473,471 Members | 1,696 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

ipsec vpn connectivity issue

1 New Member
I having problem connecting Solaris 10 to Cisco PIX through IPsec.

Dump from IKE

Expand|Select|Wrap|Line Numbers
  1. # /usr/lib/inet/in.iked -f /etc/inet/ike/config -d
  2. Jan 16 00:40:57: 2012 (+0800) *** in.iked started ***
  3. Jan 16 00:40:57: Loading configuration...
  4. Jan 16 00:40:57: Checking lifetimes in "nullrule"
  5. Jan 16 00:40:57: Using default value for p2 lifetime: 28800 seconds.
  6. Jan 16 00:40:57: p2 softlife too small.
  7. Jan 16 00:40:57: Using default value for p2 soft lifetime: 25920 seconds.
  8. Jan 16 00:40:57: Using default value for p2 idle lifetime: 14400 seconds.
  9. Jan 16 00:40:57: Using default value for p2 byte lifetime: 134217728 kb
  10. Jan 16 00:40:57: Using default value for p2 soft byte lifetime: 120795955 kb
  11. Jan 16 00:40:57: Checking lifetimes in "myvpn"
  12. Jan 16 00:40:57: Adding rule "myvpn" to IKE configuration;
  13. Jan 16 00:40:57:   mode 256 (any), cookie 6, slot 0; total rules 1
  14. Jan 16 00:40:57: Configuration update succeeded! Updating active databases.
  15. Jan 16 00:40:57: Configuration ok.
  16. Jan 16 00:40:57: Loading preshared keys...
  17. Jan 16 00:40:57: Unique instance of in.iked started.
  18. Jan 16 00:40:57: Adding certificates...
  19. Jan 16 00:40:57: 0 certificates successfully added
  20. Jan 16 00:40:57: Adding private keys...
  21. Jan 16 00:40:57: 0 private keys successfully added.
  22. Jan 16 00:40:57: Skipping lo0 address 127.0.0.1
  23. Jan 16 00:40:57: Adding bnx0 address xxx.xxx.44.239 to in.iked service list...
  24. Jan 16 00:40:57:   Adding entry #1; IP address = xxx.xxx.44.239, interface = bnx0.
  25. Jan 16 00:40:57:   Now 1 addresses being serviced.
  26. Jan 16 00:40:57: Adding bnx0:1 address xxx.xxx.44.245 to in.iked service list...
  27. Jan 16 00:40:57:   Adding entry #2; IP address = xxx.xxx.44.245, interface = bnx0:1.
  28. Jan 16 00:40:57:   Now 2 addresses being serviced.
  29. Jan 16 00:40:57: Adding bnx0:2 address 10.1.1.239 to in.iked service list...
  30. Jan 16 00:40:57:   Adding entry #3; IP address = 10.1.1.239, interface = bnx0:2.
  31. Jan 16 00:40:57:   Now 3 addresses being serviced.
  32. Jan 16 00:40:57: Adding ip.tun0 address xxx.xxx.44.245 to in.iked service list...
  33. Jan 16 00:40:57:   Address already exists: now 2 users
  34. Jan 16 00:40:57: Initializing PF_KEY socket...
  35. Jan 16 00:40:57: ESP initial REGISTER with SADB...
  36. Jan 16 00:40:57: Handling SADB register message from kernel...
  37. Jan 16 00:40:57: AH initial REGISTER with SADB...
  38. Jan 16 00:40:57: Handling SADB register message from kernel...
  39.  
  40.  
  41. Jan 16 00:41:16: Handling data on PF_KEY socket:
  42.                                          SADB msg: message type 6 (ACQUIRE), SA type 0 (UNSPEC),
  43.                                          pid 0, sequence number 4294963042,
  44.                                          error code 0 (Error 0), diag code 0 (No diagnostic), length 25
  45. Jan 16 00:41:16: Inner addresses present,
  46. Jan 16 00:41:16: Doing ACQUIRE....
  47. Jan 16 00:41:16: Trying to get Phase 1 (by itself)...
  48. Jan 16 00:41:16: Looking for an existing Phase 1 SA...
  49. Jan 16 00:41:16:   Searching rulebase for src = xxx.xxx.44.239[0]
  50. Jan 16 00:41:16:                          dst = xxx.xxx.11.24[0]
  51. Jan 16 00:41:16:   Examining rule list.
  52. Jan 16 00:41:16:   rule 'myvpn' 0x6;
  53. Jan 16 00:41:16:                          local addr xxx.xxx.44.239[2824];
  54. Jan 16 00:41:16:                          remote addr xxx.xxx.11.24[2824]
  55. Jan 16 00:41:16:    [basic match]
  56. Jan 16 00:41:16:   Selected rule: 'myvpn'
  57.  
  58. Jan 16 00:41:16: Updating p2_lifetime to 28800 seconds.
  59. Jan 16 00:41:16: Checking lifetimes in "myvpn"
  60. Jan 16 00:41:16: Starting Phase 1 negotiation...
  61. Jan 16 00:41:16: Constructing local identity payload...
  62. Jan 16 00:41:16:   Local ID type: ipv4(any:0,[0..3]=xxx.xxx.44.239)
  63. Jan 16 00:41:16: Constructing Phase 1 Transforms:
  64.         Our Proposal:
  65.         Rule: "myvpn" ; transform 0
  66.         auth_method = 1 (Pre-shared)
  67.         hash_alg = 1 (md5)
  68.         encr_alg = 5 (3des-cbc)
  69.         oakley_group = 2
  70. Jan 16 00:41:16: Phase 1 exchange type=2 (IP), 1 transform(s).
  71. Jan 16 00:41:16: Looking for xxx.xxx.44.239[0] in IKE daemon context...
  72. Jan 16 00:41:16: Sending out Vendor IDs, if needed: NAT-T state 0 (INIT)
  73. Jan 16 00:41:16:   New Phase 1 negotiation!
  74. Jan 16 00:41:16:   Waiting for IKE results.
  75. Jan 16 00:41:16: IKE library: Using default remote port for NAT-T, if active.
  76. Jan 16 00:41:16: Determining P1 nonce data length.
  77. Jan 16 00:41:16:   NAT-T state 0 (INIT)
  78. Jan 16 00:41:17: IKE library: Using default remote port for NAT-T, if active.
  79. Jan 16 00:41:17: IKE library: Doing port jump in case we need NAT-T. Current NAT-T state -1
  80. Jan 16 00:41:17: Vendor ID from peer:
  81. Jan 16 00:41:17:   0x09002689dfd6b712
  82. Jan 16 00:41:17:   XAUTH
  83. Jan 16 00:41:17: Vendor ID from peer:
  84. Jan 16 00:41:17:   0xafcad71368a1f1c96b8696fc77570100
  85. Jan 16 00:41:17:   Detecting Dead IKE Peers (RFC 3706)
  86. Jan 16 00:41:17:   Using Dead Peer Detection (RFC 3706)
  87. Jan 16 00:41:17: Vendor ID from peer:
  88. Jan 16 00:41:17:   0x12f5f28c457168a9702d9fe274cc0100
  89. Jan 16 00:41:17:   Cisco-Unity
  90. Jan 16 00:41:17: Vendor ID from peer:
  91. Jan 16 00:41:17:   0x1bbeeea30f37d3ccd73e1cd102c84809
  92. Jan 16 00:41:17:   Could not find VID description
  93. Jan 16 00:41:17: Finding preshared key...
  94. Jan 16 00:41:17: IKE library: Using default remote port for NAT-T, if active.
  95. Jan 16 00:41:17: Finishing P1 negotiation: NAT-T state -1 (NEVER)
  96. Jan 16 00:41:17: Looking for xxx.xxx.44.239[0] in IKE daemon context...
  97. Jan 16 00:41:17: Phase 1 negotiation done.
  98. Jan 16 00:41:17: Getting ready for phase 2 (quick mode).
  99. Jan 16 00:41:17:   Tunnel mode [ACQUIRE]
  100. Jan 16 00:41:17: PF_KEY message contents:
  101. Timestamp: Mon Jan 16 00:41:17 2012
  102. Base message (version 2) type ACQUIRE, SA type <unspecified/all>.
  103. Message length 200 bytes, seq=4294963042, pid=0.
  104. INS: Inner source address (proto=0)
  105. INS: AF_INET: port 0, 0.0.0.0.
  106. IND: Inner destination address (proto=0)
  107. IND: AF_INET: port 0, 0.0.0.0.
  108. SRC: Source address (proto=4)
  109. SRC: AF_INET: port 0, xxx.xxx.44.239.
  110. DST: Destination address (proto=4)
  111. DST: AF_INET: port 0, xxx.xxx.11.24.
  112. EPR: Extended Proposal, replay counter = 32, number of combinations = 1.
  113. EPR:  Extended combination #1:
  114. EPR:  HARD: alloc=0, bytes=0, post-add secs=28800, post-use secs=0
  115. EPR:  SOFT: alloc=0, bytes=0, post-add secs=24000, post-use secs=0
  116. EPR:  Alg #1 for AH Authentication = hmac-md5  minbits=128, maxbits=128.
  117. EPR:  Alg #2 for ESP Encryption = 3des-cbc  minbits=192, maxbits=192.
  118. Jan 16 00:41:17: Allocating SPI for Phase 2.
  119. Jan 16 00:41:17: SADB GETSPI type == "ah"
  120. Jan 16 00:41:17:   local xxx.xxx.44.239[0]
  121. Jan 16 00:41:17:   remote xxx.xxx.11.24[0]
  122. Jan 16 00:41:17: PF_KEY request:
  123.                                          queueing sequence number 5, message type 1 (GETSPI),
  124.                                          SA type 2 (AH)
  125. Jan 16 00:41:17: PF_KEY transmit request:
  126.                                          posting sequence number 5, message type 1 (GETSPI),
  127.                                          SA type 2 (AH)
  128. Jan 16 00:41:17: Handling data on PF_KEY socket:
  129.                                          SADB msg: message type 1 (GETSPI), SA type 2 (AH),
  130.                                          pid 2978, sequence number 5,
  131.                                          error code 0 (Error 0), diag code 0 (No diagnostic), length 10
  132. Jan 16 00:41:17: SADB message reply handler:
  133.                                          got sequence number 5, message type 1 (GETSPI),
  134.                                          SA type 2 (AH)
  135. Jan 16 00:41:17: Allocating SPI for Phase 2.
  136. Jan 16 00:41:17: SADB GETSPI type == "esp"
  137. Jan 16 00:41:17:   local xxx.xxx.44.239[0]
  138. Jan 16 00:41:17:   remote xxx.xxx.11.24[0]
  139. Jan 16 00:41:17: PF_KEY request:
  140.                                          queueing sequence number 6, message type 1 (GETSPI),
  141.                                          SA type 3 (ESP)
  142. Jan 16 00:41:17: PF_KEY transmit request:
  143.                                          posting sequence number 6, message type 1 (GETSPI),
  144.                                          SA type 3 (ESP)
  145. Jan 16 00:41:17: Handling data on PF_KEY socket:
  146.                                          SADB msg: message type 1 (GETSPI), SA type 3 (ESP),
  147.                                          pid 2978, sequence number 6,
  148.                                          error code 0 (Error 0), diag code 0 (No diagnostic), length 10
  149. Jan 16 00:41:17: SADB message reply handler:
  150.                                          got sequence number 6, message type 1 (GETSPI),
  151.                                          SA type 3 (ESP)
  152. Jan 16 00:41:17: Allocating SPI for Phase 2.
  153. Jan 16 00:41:17: Looking for xxx.xxx.44.239[0] in IKE daemon context...
  154. Jan 16 00:41:17: Starting Phase 2 negotiation...
  155. Jan 16 00:41:17: Setting QM nonce data length to 32 bytes.
  156. Jan 16 00:41:17: IKE library: Using default remote port for NAT-T, if active.
  157. Jan 16 00:41:17: IKE error: type 10 (Invalid protocol ID), decrypted 1, received 1
  158. Jan 16 00:41:17: Policy Manager phase 1 info not found! (message type 10 (Invalid protocol ID))
  159. Jan 16 00:41:17: Notifying library that P2 SA is freed.
  160. Jan 16 00:41:17:   Local IP = xxx.xxx.44.239, Remote IP = xxx.xxx.11.24,
Jan 15 '12 #1
0 1651

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Connectivity issue - SQLServer not listening on port 1433/ms-sql-s
by: Akif | last post by:
Hi. I'm a SQL Server novice, so apologies if any of this sounds simple. I am running Windows XP SP2, and have just installed SQLServer 2000. I need another application to connect to SQLServer,...
Microsoft SQL Server
7
Sql Server does not exist or access denied issue again
by: Jenbo | last post by:
I know this has come up frequently but I can't seem to put my finger on the precise problem as it applies to me. I have a workgroup with a 2003 box with Sql server on it. Also, on this, I have an...
Microsoft SQL Server
1
Remote Instance connectivity issue - DB2 8.2.0 on Windows 2000 Server.
by: Patrick Finnegan | last post by:
DB2 8.2.0 on Windows 2000 Server. I had a problem connecting to a remote instance despite the "SVCENAME" parameter and service file entries being set correctly. I eventually noticed that the...
DB2 Database
3
IPSEC from C# without AD ??
by: bb | last post by:
I am trying to find out how to control an IPSEC policy - mainly add a new IP to an existing policy - from C# code. My SQL Server installation is getting pounded by brute force password attack for...
C# / C Sharp
1
IPSec with VB.NET or C#
by: TampaWebDevelopment | last post by:
I use IPSec to create a filter list of IP addresses that I ban from accessing one of my servers. Right now, I use the MMC to manage an existing IP Filter List; adding a new filter to the list each...
Visual Basic .NET
0
connectivity issue
by: Dave44 | last post by:
Hello, Ok, so i have Win XP pro on one machine and RHEL 4 on another. A router connects the two machines and to the internet as well. Linux has a static IP 192.168.1.100 and it can...
Linux
4
VB - Oracle Connectivity Issue
by: reachravi | last post by:
Hi, In our ASP application, we are using a visual basic Dll file to perform database operations. We have a function in our Dll file for executing stored procedures. This function...
Visual Basic 4 / 5 / 6
1
IPSec VPN Client in Vista and XP
by: =?Utf-8?B?Ry4gQ2FzYWJpYW5jYQ==?= | last post by:
I an trying to set up a VPN to access my office. My router only supports IPSec and the client Vista provides is based on PPTP. Is there any way to set up an IPSec client in VIsta and XP or do I...
.NET Framework
1
Connectivity Issue Has Me Stumped
by: johndavid | last post by:
I work for as a Computer Systems Manager for a large government agency with a baffling problem. Some of what I will say below makes zero sense, which is why I am baffled. I have a site that...
Networking - Hardware / Configuration
0
How to solve a DB2 Mainframe database connectivity issue?
by: paldebayan | last post by:
We are getting following errors in the log. ÝJun 11, 2010 03:14:35¨ ERROR RRTUtil.exception(): The program has encountered exception ...
DB2 Database
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us