ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
sorin2003
New Member
Posts:
18
Joined:
Sun Aug 23, 2009 3:38 am

VPN L2TP/IPSec with PSK from Windows Mobile 5 to Cisco 2800

Wed Aug 26, 2009 11:12 am

I configured a Cisco 2800 as a VPN concentrator using L2TP/IPSEC PSK (MD5 & 3DES). Everything is working fine while I am trying to conect from another PC connected in the Internet (Windows XP with IPsec policy defined) to router - VPN works OK. When I try to connect from a PDA with Windows MObile 5 there is no responde!!!
Do you know what kind of configuration I must do on the PDA or Router? Is there any posibility to confgure an IPSec policy intro the PDA?

The log from the router is:\
Log Buffer (4096 bytes):
Aug 26 17:13:06.607: ISAKMP: set new node 1301793115 to QM_IDLE
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 1673083784, message ID = 1301793115
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1): sending packet to 93.122.135.1 my_port 4500 peer_port 38617 (R) QM_IDLE
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1):purging node 1301793115
*Aug 26 17:13:06.607: ISAKMP:(0:3:SW:1):deleting node 760218217 error TRUE reason "QM rejected"
*Aug 26 17:13:06.607: ISAKMP (0:134217731): Unknown Input IKE_MESG_FROM_PEER, IKE_QM_EXCH: for node 760218217: state = IKE_QM_READY
*Aug 26 17:13:06.611: ISAKMP:(0:3:SW:1):Node 760218217, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Aug 26 17:13:06.611: ISAKMP:(0:3:SW:1):Old State = IKE_QM_READY New State = IKE_QM_READY
*Aug 26 17:13:06.611: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 93.122.135.1
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1): retransmitting phase 1 QM_IDLE ...
*Aug 26 17:13:06.907: ISAKMP (0:134217731): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):peer does not do paranoid keepalives.

*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer 93.122.135.1)
*Aug 26 17:13:06.907: ISAKMP: set new node 558799708 to QM_IDLE
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1): sending packet to 93.122.135.1 my_port 4500 peer_port 38617 (R) QM_IDLE
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):purging node 558799708
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

*Aug 26 17:13:06.907: ISAKMP:(0:3:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 93.122.135.1)
*Aug 26 17:13:06.911: ISAKMP: Unlocking IKE struct 0x63FA8AC0 for isadb_mark_sa_deleted(), count 0
*Aug 26 17:13:06.911: ISAKMP: Deleting peer node by peer_reap for 93.122.135.1: 63FA8AC0
*Aug 26 17:13:06.911: ISAKMP:(0:3:SW:1):deleting node 760218217 error FALSE reason "IKE deleted"
*Aug 26 17:13:06.911: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 26 17:13:06.911: ISAKMP:(0:3:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA

*Aug 26 17:13:07.423: ISAKMP (0:134217731): received packet from 93.122.135.1 dport 4500 sport 38617 Global (R) MM_NO_STATE
*Aug 26 17:13:07.619: ISAKMP (0:0): received packet from 93.122.135.1 dport 4500 sport 38617 Global (N) NEW SA
*Aug 26 17:13:07.619: ISAKMP: Created a peer struct for 93.122.135.1, peer port 38617
*Aug 26 17:13:07.619: ISAKMP: New peer created peer = 0x63FA8AC0 peer_handle = 0x8000000D
*Aug 26 17:13:07.619: ISAKMP: Locking peer struct 0x63FA8AC0, IKE refcount 1 for crypto_isakmp_process_block
*Aug 26 17:13:07.619: ISAKMP: local port 4500, remote port 38617
*Aug 26 17:13:07.619: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 63FADA18
*Aug 26 17:13:07.619: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 26 17:13:07.619: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1

*Aug 26 17:13:07.619: ISAKMP (0:0): received packet from 93.122.135.1 dport 4500 sport 38617 Global (R) MM_NO_STATE
*Aug 26 17:13:07.619: ISAKMP:(0:0:N/A:0):Notify has no hash. Rejected.
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Couldn't find node: message_id -92458498
*Aug 26 17:13:07.623: ISAKMP (0:0): FSM action returned error: 2
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Old State = IKE_R_MM1 New State = IKE_R_MM1

*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR
*Aug 26 17:13:07.623: ISAKMP:(0:0:N/A:0):Old State = IKE_R_MM1 New State = IKE_READY

*Aug 26 17:13:56.911: ISAKMP:(0:3:SW:1):purging node 760218217
*Aug 26 17:14:06.911: ISAKMP:(0:3:SW:1):purging SA., sa=63FA804C, delme=63FA804C


Thks for your time!

sorin2003
New Member
Posts:
18
Joined:
Sun Aug 23, 2009 3:38 am

Re: VPN L2TP/IPSec with PSK from Windows Mobile 5 to Cisco 2800

Fri Aug 28, 2009 5:18 am

I found the solution. Windows Mobile 5 knows 3DES / SHA!!!

But now I have another problem regarding de Windows Mobile 6 - which are algorithms used for encryption and authentication?
Tks

'

Return to Cisco Security

Who is online

Users browsing this forum: xC0MMAND0x and 35 guests