24.949: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
Nov 27 09:53:24.949: ISAKMP:(0): Failed to construct AG informational message.
Nov 27 09:53:24.949: ISAKMP:(0): sending packet to 176.92.22.xxx my_port 500 peer_port 1024 (R) AG_NO_STATE
Nov 27 09:53:24.949: ISAKMP:(0):Sending an IKE IPv4 Packet.
Nov 27 09:53:24.949: ISAKMP:(0):peer does not do paranoid keepalives.

Nov 27 09:53:24.949: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 176.92.22.xxx)
Nov 27 09:53:24.949: ISAKMP:(0): processing KE payload. message ID = 0
Nov 27 09:53:24.949: ISAKMP:(0): group size changed! Should be 0, is 128
Nov 27 09:53:24.949: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission
Nov 27 09:53:24.949: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH:  state = IKE_READY
Nov 27 09:53:24.949: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
Nov 27 09:53:24.949: ISAKMP:(0):Old State = IKE_READY  New State = IKE_READY

Nov 27 09:53:24.949: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 176.92.22.xxx
Nov 27 09:53:24.953: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 176.92.22.xxx)
Nov 27 09:53:24.953: ISAKMP: Unlocking peer struct 0x68C5A8E4 for isadb_mark_sa_deleted(), count 0
Nov 27 09:53:24.953: ISAKMP: Deleting peer node by peer_reap for 176.92.22.xxx: 68C5A8E4
Nov 27 09:53:24.953: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Nov 27 09:53:24.953: ISAKMP:(0):Old State = IKE_READY  New State = IKE_DEST_SA

Nov 27 09:53:29.956: ISAKMP (0): received packet from 176.92.22.xxx dport 500 sport 1024 Global (R) MM_NO_STATE
Nov 27 09:53:35.032: ISAKMP (0): received packet from 176.92.22.xxx dport 500 sport 1024 Global (R) MM_NO_STATE
Nov 27 09:53:40.096: ISAKMP (0): received packet from 176.92.22.xxx dport 500 sport 1024 Global (R) MM_NO_STATE
    Κώδικας:
    Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.953: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.957: ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy!
Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.957: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.957: ISAKMP:(0):Preshared authentication offered but does not match policy!
Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.957: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 27 09:56:55.957: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 0
Nov 27 09:56:55.957: ISAKMP:(0):no offers accepted!
Nov 27 09:56:55.957: ISAKMP:(0): phase 1 SA policy not acceptable! (local 192.168.3.252 remote 46.103.149.xxx)
Nov 27 09:56:55.957: ISAKMP:(0): Failed to construct AG informational message.
Nov 27 09:56:55.957: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 46.103.149.xxx)
Nov 27 09:56:55.957: ISAKMP:(0): group size changed! Should be 0, is 128
Nov 27 09:56:55.957: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH:  state = IKE_READY
Nov 27 09:56:55.957: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 46.103.149.xxx
Nov 27 09:56:55.961: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 46.103.149.xxx)
    Παράθεση Παράθεση
  2. 30-11-12, 00:28 Απάντηση: Cisco Vpn Server 1841 #2
    Το avatar του μέλους bios175
    bios175
    Το μέλος bios175 δεν είναι συνδεδεμένο Junior Member
    Εγγραφή
    10-08-2007
    Περιοχή
    ΑΜΠΕΛΟΚΗΠΟΙ ΘΕΣΣΑΛΟΝΙΚΗ
    Ηλικία
    43
    Μηνύματα
    96
    Downloads
    8
    Uploads
    0
    Ταχύτητα
    12288/1024
    ISP
    Forthnet
    Router
    Cisco 1841
    Μηπως αυτο
    crypto ipsec transform-set EXENC esp-aes 256 esp-md5-hmac

    πρεπει να γίνει

    crypto ipsec tranform-set EXENC esp-3des esp-sha-hmac

    Αν δεν παίξει βγάλε και το hash md5 απο το policy 2
    Τελευταία επεξεργασία από το μέλος bios175 : 30-11-12 στις 00:47.
    Παράθεση Παράθεση
  3. 07-12-12, 13:24 Απάντηση: Cisco Vpn Server 1841 #3
    Το avatar του μέλους theogeo
    theogeo
    Το μέλος theogeo δεν είναι συνδεδεμένο Newbie Member
    Εγγραφή
    15-07-2011
    Περιοχή
    Κόρινθος
    Ηλικία
    37
    Μηνύματα
    13
    Downloads
    4
    Uploads
    0
    Τύπος
    ADSL
    Ταχύτητα
    2048/512
    DSLAM
    ΟΤΕ - ΚΟΡΙΝΘΟΣ
    Router
    Comtrend-CT5611T
    SNR / Attn
    28(dB) / 40(dB)
    Nov 27 09:49:57.627: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at ααα.βββ.γγγ.δδδ
    Κοίταξε τις πολιτικές σου (policy 1 & 2) το aggressive mode δηλώνει πρόβλημα στην πρώτη φάση του ΙΚΕ
    Παράθεση Παράθεση
« Προηγούμενο Θέμα | Επόμενο Θέμα »

Παρόμοια Θέματα

  1. Cisco 1841 Easy VPN Server
    Από Prezonautis στο φόρουμ Cisco ADSL modems και routers
    Μηνύματα: 14
    Τελευταίο Μήνυμα: 01-05-11, 23:30
  2. Cisco VPN Server - VPN Client
    Από SavFil στο φόρουμ Cisco ADSL modems και routers
    Μηνύματα: 1
    Τελευταίο Μήνυμα: 03-03-11, 02:19
  3. CISCO 876 Easy VPN Server & VPN REMOTE
    Από tsalin στο φόρουμ Cisco ADSL modems και routers
    Μηνύματα: 7
    Τελευταίο Μήνυμα: 25-01-11, 21:09
  4. cisco 876 vpn server δεν βλέπω shares kαι sql server
    Από skepsis στο φόρουμ Cisco ADSL modems και routers
    Μηνύματα: 5
    Τελευταίο Μήνυμα: 11-07-09, 19:39
  5. Cisco Easy VPN Server & Easy VPN Remote
    Από georgakis στο φόρουμ Cisco ADSL modems και routers
    Μηνύματα: 3
    Τελευταίο Μήνυμα: 06-06-08, 09:10

Tags για αυτό το Θέμα

Bookmarks

Bookmarks

Δικαιώματα - Επιλογές

  • Δεν μπορείτε να δημοσιεύσετε νέα θέματα
  • Δεν μπορείτε να δημοσιεύσετε νέα μηνύματα
  • Δεν μπορείτε να αναρτήσετε συνημμένα
  • Δεν μπορείτε να επεξεργαστείτε τα μηνύματα σας
  •  
  • Τα BB code είναι σε λειτουργία
  • Τα Smilies είναι σε λειτουργία
  • Το [IMG] είναι σε λειτουργία
  • Το [VIDEO] είναι σε λειτουργία
  • Το HTML είναι εκτός λειτουργίας

Κανόνες του Forum