求大神解救,数字证书认证的remote access VPN,证书认证通过,但是连接不上
拓扑图R1的E0/0和C1连接,R1 E0/0 地址10.123.17.140。C1地址是10.123.17.8
我用GNS做的模拟测试,R1的IOS是3640,R1自己做CA,而且自己也作为一个client和自己CA证书认证,然后C1是自己的PC,在PC上用VPN client软件先进行CA认证。然后在R1上配置remote accessVPN,C1通过选择证书方式连接。
现在情况是,R1和自身证书认证通过,C1和R1证书认证也通过,我在R1上配置完了VPN,但是C1上连接显示对端没反应,不知道是配置问题还是什么问题。
下面说下我做测试的情况吧。
首先,R1和C1都用我们内网的NTP服务器做时间同步,这也是做CA认证的第一步。
file:///C:\Users\pu\AppData\Roaming\Tencent\Users\564327591\QQ\WinTemp\RichOle\3ZAN)YQALZ_C2USBG9ED~_V.jpg
R1#show ntp status
Clock is synchronized, stratum 5, reference is 10.123.1.66
其次,在R1上起domain-nam和crypto key,和http server
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate rsa general-keys label testkey modulus 1024 ex
R1(config)#$generate rsa general-keys label testkey modulus 1024 exportable
The name for the keys will be: testkey
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be exportable...
R1(config)#ip http server
接着,就是做ca server
crypto pki server ca
database level names
database archive pem password cisco123
issuer-name CN=gz,OU=tt
grant auto
no sh
%Some server settings cannot be changed after CA certificate generation.
% Exporting Certificate Server signing certificate and keys...
% Certificate Server enabled.
因为设备节约,因此先自己和自己做CA认证,所以依然在R1上起trustpoint,然后和自己认证
crypto pki trustpoint test
enrollment mode ra
enrollment url http://10.123.17.140
password justtest
revocation-check none
rsakeypair testkey
auto-enroll 70
然后获取根证书
R1(config)#crypto pki authenticate test
Certificate has the following attributes:
Fingerprint MD5: 6B21FA14 ACCD2C15 A6B98F37 456CC412
Fingerprint SHA1: D35D2C62 B2C9F2AE 5F835F0F D21E4C7B B5BEC205
% Do you accept this certificate? : yes
Trustpoint CA certificate accepted.
然后发布个人证书
R1(config)#crypto pki enroll test
%
% Start certificate enrollment ..
% The subject name in the certificate will include: R1.cisco.com
% Include the router serial number in the subject name? : n
% Include an IP address in the subject name? : n
Request certificate from CA? : yes
% Certificate request sent to Certificate Authority
% The 'show crypto ca certificate test verbose' command will show the fingerprint.
R1(config)#
Jan5 02:40:51.256: CRYPTO_PKI:Certificate Request Fingerprint MD5: 447D2581 FD9F72F5 A1539FCF BD2E3CDD
Jan5 02:40:51.256: CRYPTO_PKI:Certificate Request Fingerprint SHA1: F8664B9B F3135D24 29A91AFC DC52B37E FBC5CDEE
R1(config)#
Jan5 02:40:53.652: %PKI-6-CERTRET: Certificate received from Certificate Authority
R1(config)#
此时R1已经和自己认证通过了,也获取到自己的签名证书。看状态已经授权了
R1#crypto pki server ca info requests
Enrollment Request Database:
Subordinate CA certificate requests:
ReqIDState Fingerprint SubjectName
--------------------------------------------------------------
RA certificate requests:
ReqIDState Fingerprint SubjectName
--------------------------------------------------------------
Router certificates requests:
ReqIDState Fingerprint SubjectName
--------------------------------------------------------------
1 authorized 447D2581FD9F72F5A1539FCFBD2E3CDD hostname=R1.cisco.com
接着就是到在PC上用VPN client和R1做认证了
此时证书认证成功。在R1上看到授权情况正常
R1#crypto pki server ca info requests
Enrollment Request Database:
Subordinate CA certificate requests:
ReqIDState Fingerprint SubjectName
--------------------------------------------------------------
RA certificate requests:
ReqIDState Fingerprint SubjectName
--------------------------------------------------------------
Router certificates requests:
ReqIDState Fingerprint SubjectName
--------------------------------------------------------------
2 authorized 328FCE7C527836860EE862DAA707A038 cn=justtest
1 authorized 447D2581FD9F72F5A1539FCFBD2E3CDD hostname=R1.cisco.com
接下来就开始在R1上做remote access VPN了
R1的总配置如下
R1#show run
Building configuration...
Current configuration : 5927 bytes
!
! Last configuration change at 10:59:40 BJ Mon Jan 5 2015
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable password cisco123
!
aaa new-model
!
!
aaa authentication login client local
aaa authorization network client local
!
aaa session-id common
memory-size iomem 5
clock timezone BJ 8
!
!
ip cef
no ip domain lookup
ip domain name cisco.com
!
!
!
!
!
crypto pki server ca
database level names
database archive pem password 7 070C285F4D06485744
issuer-name CN=gz,OU=tt
grant auto
!
crypto pki trustpoint ca
revocation-check crl
rsakeypair ca
!
crypto pki trustpoint test
enrollment url http://10.123.17.140:80
password 7 060C1A32585A0C0A11
revocation-check none
rsakeypair testkey
auto-enroll 70
!
!
crypto pki certificate chain ca
certificate ca 01
3082020D 30820176 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
1A310B30 09060355 040B1302 7474310B 30090603 55040313 02677A30 1E170D31
35303130 35303233 3233395A 170D3138 30313034 30323332 33395A30 1A310B30
09060355 040B1302 7474310B 30090603 55040313 02677A30 819F300D 06092A86
4886F70D 01010105 0003818D 00308189 02818100 D9B7C4CE 385050B0 0B3EE187
B792628C D2FC5C1B 3E9CB587 6F109DAC AB983188 B1039014 11876F69 3746F712
CF5B848C E6581975 BE9C42A3 9951E33C 54DB8520 00911773 EF9F541D 9D6FF9E0
3A9ABB2A C77A8DED DA47239B 020F80B7 D82F58B0 048E4E0A 4FF84BEC 9D6FEF0E
ABE4A474 7371D06C 750B8F51 7D876966 65536923 02030100 01A36330 61300F06
03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F
0603551D 23041830 168014F3 710105BC 71476856 079605BF 99A19048 84C62930
1D060355 1D0E0416 0414F371 0105BC71 47685607 9605BF99 A1904884 C629300D
06092A86 4886F70D 01010405 00038181 001F4AC2 C9C985AD ADC2BD3B 6823CA26
F73FAF3C D8F5F65E AF17D4CC 276E8892 55423E2F BC92D6AB 62F44880 23CAD935
1EB92B0B B60F68C1 633FED1E CF30DBD2 476A464A 312152EF 597E420A 0C0245C1
4FAB2896 63A8B38F 809C9398 967B687F E6C91313 F6FEB0C6 53199FDD 5E07767E
38638088 E91D102C 69540A7B 5E3A06B1 37
quit
crypto pki certificate chain test
certificate 02
308201FC 30820165 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
1A310B30 09060355 040B1302 7474310B 30090603 55040313 02677A30 1E170D31
35303130 35303234 3035325A 170D3136 30313035 30323430 35325A30 1D311B30
1906092A 864886F7 0D010902 160C5231 2E636973 636F2E63 6F6D3081 9F300D06
092A8648 86F70D01 01010500 03818D00 30818902 818100BB 02C178E2 E9D41C82
3977C6E4 A39957D1 72215ABA A348BFFF 195587CF E05B56D3 6E5C1F3F 822344A7
1080922F 966E4B30 B324AD7D 29C8E928 4BDD0661 0A896093 D457CE5E EC1B0D43
85D55AD8 C9D2BF51 62BDE61C 0A5BE7E0 D803E8EA DED56539 9BD0AC8C 359041ED
910003A2 296D7A0F CA22FF3F A7AF271A 55545B54 1C94E702 03010001 A34F304D
300B0603 551D0F04 04030205 A0301F06 03551D23 04183016 8014F371 0105BC71
47685607 9605BF99 A1904884 C629301D 0603551D 0E041604 148A2AA9 17DA58B5
F3A6ED26 6A24C542 641402BF 4E300D06 092A8648 86F70D01 01040500 03818100
534721E3 EF8EC504 B2C014F3 616DE8AA E9641CA0 699AD690 8D366BD9 DB5B964B
621C4BE6 AEAD455B D94ABA52 C4669618 4D4A988A 7A40CA2A 68A043FF 74A15F64
B6ED4F9A 7070DDE2 487A9C46 8F465391 84BB91ED 585241A0 439CB46D C739F70E
CDC65212 5E0F1F3E 72578B3A 8048BC0C A89F4C95 E86073F0 28FB6880 8AB14FC3
quit
certificate ca 01
3082020D 30820176 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
1A310B30 09060355 040B1302 7474310B 30090603 55040313 02677A30 1E170D31
35303130 35303233 3233395A 170D3138 30313034 30323332 33395A30 1A310B30
09060355 040B1302 7474310B 30090603 55040313 02677A30 819F300D 06092A86
4886F70D 01010105 0003818D 00308189 02818100 D9B7C4CE 385050B0 0B3EE187
B792628C D2FC5C1B 3E9CB587 6F109DAC AB983188 B1039014 11876F69 3746F712
CF5B848C E6581975 BE9C42A3 9951E33C 54DB8520 00911773 EF9F541D 9D6FF9E0
3A9ABB2A C77A8DED DA47239B 020F80B7 D82F58B0 048E4E0A 4FF84BEC 9D6FEF0E
ABE4A474 7371D06C 750B8F51 7D876966 65536923 02030100 01A36330 61300F06
03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F
0603551D 23041830 168014F3 710105BC 71476856 079605BF 99A19048 84C62930
1D060355 1D0E0416 0414F371 0105BC71 47685607 9605BF99 A1904884 C629300D
06092A86 4886F70D 01010405 00038181 001F4AC2 C9C985AD ADC2BD3B 6823CA26
F73FAF3C D8F5F65E AF17D4CC 276E8892 55423E2F BC92D6AB 62F44880 23CAD935
1EB92B0B B60F68C1 633FED1E CF30DBD2 476A464A 312152EF 597E420A 0C0245C1
4FAB2896 63A8B38F 809C9398 967B687F E6C91313 F6FEB0C6 53199FDD 5E07767E
38638088 E91D102C 69540A7B 5E3A06B1 37
quit
!
!
!
!
!
!
!
!
!
!
!
username vpn password 0 cisco123
!
!
!
!
crypto isakmp policy 1
group 2
!
crypto isakmp client configuration group ttvpn
dns 10.1.1.5
wins 10.1.1.5
domain cisco.com
pool vpnpool
acl 101
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto dynamic-map vpnclient 10
set transform-set myset
!
!
crypto map vpn client authentication list client
crypto map vpn isakmp authorization list client
crypto map vpn client configuration address respond
crypto map vpn 10 ipsec-isakmp dynamic vpnclient
!
!
!
!
interface Ethernet0/0
ip address 10.123.17.140 255.255.255.0
full-duplex
crypto map vpn
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
ip local pool vpnpool 10.1.1.10 10.1.1.50
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.123.17.254
!
!
!
access-list 101 permit ip any any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
!
ntp clock-period 17179870
ntp source Ethernet0/0
ntp server 10.123.1.66
!
end
R1#
做完VPN,就在PC上做VPN连接了
保存后连接,输入证书预设密码后,连接没反应,然后显示
我在R1上debug信息如下
R1#debug crypto isakmp
Crypto ISAKMP debugging is on
R1#
R1#
R1#
R1#
R1#
R1#
R1#
R1#
Jan5 03:05:40.696: ISAKMP (0:0): received packet from 10.123.17.8 dport 500 sport 63585 Global (N) NEW SA
Jan5 03:05:40.700: ISAKMP: Created a peer struct for 10.123.17.8, peer port 63585
Jan5 03:05:40.704: ISAKMP: New peer created peer = 0x6507FADC peer_handle = 0x80000003
Jan5 03:05:40.704: ISAKMP: Locking peer struct 0x6507FADC, IKE refcount 1 for crypto_isakmp_process_block
Jan5 03:05:40.704: ISAKMP:(0:0:N/A:0):Setting client config settings 6507FBA0
Jan5 03:05:40.704: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth listand state
Jan5 03:05:40.708: ISAKMP/xauth: initializing AAA request
Jan5 03:05:40.712: ISAKMP: local port 500, remote port 63585
Jan5 03:05:40.712: insert sa successfully sa = 6507F0CC
Jan5 03:05:40.716: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan5 03:05:40.716: ISAKMP:(0:0:N/A:0):Old State = IKE_READYNew State = IKE_R_MM1
Jan5 03:05:40.720: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
Jan5
R1#03:05:40.720: ISAKMP:(0:0:N/A:0): processing vendor id payload
Jan5 03:05:40.720: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch
Jan5 03:05:40.724: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
Jan5 03:05:40.724: ISAKMP:(0:0:N/A:0): processing vendor id payload
Jan5 03:05:40.724: ISAKMP:(0:0:N/A:0): vendor ID is DPD
Jan5 03:05:40.724: ISAKMP:(0:0:N/A:0): processing vendor id payload
Jan5 03:05:40.728: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 194 mismatch
Jan5 03:05:40.728: ISAKMP:(0:0:N/A:0): processing vendor id payload
Jan5 03:05:40.728: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
Jan5 03:05:40.728: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
Jan5 03:05:40.732: ISAKMP:(0:0:N/A:0): processing vendor id payload
Jan5 03:05:40.732: ISAKMP:(0:0:N/A:0): vendor ID is Unity
Jan5 03:05:40.732: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
Jan5 03:05:40.732: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 1 policy
Jan5 03:05:40.736: ISAKMP: encryption AES-CBC
Jan5 03:05:40.736: ISAKMP: hash SHA
Jan5 03:05:40.736: ISAKMP: default group 5
Jan5 03:05:40.736: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.736: ISAKMP: life type in seconds
Jan5 03:05:40.736: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.740: ISAKMP: keylength of 256
Jan5 03:05:40.740: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.740: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.740: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 1 policy
Jan5 03:05:40.744: ISAKMP: encryption AES-CBC
Jan5 03:05:40.744: ISAKMP: hash MD5
Jan5 03:05:40.744: ISAKMP: default group 5
Jan5 03:05:40.744: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.744: ISAKMP: life type in seconds
Jan5 03:05:40.744: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.748: ISAKMP: keylength of 256
Jan5 03:05:40.748: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.748: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.752: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 1 policy
Jan5 03:05:40.752: ISAKMP: encryption AES-CBC
Jan5 03:05:40.752: ISAKMP: hash SHA
Jan5 03:05:40.752: ISAKMP: default group 5
Jan5 03:05:40.752: ISAKMP: auth RSA sig
Jan5 03:05:40.752: ISAKMP: life type in seconds
Jan5 03:05:40.752: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.756: ISAKMP: keylength of 256
Jan5 03:05:40.756: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.756: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.760: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 1 policy
Jan5 03:05:40.760: ISAKMP: encryption AES-CBC
Jan5 03:05:40.760: ISAKMP: hash MD5
Jan5 03:05:40.760: ISAKMP: default group 5
Jan5 03:05:40.760: ISAKMP: auth RSA sig
Jan5 03:05:40.760: ISAKMP: life type in seconds
Jan5 03:05:40.764: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.764: ISAKMP: keylength of 256
Jan5 03:05:40.764: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.764: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 1 policy
Jan5 03:05:40.768: ISAKMP: encryption AES-CBC
Jan5 03:05:40.768: ISAKMP: hash SHA
Jan5 03:05:40.768: ISAKMP: default group 2
Jan5 03:05:40.768: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.768: ISAKMP: life type in seconds
Jan5 03:05:40.768: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.768: ISAKMP: keylength of 256
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 1 policy
Jan5 03:05:40.768: ISAKMP: encryption AES-CBC
Jan5 03:05:40.768: ISAKMP: hash MD5
Jan5 03:05:40.768: ISAKMP: default group 2
Jan5 03:05:40.768: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.768: ISAKMP: life type in seconds
Jan5 03:05:40.768: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.768: ISAKMP: keylength of 256
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 1 policy
Jan5 03:05:40.768: ISAKMP: encryption AES-CBC
Jan5 03:05:40.768: ISAKMP: hash SHA
Jan5 03:05:40.768: ISAKMP: default group 2
Jan5 03:05:40.768: ISAKMP: auth RSA sig
Jan5 03:05:40.768: ISAKMP: life type in seconds
Jan5 03:05:40.768: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.768: ISAKMP: keylength of 256
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.768: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 1 policy
Jan5 03:05:40.772: ISAKMP: encryption AES-CBC
Jan5 03:05:40.772: ISAKMP: hash MD5
Jan5 03:05:40.772: ISAKMP: default group 2
Jan5 03:05:40.772: ISAKMP: auth RSA sig
Jan5 03:05:40.772: ISAKMP: life type in seconds
Jan5 03:05:40.772: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.772: ISAKMP: keylength of 256
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 1 policy
Jan5 03:05:40.772: ISAKMP: encryption AES-CBC
Jan5 03:05:40.772: ISAKMP: hash SHA
Jan5 03:05:40.772: ISAKMP: default group 5
Jan5 03:05:40.772: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.772: ISAKMP: life type in seconds
Jan5 03:05:40.772: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.772: ISAKMP: keylength of 128
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 1 policy
Jan5 03:05:40.772: ISAKMP: encryption AES-CBC
Jan5 03:05:40.772: ISAKMP: hash MD5
Jan5 03:05:40.772: ISAKMP: default group 5
Jan5 03:05:40.772: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.772: ISAKMP: life type in seconds
Jan5 03:05:40.772: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.772: ISAKMP: keylength of 128
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 1 policy
Jan5 03:05:40.772: ISAKMP: encryption AES-CBC
Jan5 03:05:40.772: ISAKMP: hash SHA
Jan5 03:05:40.772: ISAKMP: default group 5
Jan5 03:05:40.772: ISAKMP: auth RSA sig
Jan5 03:05:40.772: ISAKMP: life type in seconds
Jan5 03:05:40.772: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.772: ISAKMP: keylength of 128
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.772: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 1 policy
Jan5 03:05:40.772: ISAKMP: encryption AES-CBC
Jan5 03:05:40.772: ISAKMP: hash MD5
Jan5 03:05:40.772: ISAKMP: default group 5
Jan5 03:05:40.772: ISAKMP: auth RSA sig
Jan5 03:05:40.772: ISAKMP: life type in seconds
Jan5 03:05:40.772: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP: keylength of 128
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption AES-CBC
Jan5 03:05:40.776: ISAKMP: hash SHA
Jan5 03:05:40.776: ISAKMP: default group 2
Jan5 03:05:40.776: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP: keylength of 128
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption AES-CBC
Jan5 03:05:40.776: ISAKMP: hash MD5
Jan5 03:05:40.776: ISAKMP: default group 2
Jan5 03:05:40.776: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP: keylength of 128
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 15 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption AES-CBC
Jan5 03:05:40.776: ISAKMP: hash SHA
Jan5 03:05:40.776: ISAKMP: default group 2
Jan5 03:05:40.776: ISAKMP: auth RSA sig
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP: keylength of 128
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 16 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption AES-CBC
Jan5 03:05:40.776: ISAKMP: hash MD5
Jan5 03:05:40.776: ISAKMP: default group 2
Jan5 03:05:40.776: ISAKMP: auth RSA sig
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP: keylength of 128
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 17 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.776: ISAKMP: hash SHA
Jan5 03:05:40.776: ISAKMP: default group 5
Jan5 03:05:40.776: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 18 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.776: ISAKMP: hash MD5
Jan5 03:05:40.776: ISAKMP: default group 5
Jan5 03:05:40.776: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 19 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.776: ISAKMP: hash SHA
Jan5 03:05:40.776: ISAKMP: default group 5
Jan5 03:05:40.776: ISAKMP: auth RSA sig
Jan5 03:05:40.776: ISAKMP: life type in seconds
Jan5 03:05:40.776: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.776: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 20 against priority 1 policy
Jan5 03:05:40.776: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.776: ISAKMP: hash MD5
Jan5 03:05:40.776: ISAKMP: default group 5
Jan5 03:05:40.776: ISAKMP: auth RSA sig
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 21 against priority 1 policy
Jan5 03:05:40.780: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.780: ISAKMP: hash SHA
Jan5 03:05:40.780: ISAKMP: default group 2
Jan5 03:05:40.780: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 22 against priority 1 policy
Jan5 03:05:40.780: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.780: ISAKMP: hash MD5
Jan5 03:05:40.780: ISAKMP: default group 2
Jan5 03:05:40.780: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 23 against priority 1 policy
Jan5 03:05:40.780: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.780: ISAKMP: hash SHA
Jan5 03:05:40.780: ISAKMP: default group 2
Jan5 03:05:40.780: ISAKMP: auth RSA sig
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 24 against priority 1 policy
Jan5 03:05:40.780: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.780: ISAKMP: hash MD5
Jan5 03:05:40.780: ISAKMP: default group 2
Jan5 03:05:40.780: ISAKMP: auth RSA sig
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 25 against priority 1 policy
Jan5 03:05:40.780: ISAKMP: encryption DES-CBC
Jan5 03:05:40.780: ISAKMP: hash MD5
Jan5 03:05:40.780: ISAKMP: default group 1
Jan5 03:05:40.780: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.780: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 26 against priority 1 policy
Jan5 03:05:40.780: ISAKMP: encryption DES-CBC
Jan5 03:05:40.780: ISAKMP: hash MD5
Jan5 03:05:40.780: ISAKMP: default group 1
Jan5 03:05:40.780: ISAKMP: auth RSA sig
Jan5 03:05:40.780: ISAKMP: life type in seconds
Jan5 03:05:40.780: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 65535 policy
Jan5 03:05:40.784: ISAKMP: encryption AES-CBC
Jan5 03:05:40.784: ISAKMP: hash SHA
Jan5 03:05:40.784: ISAKMP: default group 5
Jan5 03:05:40.784: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.784: ISAKMP: life type in seconds
Jan5 03:05:40.784: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.784: ISAKMP: keylength of 256
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 65535 policy
Jan5 03:05:40.784: ISAKMP: encryption AES-CBC
Jan5 03:05:40.784: ISAKMP: hash MD5
Jan5 03:05:40.784: ISAKMP: default group 5
Jan5 03:05:40.784: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.784: ISAKMP: life type in seconds
Jan5 03:05:40.784: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.784: ISAKMP: keylength of 256
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 65535 policy
Jan5 03:05:40.784: ISAKMP: encryption AES-CBC
Jan5 03:05:40.784: ISAKMP: hash SHA
Jan5 03:05:40.784: ISAKMP: default group 5
Jan5 03:05:40.784: ISAKMP: auth RSA sig
Jan5 03:05:40.784: ISAKMP: life type in seconds
Jan5 03:05:40.784: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.784: ISAKMP: keylength of 256
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 65535 policy
Jan5 03:05:40.784: ISAKMP: encryption AES-CBC
Jan5 03:05:40.784: ISAKMP: hash MD5
Jan5 03:05:40.784: ISAKMP: default group 5
Jan5 03:05:40.784: ISAKMP: auth RSA sig
Jan5 03:05:40.784: ISAKMP: life type in seconds
Jan5 03:05:40.784: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.784: ISAKMP: keylength of 256
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 65535 policy
Jan5 03:05:40.784: ISAKMP: encryption AES-CBC
Jan5 03:05:40.784: ISAKMP: hash SHA
Jan5 03:05:40.784: ISAKMP: default group 2
Jan5 03:05:40.784: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.784: ISAKMP: life type in seconds
Jan5 03:05:40.784: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.784: ISAKMP: keylength of 256
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.784: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash MD5
Jan5 03:05:40.788: ISAKMP: default group 2
Jan5 03:05:40.788: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 256
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash SHA
Jan5 03:05:40.788: ISAKMP: default group 2
Jan5 03:05:40.788: ISAKMP: auth RSA sig
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 256
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash MD5
Jan5 03:05:40.788: ISAKMP: default group 2
Jan5 03:05:40.788: ISAKMP: auth RSA sig
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 256
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash SHA
Jan5 03:05:40.788: ISAKMP: default group 5
Jan5 03:05:40.788: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 128
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash MD5
Jan5 03:05:40.788: ISAKMP: default group 5
Jan5 03:05:40.788: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 128
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash SHA
Jan5 03:05:40.788: ISAKMP: default group 5
Jan5 03:05:40.788: ISAKMP: auth RSA sig
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 128
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 65535 policy
Jan5 03:05:40.788: ISAKMP: encryption AES-CBC
Jan5 03:05:40.788: ISAKMP: hash MD5
Jan5 03:05:40.788: ISAKMP: default group 5
Jan5 03:05:40.788: ISAKMP: auth RSA sig
Jan5 03:05:40.788: ISAKMP: life type in seconds
Jan5 03:05:40.788: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.788: ISAKMP: keylength of 128
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.788: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption AES-CBC
Jan5 03:05:40.792: ISAKMP: hash SHA
Jan5 03:05:40.792: ISAKMP: default group 2
Jan5 03:05:40.792: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP: keylength of 128
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption AES-CBC
Jan5 03:05:40.792: ISAKMP: hash MD5
Jan5 03:05:40.792: ISAKMP: default group 2
Jan5 03:05:40.792: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP: keylength of 128
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 15 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption AES-CBC
Jan5 03:05:40.792: ISAKMP: hash SHA
Jan5 03:05:40.792: ISAKMP: default group 2
Jan5 03:05:40.792: ISAKMP: auth RSA sig
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP: keylength of 128
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 16 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption AES-CBC
Jan5 03:05:40.792: ISAKMP: hash MD5
Jan5 03:05:40.792: ISAKMP: default group 2
Jan5 03:05:40.792: ISAKMP: auth RSA sig
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP: keylength of 128
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 17 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.792: ISAKMP: hash SHA
Jan5 03:05:40.792: ISAKMP: default group 5
Jan5 03:05:40.792: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 18 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.792: ISAKMP: hash MD5
Jan5 03:05:40.792: ISAKMP: default group 5
Jan5 03:05:40.792: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 19 against priority 65535 policy
Jan5 03:05:40.792: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.792: ISAKMP: hash SHA
Jan5 03:05:40.792: ISAKMP: default group 5
Jan5 03:05:40.792: ISAKMP: auth RSA sig
Jan5 03:05:40.792: ISAKMP: life type in seconds
Jan5 03:05:40.792: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.792: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 20 against priority 65535 policy
Jan5 03:05:40.796: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.796: ISAKMP: hash MD5
Jan5 03:05:40.796: ISAKMP: default group 5
Jan5 03:05:40.796: ISAKMP: auth RSA sig
Jan5 03:05:40.796: ISAKMP: life type in seconds
Jan5 03:05:40.796: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 21 against priority 65535 policy
Jan5 03:05:40.796: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.796: ISAKMP: hash SHA
Jan5 03:05:40.796: ISAKMP: default group 2
Jan5 03:05:40.796: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.796: ISAKMP: life type in seconds
Jan5 03:05:40.796: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 22 against priority 65535 policy
Jan5 03:05:40.796: ISAKMP: encryption 3DES-CBC
Jan5 03:05:40.796: ISAKMP: hash MD5
Jan5 03:05:40.796: ISAKMP: default group 2
Jan5 03:05:40.796: ISAKMP: auth XAUTHInitRSA
Jan5 03:05:40.796: ISAKMP: life type in seconds
Jan5 03:05:40.796: ISAKMP: life duration (VPI) of0x0 0x20 0xC4 0x9B
Jan5 03:05:40.796: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
Jan5 03:05:40.820: ISAKMP:(0:0:N/A:0):Old State = IKE_R_MM1New State = IKE_DEST_SA
Jan5 03:05:40.832: ISAKMP:(0:0:N/A:0):deleting SA reason "No reason" state (R) MM_NO_STATE (peer 10.123.17.8)
Jan5 03:05:40.832: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR
Jan5 03:05:40.832: ISAKMP:(0:0:N/A:0):Old State = IKE_DEST_SANew State = IKE_DEST_SA
Jan5 03:05:46.040: ISAKMP (0:0): received packet from 10.123.17.8 dport 500 sport 63585 Global (R) MM_NO_STATE
Jan5 03:05:51.108: ISAKMP (0:0): received packet from 10.123.17.8 dport 500 sport 63585 Global (R) MM_NO_STATE
Jan5 03:05:56.192: ISAKMP (0:0): received packet from 10.123.17.8 dport 500 sport 63585 Global (R) MM_NO_STATE
R1#
R1#
Jan5 03:06:40.832: ISAKMP:(0:0:N/A:0):purging SA., sa=6507F0CC, delme=6507F0CC
R1#
cisco官网上关于找个的文档很少,明间的大神做的测试都是很旧的,而且我做过点对点的证书认证VPN,是能做通的。求大神指点,找出问题所在。
以下是cisco官网的资料,我也是参考这个做的。
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/22520-unityclient-ios.html?mdfid=281940730
页:
[1]