1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Vpn Problem between RV082 and RVS4000

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by fanadonf, Dec 8, 2007.

  1. fanadonf

    fanadonf Network Guru Member

    Hello
    I have a vpn problem between an RV082 Firm 1.3.5 and RVS4000 Firm 1.1.12
    (time sync is ok on the same ntp server)
    firewall / ips disable in RVS4000
    I have this log on RV082 but no log on rvs4000 stange :


    Dec 8 08:24:23 2007 VPN Log initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #84
    Dec 8 08:24:23 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
    Dec 8 08:24:24 2007 VPN Log Received informational payload, type NO_PROPOSAL_CHOSEN
    Dec 8 08:24:33 2007 VPN Log Received informational payload, type INVALID_MESSAGE_ID
    Dec 8 08:25:15 2007 VPN Log Initiating Main Mode
    Dec 8 08:25:15 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Dec 8 08:25:15 2007 VPN Log Informational Exchange is for an unknown (expired?) SA
    Dec 8 08:25:15 2007 VPN Log Ignoring Vendor ID payload [4f4540454371496d...]
    Dec 8 08:25:15 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Dec 8 08:25:15 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Dec 8 08:25:15 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Dec 8 08:25:15 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Dec 8 08:25:15 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Dec 8 08:25:16 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Dec 8 08:25:16 2007 VPN Log Main mode peer ID is ID_IPV4_ADDR: '82.238.254.52'
    Dec 8 08:25:16 2007 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
    Dec 8 08:25:16 2007 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 84ab 2cf7 1077 617e
    Dec 8 08:25:16 2007 VPN Log [Tunnel Negotiation Info] Responder Cookies = 491c 4410 2848 362a
    Dec 8 08:25:16 2007 VPN Log initiating Quick Mode PSK+TUNNEL
    Dec 8 08:25:16 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
    Dec 8 08:25:16 2007 VPN Log Received informational payload, type NO_PROPOSAL_CHOSEN
    Dec 8 08:25:26 2007 VPN Log Received informational payload, type INVALID_MESSAGE_ID
    Dec 8 08:25:46 2007 VPN Log Received informational payload, type INVALID_MESSAGE_ID

    i post the vpn tunel config on rv082 and rvs4000 any idea to help me ?

    Regards

    François
     

    Attached Files:

  2. fanadonf

    fanadonf Network Guru Member

    I make some test, the vpn log :

    on the rv082:

    Dec 8 12:07:46 2007 VPN Log Ignoring Vendor ID payload [4f4540454371496d...]
    Dec 8 12:07:46 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Dec 8 12:07:46 2007 VPN Log Ignoring Vendor ID payload [4a131c8107035845...]
    Dec 8 12:07:46 2007 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Dec 8 12:07:46 2007 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02]
    Dec 8 12:07:46 2007 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Dec 8 12:07:46 2007 VPN Log Main mode peer ID is ID_IPV4_ADDR: '82.238.XXX.XX'
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] Initiator Cookies = b622 f05b 77fa d15e
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] Responder Cookies = 32ed 1614 4ff9 af8
    Dec 8 12:07:46 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
    Dec 8 12:07:46 2007 VPN Log Quick Mode I1 message KE payload requires a GROUP_DESCRIPTION attribute in SA
    Dec 8 12:07:56 2007 VPN Log Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x0c608cc2 (perhaps this is a duplicated packet)
    Dec 8 12:08:16 2007 VPN Log Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x0c608cc2 (perhaps this is a duplicated packet)


    on the rvs4000 :


    Dec 8 12:07:46 - [VPN Log]: "ciw" #3: initiating Main Mode
    Dec 8 12:07:46 - [VPN Log]: "ciw" #3: received Vendor ID payload [Dead Peer Detection]
    Dec 8 12:07:46 - [VPN Log]: "ciw" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
    Dec 8 12:07:46 - [VPN Log]: "ciw" #3: STATE_MAIN_I2: sent MI2, expecting MR2
    Dec 8 12:07:47 - [VPN Log]: "ciw" #3: I did not send a certificate because I do not have one.
    Dec 8 12:07:47 - [VPN Log]: "ciw" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
    Dec 8 12:07:47 - [VPN Log]: "ciw" #3: STATE_MAIN_I3: sent MI3, expecting MR3
    Dec 8 12:07:47 - [VPN Log]: "ciw" #3: Main mode peer ID is ID_IPV4_ADDR: '86.215.207.142'
    Dec 8 12:07:47 - [VPN Log]: "ciw" #3: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
    Dec 8 12:07:47 - [VPN Log]: "ciw" #3: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
    Dec 8 12:07:47 - [VPN Log]: "ciw" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK+DONTREKEY+UP {using isakmp#3}
    Dec 8 12:08:57 - [VPN Log]: "ciw" #4: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

    Any idea to help me ?

    Regards

    François
     

Share This Page