networking-forum.com
Community BlogCommunity Wiki * Register  * Search  * Login
View unanswered postsView active topics

Board index » Cisco Networking » Cisco Security

All times are UTC - 6 hours [ DST ]


Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
sorin2003
PostPosted: Wed Aug 26, 2009 11:12 am 
Offline
New Member
New Member

Joined: Sun Aug 23, 2009 3:38 am
Posts: 17
I configured a Cisco 2800 as a VPN concentrator using L2TP/IPSEC PSK (MD5 & 3DES). Everything is working fine while I am trying to conect from another PC connected in the Internet (Windows XP with IPsec policy defined) to router - VPN works OK. When I try to connect from a PDA with Windows MObile 5 there is no responde!!!
Do you know what kind of configuration I must do on the PDA or Router? Is there any posibility to confgure an IPSec policy intro the PDA?

The log from the router is:\
Log Buffer (4096 bytes):
Aug 26 17:13:06.607: ISAKMP: set new node 1301793115 to QM_IDLE
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 1673083784, message ID = 1301793115
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1): sending packet to 93.122.135.1 my_port 4500 peer_port 38617 (R) QM_IDLE
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1):purging node 1301793115
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1):deleting node 760218217 error TRUE reason "QM rejected"
*Aug 26 17:13:06.607: ISAKMP (0:134217731): Unknown Input IKE_MESG_FROM_PEER, IKE_QM_EXCH: for node 760218217: state = IKE_QM_READY
*Aug 26 17:13:06.611: ISAKMP:(0:3:SW:1):Node 760218217, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Aug 26 17:13:06.611: ISAKMP:(0:3:SW:1):Old State = IKE_QM_READY New State = IKE_QM_READY
*Aug 26 17:13:06.611: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 93.122.135.1
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1): retransmitting phase 1 QM_IDLE ...
*Aug 26 17:13:06.907: ISAKMP (0:134217731): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):peer does not do paranoid keepalives.

*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer 93.122.135.1)
*Aug 26 17:13:06.907: ISAKMP: set new node 558799708 to QM_IDLE
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1): sending packet to 93.122.135.1 my_port 4500 peer_port 38617 (R) QM_IDLE
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):purging node 558799708
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 93.122.135.1)
*Aug 26 17:13:06.911: ISAKMP: Unlocking IKE struct 0x63FA8AC0 for isadb_mark_sa_deleted(), count 0
*Aug 26 17:13:06.911: ISAKMP: Deleting peer node by peer_reap for 93.122.135.1: 63FA8AC0
*Aug 26 17:13:06.911: ISAKMP:(0:3:SW:1):deleting node 760218217 error FALSE reason "IKE deleted"
*Aug 26 17:13:06.911: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 26 17:13:06.911: ISAKMP:(0:3:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA

*Aug 26 17:13:07.423: ISAKMP (0:134217731): received packet from 93.122.135.1 dport 4500 sport 38617 Global (R) MM_NO_STATE
*Aug 26 17:13:07.619: ISAKMP (0:0): received packet from 93.122.135.1 dport 4500 sport 38617 Global (N) NEW SA
*Aug 26 17:13:07.619: ISAKMP: Created a peer struct for 93.122.135.1, peer port 38617
*Aug 26 17:13:07.619: ISAKMP: New peer created peer = 0x63FA8AC0 peer_handle = 0x8000000D
*Aug 26 17:13:07.619: ISAKMP: Locking peer struct 0x63FA8AC0, IKE refcount 1 for crypto_isakmp_process_block
*Aug 26 17:13:07.619: ISAKMP: local port 4500, remote port 38617
*Aug 26 17:13:07.619: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 63FADA18
*Aug 26 17:13:07.619: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 26 17:13:07.619: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1

*Aug 26 17:13:07.619: ISAKMP (0:0): received packet from 93.122.135.1 dport 4500 sport 38617 Global (R) MM_NO_STATE
*Aug 26 17:13:07.619: ISAKMP:(0:0:N/A:0):Notify has no hash. Rejected.
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Couldn't find node: message_id -92458498
*Aug 26 17:13:07.623: ISAKMP (0:0): FSM action returned error: 2
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Old State = IKE_R_MM1 New State = IKE_R_MM1

*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Old State = IKE_R_MM1 New State = IKE_READY

*Aug 26 17:13:56.911: ISAKMP:(0:3:SW:1):purging node 760218217
*Aug 26 17:14:06.911: ISAKMP:(0:3:SW:1):purging SA., sa=63FA804C, delme=63FA804C


Thks for your time!
Top
 Profile  
 
sorin2003
PostPosted: Fri Aug 28, 2009 5:18 am 
Offline
New Member
New Member

Joined: Sun Aug 23, 2009 3:38 am
Posts: 17
I found the solution. Windows Mobile 5 knows 3DES / SHA!!!

But now I have another problem regarding de Windows Mobile 6 - which are algorithms used for encryption and authentication?
Tks
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 

Board index » Cisco Networking » Cisco Security

All times are UTC - 6 hours [ DST ]

Who is online

Users browsing this forum: 1KrazyFool, anauj0101, bertschs, Google Feedfetcher and 11 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group