Prezonautis Δημοσ. 27 Νοεμβρίου 2012 Δημοσ. 27 Νοεμβρίου 2012 Εχω ενα προβλημα εδω και μια εβδομαδα δεν μπορω να στεισω εναν vpn server Αυτο ειναι το conf και το debug ευχαριστω > Building configuration... Current configuration : 4279 bytes ! version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname VPNSERVER ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings enable secret 5 ********************** ! aaa new-model ! ! aaa authentication login ciscocp_vpn_xauth_ml_1 local aaa authorization network ciscocp_vpn_group_ml_1 local ! ! ! ! ! aaa session-id common ! memory-size iomem 20 clock timezone PCTime 2 0 clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-2821696920 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2821696920 revocation-check none rsakeypair TP-self-signed-2821696920 ! ! crypto pki certificate chain TP-self-signed-2821696920 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32383231 36393639 3230301E 170D3132 31313236 31373434 34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38323136 39363932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A98B AF09EF5A 252A6E54 076A752D D6143A44 DBF46A2B 1D62264D 5CEF3278 A9713632 C0234AD0 3A2D830F 1B18F22A 98053730 D555B630 13A03403 4CA57B31 58EBF976 7DA0FF06 845BC66F 391D4FEA 40B916E8 D8977825 E5C2AD7E EFD30AEA BC73B62A 32CCD14B F4998E64 50D1AEAB FC3D8853 0C46EED0 C1F0F992 F43C6D23 BCD10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 146385CB BD423AF5 D81211C9 9D3F73EB A04DDC0B C9301D06 03551D0E 04160414 6385CBBD 423AF5D8 1211C99D 3F73EBA0 4DDC0BC9 300D0609 2A864886 F70D0101 05050003 818100A8 55B5D969 14BA5590 85A3EBDA BC07C5BF F37BC48E 200E73B6 2977DD4F 94533D26 49D7970A 5C93EE92 032AE300 0F167D2E A45BB711 34C8D097 78D0C0F9 11169BDB 6F8870DD 66690871 54DC2933 D127AF1C 977B1DB6 7D7222EE 5293080A DDBDD756 31687A6D 88DD044E 92A84859 BDE16369 9716C71C BEBF1D30 75F01B54 2D6842 quit dot11 syslog ip source-route ! ! ! ! ! ip cef ip name-server 192.168.3.1 no ipv6 cef ! multilink bundle-name authenticated ! ! ! license udi pid CISCO1841 sn ******** username ******* privilege 15 password 7 ************** ! redundancy ! ! ! crypto ctcp port 10000 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group EXGR key ******* pool SDM_POOL_1 save-password include-local-lan max-users 2 netmask 255.255.255.0 crypto isakmp profile ciscocp-ike-profile-1 match identity group EXGR client authentication list ciscocp_vpn_xauth_ml_1 isakmp authorization list ciscocp_vpn_group_ml_1 client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set EXENC esp-aes 256 esp-md5-hmac ! crypto ipsec profile CiscoCP_Profile1 set transform-set EXENC set isakmp-profile ciscocp-ike-profile-1 ! ! ! ! ! ! interface FastEthernet0/0 description $ETH-WAN$$FW_OUTSIDE$ ip address 192.168.3.252 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet0/1 description $ETH-LAN$$FW_INSIDE$ ip address 10.10.10.252 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! interface ATM0/1/0 no ip address shutdown no atm ilmi-keepalive ! interface Virtual-Template1 type tunnel description $FW_INSIDE$ ip unnumbered FastEthernet0/1 tunnel mode ipsec ipv4 tunnel protection ipsec profile CiscoCP_Profile1 ! ip local pool SDM_POOL_1 10.10.10.60 10.10.10.65 ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ! ip route 0.0.0.0 0.0.0.0 192.168.3.1 ! logging esm config ! ! ! ! ! ! ! ! control-plane ! ! banner login ^CWellcome!!!^C ! line con 0 line aux 0 line vty 0 4 privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ntp update-calendar ntp server 1.gr.pool.ntp.org source FastEthernet0/0 end > Nov 27 09:49:57.627: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at ααα.βββ.γγγ.δδδ > Nov 27 09:53:24.945: ISAKMP:(0):Hash algorithm offered does not match policy! Nov 27 09:53:24.945: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:53:24.945: ISAKMP:(0):Checking ISAKMP transform 12 against priority 2 policy Nov 27 09:53:24.945: ISAKMP: encryption 3DES-CBC Nov 27 09:53:24.945: ISAKMP: hash MD5 Nov 27 09:53:24.945: ISAKMP: default group 2 Nov 27 09:53:24.945: ISAKMP: auth pre-share Nov 27 09:53:24.945: ISAKMP: life type in seconds Nov 27 09:53:24.945: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Nov 27 09:53:24.945: ISAKMP:(0):Preshared authentication offered but does not match policy! Nov 27 09:53:24.945: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:53:24.945: ISAKMP:(0):Checking ISAKMP transform 13 against priority 2 policy Nov 27 09:53:24.945: ISAKMP: encryption DES-CBC Nov 27 09:53:24.945: ISAKMP: hash MD5 Nov 27 09:53:24.945: ISAKMP: default group 2 Nov 27 09:53:24.945: ISAKMP: auth XAUTHInitPreShared Nov 27 09:53:24.945: ISAKMP: life type in seconds Nov 27 09:53:24.945: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Nov 27 09:53:24.945: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:53:24.945: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:53:24.949: ISAKMP:(0):Checking ISAKMP transform 14 against priority 2 policy Nov 27 09:53:24.949: ISAKMP: encryption DES-CBC Nov 27 09:53:24.949: ISAKMP: hash MD5 Nov 27 09:53:24.949: ISAKMP: default group 2 Nov 27 09:53:24.949: ISAKMP: auth pre-share Nov 27 09:53:24.949: ISAKMP: life type in seconds Nov 27 09:53:24.949: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Nov 27 09:53:24.949: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:53:24.949: ISAKMP:(0):atts are not acceptable. Next payload is 0 Nov 27 09:53:24.949: ISAKMP:(0):no offers accepted! Nov 27 09:53:24.949: ISAKMP:(0): phase 1 SA policy not acceptable! (local 192.168.3.252 remote 176.92.22.xxx) Nov 27 09:53:24.949: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init Nov 27 09:53:24.949: ISAKMP:(0): Failed to construct AG informational message. Nov 27 09:53:24.949: ISAKMP:(0): sending packet to 176.92.22.xxx my_port 500 peer_port 1024 (R) AG_NO_STATE Nov 27 09:53:24.949: ISAKMP:(0):Sending an IKE IPv4 Packet. Nov 27 09:53:24.949: ISAKMP:(0):peer does not do paranoid keepalives. Nov 27 09:53:24.949: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 176.92.22.xxx) Nov 27 09:53:24.949: ISAKMP:(0): processing KE payload. message ID = 0 Nov 27 09:53:24.949: ISAKMP:(0): group size changed! Should be 0, is 128 Nov 27 09:53:24.949: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission Nov 27 09:53:24.949: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY Nov 27 09:53:24.949: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH Nov 27 09:53:24.949: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY Nov 27 09:53:24.949: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 176.92.22.xxx Nov 27 09:53:24.953: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 176.92.22.xxx) Nov 27 09:53:24.953: ISAKMP: Unlocking peer struct 0x68C5A8E4 for isadb_mark_sa_deleted(), count 0 Nov 27 09:53:24.953: ISAKMP: Deleting peer node by peer_reap for 176.92.22.xxx: 68C5A8E4 Nov 27 09:53:24.953: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL Nov 27 09:53:24.953: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA Nov 27 09:53:29.956: ISAKMP (0): received packet from 176.92.22.xxx dport 500 sport 1024 Global (R) MM_NO_STATE Nov 27 09:53:35.032: ISAKMP (0): received packet from 176.92.22.xxx dport 500 sport 1024 Global (R) MM_NO_STATE Nov 27 09:53:40.096: ISAKMP (0): received packet from 176.92.22.xxx dport 500 sport 1024 Global (R) MM_NO_STATE > Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.953: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.953: ISAKMP:(0):Hash algorithm offered does not match policy! Nov 27 09:56:55.953: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.957: ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy! Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.957: ISAKMP:(0):Hash algorithm offered does not match policy! Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.957: ISAKMP:(0):Preshared authentication offered but does not match policy! Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.957: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 3 Nov 27 09:56:55.957: ISAKMP:(0):Encryption algorithm offered does not match policy! Nov 27 09:56:55.957: ISAKMP:(0):atts are not acceptable. Next payload is 0 Nov 27 09:56:55.957: ISAKMP:(0):no offers accepted! Nov 27 09:56:55.957: ISAKMP:(0): phase 1 SA policy not acceptable! (local 192.168.3.252 remote 46.103.149.xxx) Nov 27 09:56:55.957: ISAKMP:(0): Failed to construct AG informational message. Nov 27 09:56:55.957: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 46.103.149.xxx) Nov 27 09:56:55.957: ISAKMP:(0): group size changed! Should be 0, is 128 Nov 27 09:56:55.957: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY Nov 27 09:56:55.957: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 46.103.149.xxx Nov 27 09:56:55.961: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 46.103.149.xxx)
Prezonautis Δημοσ. 2 Δεκεμβρίου 2012 Μέλος Δημοσ. 2 Δεκεμβρίου 2012 Τελικα δουλευει σωστα!! αυτο το conf με cisco client ΑΠΛΑ εκει που λεει group βαζουμε το ονομα του group > crypto isakmp client configuration group EXGR και εκει που λεει password βαζουμε το key > crypto isakmp client configuration group EXGR key ******* 1
poulinos Δημοσ. 2 Δεκεμβρίου 2012 Δημοσ. 2 Δεκεμβρίου 2012 απλα καλο θα ειναι next time να το ανοιξεις το θεμα στα δικτυα(ημουν ετοιμος να στο μεταφερω εκει αλλα τελικα το ελυσες διοτι εκει ειναι η σωστη κατηγορια αρα και μεγαλυτερες πιθανοτητες να απαντησει καποιος παρα εδω.
Rabican Δημοσ. 2 Δεκεμβρίου 2012 Δημοσ. 2 Δεκεμβρίου 2012 λολ εγω δεν το ειχα δει καν! και θα ειχα απαντησει!
poulinos Δημοσ. 2 Δεκεμβρίου 2012 Δημοσ. 2 Δεκεμβρίου 2012 και εγω αργησα να το μεταφερω.γιατι ξερω οτι καποια ατομα βλεπουν τα δικτυακαι οχι τα adsl routers οποτε....
Προτεινόμενες αναρτήσεις
Δημιουργήστε ένα λογαριασμό ή συνδεθείτε για να σχολιάσετε
Πρέπει να είστε μέλος για να αφήσετε σχόλιο
Δημιουργία λογαριασμού
Εγγραφείτε με νέο λογαριασμό στην κοινότητα μας. Είναι πανεύκολο!
Δημιουργία νέου λογαριασμούΣύνδεση
Έχετε ήδη λογαριασμό; Συνδεθείτε εδώ.
Συνδεθείτε τώρα