Question : site to site vpn, not coming up - debug inc

hi all,

we have a external office that i dont manage and the other end is not a cisco device and my end is a 877

heres the debug from the 877
with debug isakmp and debug ipsec

can anyone help me out with what it means?
THanks
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:

00139: Jul 31 10:49:15.680: ISAKMP (0:0): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (N) NEW SA
000140: Jul 31 10:49:15.680: ISAKMP: Created a peer struct for 213.xxx.xxx.250, peer port 500
000141: Jul 31 10:49:15.680: ISAKMP: New peer created peer = 0x843405D4 peer_handle = 0x80000040
000142: Jul 31 10:49:15.680: ISAKMP: Locking peer struct 0x843405D4, refcount 1 for crypto_isakmp_process_block
000143: Jul 31 10:49:15.680: ISAKMP:(0):Setting client config settings 83A566F4
000144: Jul 31 10:49:15.680: ISAKMP:(0):(Re)Setting client xauth list  and state
000145: Jul 31 10:49:15.680: ISAKMP/xauth: initializing AAA request
000146: Jul 31 10:49:15.684: ISAKMP: local port 500, remote port 500
000147: Jul 31 10:49:15.684: insert sa successfully sa = 84273988
000148: Jul 31 10:49:15.684: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
000149: Jul 31 10:49:15.684: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1
 
000150: Jul 31 10:49:15.684: ISAKMP:(0): processing SA payload. message ID = 0
000151: Jul 31 10:49:15.684: ISAKMP:(0): processing vendor id payload
000152: Jul 31 10:49:15.684: ISAKMP:(0): processing IKE frag vendor id payload
000153: Jul 31 10:49:15.684: ISAKMP:(0): Support for IKE Fragmentation not enabled
000154: Jul 31 10:49:15.684: ISAKMP:(0): processing vendor id payload
000155: Jul 31 10:49:15.684: ISAKMP:(0): vendor ID is DPD
000156: Jul 31 10:49:15.684: ISAKMP:(0):found peer pre-shared key matching 213.xxx.xxx.250
000157: Jul 31 10:49:15.684: ISAKMP:(0): local preshared key found
000158: Jul 31 10:49:15.684: ISAKMP:(0): Authentication by xauth preshared
000159: Jul 31 10:49:15.684: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
000160: Jul 31 10:49:15.688: ISAKMP:      life type in seconds
000161: Jul 31 10:49:15.688: ISAKMP:      life duration (basic) of 2800
000162: Jul 31 10:49:15.688: ISAKMP:      encryption 3DES-CBC
000163: Jul 31 10:49:15.688: ISAKMP:      auth pre-share
000164: Jul 31 10:49:15.688: ISAKMP:      hash SHA
000165: Jul 31 10:49:15.688: ISAKMP:      default group 2
000166: Jul 31 10:49:15.688: ISAKMP:(0):atts are acceptable. Next payload is 0
000167: Jul 31 10:49:15.688: ISAKMP:(0):Acceptable atts:actual life: 0
000168: Jul 31 10:49:15.688: ISAKMP:(0):Acceptable atts:life: 0
000169: Jul 31 10:49:15.688: ISAKMP:(0):Basic life_in_seconds:2800
000170: Jul 31 10:49:15.688: ISAKMP:(0):Returning Actual lifetime: 2800
000171: Jul 31 10:49:15.688: ISAKMP:(0)::Started lifetime timer: 2800.
 
000172: Jul 31 10:49:15.688: ISAKMP:(0): processing vendor id payload
000173: Jul 31 10:49:15.688: ISAKMP:(0): processing IKE frag vendor id payload
000174: Jul 31 10:49:15.688: ISAKMP:(0): Support for IKE Fragmentation not enabled
000175: Jul 31 10:49:15.688: ISAKMP:(0): processing vendor id payload
000176: Jul 31 10:49:15.688: ISAKMP:(0): vendor ID is DPD
000177: Jul 31 10:49:15.692: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
000178: Jul 31 10:49:15.692: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1
 
000179: Jul 31 10:49:15.692: ISAKMP:(0): sending packet to 213.xxx.xxx.250 my_port 500 peer_port 500 (R) MM_SA_SETUP
000180: Jul 31 10:49:15.692: ISAKMP:(0):Sending an IKE IPv4 Packet.
000181: Jul 31 10:49:15.692: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
CWPD#
000182: Jul 31 10:49:15.692: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2
 
000183: Jul 31 10:49:16.116: ISAKMP (0:0): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) MM_SA_SETUP
000184: Jul 31 10:49:16.116: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
000185: Jul 31 10:49:16.116: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3
 
000186: Jul 31 10:49:16.116: ISAKMP:(0): processing KE payload. message ID = 0
000187: Jul 31 10:49:16.168: ISAKMP:(0): processing NONCE payload. message ID = 0
000188: Jul 31 10:49:16.168: ISAKMP:(0):found peer pre-shared key matching 213.xxx.xxx.250
000189: Jul 31 10:49:16.172: ISAKMP:(2075):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
000190: Jul 31 10:49:16.172: ISAKMP:(2075):Old State = IKE_R_MM3  New State = IKE_R_MM3
 
000191: Jul 31 10:49:16.172: ISAKMP:(2075): sending packet to 213.xxx.xxx.250 my_port 500 peer_port 500 (R) MM_KEY_EXCH
000192: Jul 31 10:49:16.172: ISAKMP:(2075):Sending an IKE IPv4 Packet.
000193: Jul 31 10:49:16.172: ISAKMP:(2075):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
000194: Jul 31 10:49:16.172: ISAKMP:(2075):Old State = IKE_R_MM3  New State = IKE_R_MM4
 
000195: Jul 31 10:49:16.572: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) MM_KEY_EXCH
000196: Jul 31 10:49:16.572: ISAKMP:(2075):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
000197: Jul 31 10:49:16.572: ISAKMP:(2075):Old State = IKE_R_MM4  New State = IKE_R_MM5
 
000198: Jul 31 10:49:16.576: ISAKMP:(2075): processing ID payload. message ID = 0
000199: Jul 31 10:49:16.576: ISAKMP (0:2075): ID payload
        next-payload : 8
        type         : 1
        address      : 213.xxx.xxx.250
        protocol     : 17
        port         : 500
        length       : 12
000200: Jul 31 10:49:16.576: ISAKMP:(0):: peer matches *none* of the profiles
000201: Jul 31 10:49:16.576: ISAKMP:(2075): processing HASH payload. message ID = 0
000202: Jul 31 10:49:16.576: ISAKMP:(2075):SA authentication status:
        authenticated
000203: Jul 31 10:49:16.576: ISAKMP:(2075):SA has been authenticated with 213.xxx.xxx.250
000204: Jul 31 10:49:16.576: ISAKMP: Trying to insert a peer 94.72.198.175/213.xxx.xxx.250/500/,  and inserted successfully 843405D4.
000205: Jul 31 10:49:16.576: ISAKMP:(2075):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
000206: Jul 31 10:49:16.576: ISAKMP:(2075):Old State = IKE_R_MM5  New State = IKE_R_MM5
 
000207: Jul 31 10:49:16.580: ISAKMP:(2075):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
000208: Jul 31 10:49:16.580: ISAKMP (0:2075): ID payload
        next-payload : 8
        type         : 1
        address      : 94.72.198.175
        protocol     : 17
        port         : 500
        length       : 12
000209: Jul 31 10:49:16.580: ISAKMP:(2075):Total payload length: 12
000210: Jul 31 10:49:16.580: ISAKMP:(2075): sending packet to 213.xxx.xxx.250 my_port 500 peer_port 500 (R) MM_KEY_EXCH
000211: Jul 31 10:49:16.580: ISAKMP:(2075):Sending an IKE IPv4 Packet.
000212: Jul 31 10:49:16.580: ISAKMP:(2075):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
000213: Jul 31 10:49:16.580: ISAKMP:(2075):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE
 
000214: Jul 31 10:49:16.584: ISAKMP:(2075):Need XAUTH
000215: Jul 31 10:49:16.584: ISAKMP: set new node -459123942 to CONF_XAUTH
000216: Jul 31 10:49:16.584: ISAKMP/xauth: request attribute XAUTH_TYPE
000217: Jul 31 10:49:16.584: ISAKMP/xauth: request attribute XAUTH_USER_NAME
000218: Jul 31 10:49:16.584: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD
000219: Jul 31 10:49:16.584: ISAKMP:(2075): initiating peer config to 213.xxx.xxx.250. ID = -459123942
000220: Jul 31 10:49:16.584: ISAKMP:(2075): sending packet to 213.xxx.xxx.250 my_port 500 peer_port 500 (R) CONF_XAUTH
000221: Jul 31 10:49:16.584: ISAKMP:(2075):Sending an IKE IPv4 Packet.
000222: Jul 31 10:49:16.584: ISAKMP:(2075):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
000223: Jul 31 10:49:16.584: ISAKMP:(2075):Old State = IKE_P1_COMPLETE  New State = IKE_XAUTH_REQ_SENT
 
000224: Jul 31 10:49:16.916: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
000225: Jul 31 10:49:16.916: ISAKMP: set new node -1795865532 to CONF_XAUTH
000226: Jul 31 10:49:16.920: ISAKMP:(2075): processing HASH payload. message ID = -1795865532
000227: Jul 31 10:49:16.920: ISAKMP:(2075): processing NOTIFY INITIAL_CONTACT protocol 1
        spi 0, message ID = -1795865532, sa = 84273988
000228: Jul 31 10:49:16.920: ISAKMP:(2075):SA authentication status:
        authenticated
000229: Jul 31 10:49:16.920: ISAKMP:(2075): Process initial contact,
bring down existing phase 1 and 2 SA's with local 94.72.198.175 remote 213.xxx.xxx.250 remote port 500
000230: Jul 31 10:49:16.920: ISAKMP:(2075):returning IP addr to the address pool
000231: Jul 31 10:49:16.924: ISAKMP:(2075):deleting node -1795865532 error FALSE reason "Informational (in) state 1"
000232: Jul 31 10:49:16.924: ISAKMP:(2075):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
000233: Jul 31 10:49:16.924: ISAKMP:(2075):Old State = IKE_XAUTH_REQ_SENT  New State = IKE_XAUTH_REQ_SENT
 
000234: Jul 31 10:49:16.924: IPSEC(key_engine): got a queue event with 1 KMI message(s)
000235: Jul 31 10:49:16.928: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
000236: Jul 31 10:49:16.928: ISAKMP:(2075):processing transaction payload from 213.xxx.xxx.250. message ID = -459123942
000237: Jul 31 10:49:16.928: ISAKMP: Config payload REPLY
000238: Jul 31 10:49:16.928: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
000239: Jul 31 10:49:16.928: ISAKMP: set new node -2107603022 to CONF_XAUTH
000240: Jul 31 10:49:16.928: ISAKMP/xauth: request attribute XAUTH_TYPE
000241: Jul 31 10:49:16.928: ISAKMP/xauth: request attribute XAUTH_USER_NAME
000242: Jul 31 10:49:16.928: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD
000243: Jul 31 10:49:16.928: ISAKMP:(2075): initiating peer config to 213.xxx.xxx.250. ID = -2107603022
000244: Jul 31 10:49:16.928: ISAKMP:(2075): sending packet to 213.xxx.xxx.250 my_port 500 peer_port 500 (R) CONF_XAUTH
000245: Jul 31 10:49:16.932: ISAKMP:(2075):Sending an IKE IPv4 Packet.
000246: Jul 31 10:49:16.932: ISAKMP:(2075):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
000247: Jul 31 10:49:16.932: ISAKMP:(2075):Old State = IKE_XAUTH_REQ_SENT  New State = IKE_XAUTH_REQ_SENT
 
CWPD#
000248: Jul 31 10:49:16.932: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
000249: Jul 31 10:49:17.260: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
000250: Jul 31 10:49:17.260: ISAKMP:(2075):processing transaction payload from 213.xxx.xxx.250. message ID = -2107603022
000251: Jul 31 10:49:17.260: ISAKMP: Config payload REPLY
000252: Jul 31 10:49:17.260: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
000253: Jul 31 10:49:17.260: ISAKMP: set new node 1354883623 to CONF_XAUTH
000254: Jul 31 10:49:17.260: ISAKMP/xauth: request attribute XAUTH_TYPE
000255: Jul 31 10:49:17.260: ISAKMP/xauth: request attribute XAUTH_USER_NAME
000256: Jul 31 10:49:17.260: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD
000257: Jul 31 10:49:17.264: ISAKMP:(2075): initiating peer config to 213.xxx.xxx.250. ID = 1354883623
000258: Jul 31 10:49:17.264: ISAKMP:(2075): sending packet to 213.xxx.xxx.250 my_port 500 peer_port 500 (R) CONF_XAUTH
000259: Jul 31 10:49:17.264: ISAKMP:(2075):Sending an IKE IPv4 Packet.
000260: Jul 31 10:49:17.264: ISAKMP:(2075):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
000261: Jul 31 10:49:17.264: ISAKMP:(2075):Old State = IKE_XAUTH_REQ_SENT  New State = IKE_XAUTH_REQ_SENT
 
000262: Jul 31 10:49:17.456: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
000263: Jul 31 10:49:17.456: ISAKMP:(2075):processing transaction payload from 213.xxx.xxx.250. message ID = 1354883623
000264: Jul 31 10:49:17.456: ISAKMP: Config payload REPLY
000265: Jul 31 10:49:17.456: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
000266: Jul 31 10:49:17.456: ISAKMP:(2075):peer does not do paranoid keepalives.
 
000267: Jul 31 10:49:17.456: ISAKMP:(2075):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
000268: Jul 31 10:49:17.456: ISAKMP:(2075):Old State = IKE_XAUTH_REQ_SENT  New State = IKE_XAUTH_REQ_SENT
 
CWPD#
000269: Jul 31 10:49:17.456: IPSEC(key_engine): got a queue event with 1 KMI message(s)
000270: Jul 31 10:49:17.456: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
000271: Jul 31 10:49:17.460: IPSEC(key_engine_delete_sas): delete all SAs shared with peer 213.xxx.xxx.250
CWPD#
000272: Jul 31 10:49:27.024: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
CWPD#
000273: Jul 31 10:49:37.548: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
CWPD#
000274: Jul 31 10:50:53.896: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
CWPD#
000275: Jul 31 10:51:04.372: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
CWPD#
000276: Jul 31 10:51:14.428: ISAKMP (0:2075): received packet from 213.xxx.xxx.250 dport 500 sport 500 Global (R) CONF_XAUTH
CWPD#
Open in New Window
Select All

Answer : site to site vpn, not coming up - debug inc

what is happening is the two phases of connecting a VPN site to site connection. the first phase completes and then the second phase gets to almost complete and then it gets hung up asking for host authentication from your router. Xauth is often considered phase 2.5 and that is what is failing. You need to confirm the host based auth method/user/password hasn't changed.

hope this helps,

-t
Random Solutions  
 
programming4us programming4us