Cisco IPSEC problems with Cisco VPN Tunnel
I've got a working tunnel setup between my Cisco 2600 Router and Cisco VPN client software for MAC/PC. I've added a profile for my iphone and ipad. The ipad (3.2.1) connects with no problems but my iphone 4 (4.1) does not establish a connection. I'm using the same details for both.
Here is the terminal monitor log from my cisco 2600 router:
1y24w: ISAKMP (0:7): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:7): peer does not do paranoid keepalives.
1y24w: ISAKMP (0:7): deleting SA reason "death by retransmission P1" state (R) AG INITEXCH (peer 212.166.128.142) input queue 0
1y24w: ISAKMP (0:7): deleting SA reason "death by retransmission P1" state (R) AG INITEXCH (peer 212.166.128.142) input queue 0
1y24w: ISAKMP: Unlocking IKE struct 0x82ADFC0C for isadb mark_sadeleted(), count 0
1y24w: ISAKMP: Deleting peer node by peer_reap for 212.166.128.142: 82ADFC0C
1y24w: ISAKMP (0:7): Input = IKE MESGINTERNAL, IKE PHASE1DEL
1y24w: ISAKMP (0:7): Old State = IKE RAM2 New State = IKE DESTSA
1y24w: ISAKMP (0:0): received packet from 212.166.128.118 dport 500 sport 500 Global (N) NEW SA
1y24w: ISAKMP: Created a peer struct for 212.166.128.118, peer port 500
1y24w: ISAKMP: Locking peer struct 0x82ADFC0C, IKE refcount 1 for Responding to new initiation
1y24w: ISAKMP: local port 500, remote port 500
1y24w: ISAKMP: insert sa successfully sa = 82769B08
1y24w: ISAKMP (0:8): processing SA payload. message ID = 0
1y24w: ISAKMP (0:8): processing ID payload. message ID = 0
1y24w: ISAKMP (0:8): ID payload
next-payload : 13
type : 11
group id : FSeguraVPNIPhone
protocol : 0
port : 0
length : 24
1y24w: ISAKMP (0:8): peer matches VPNClientIPhone profile
1y24w: ISAKMP: Looking for a matching key for 212.166.128.118 in default
1y24w: ISAKMP (0:8): Setting client config settings 82CC8330
1y24w: ISAKMP (0:8): (Re)Setting client xauth list and state
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 69 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 198 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 29 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 245 mismatch
1y24w: ISAKMP (0:8): vendor ID is NAT-T v7
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 114 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 227 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 250 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 157 mismatch
1y24w: ISAKMP (0:8): vendor ID is NAT-T v3
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 164 mismatch
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 123 mismatch
1y24w: ISAKMP (0:8): vendor ID is NAT-T v2
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID seems Unity/DPD but major 242 mismatch
1y24w: ISAKMP (0:8): vendor ID is XAUTH
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID is Unity
1y24w: ISAKMP (0:8): processing vendor id payload
1y24w: ISAKMP (0:8): vendor ID is DPD
1y24w: ISAKMP (0:8) Authentication by xauth preshared
1y24w: ISAKMP (0:8): Checking ISAKMP transform 1 against priority 3 policy
1y24w: ISAKMP: life type in seconds
1y24w: ISAKMP: life duration (basic) of 3600
1y24w: ISAKMP: encryption AES-CBC
1y24w: ISAKMP: keylength of 256
1y24w: ISAKMP: auth XAUTHInitPreShared
1y24w: ISAKMP: hash SHA
1y24w: ISAKMP: default group 2
1y24w: ISAKMP (0:8): Encryption algorithm offered does not match policy!
1y24w: ISAKMP (0:8): atts are not acceptable. Next payload is 3
1y24w: ISAKMP (0:8): Checking ISAKMP transform 2 against priority 3 policy
1y24w: ISAKMP: life type in seconds
1y24w: ISAKMP: life duration (basic) of 3600
1y24w: ISAKMP: encryption AES-CBC
1y24w: ISAKMP: keylength of 128
1y24w: ISAKMP: auth XAUTHInitPreShared
1y24w: ISAKMP: hash SHA
1y24w: ISAKMP: default group 2
1y24w: ISAKMP (0:8): Encryption algorithm offered does not match policy!
1y24w: ISAKMP (0:8): atts are not acceptable. Next payload is 3
1y24w: ISAKMP (0:8): Checking ISAKMP transform 3 against priority 3 policy
1y24w: ISAKMP: life type in seconds
1y24w: ISAKMP: life duration (basic) of 3600
1y24w: ISAKMP: encryption AES-CBC
1y24w: ISAKMP: keylength of 256
1y24w: ISAKMP: auth XAUTHInitPreShared
1y24w: ISAKMP: hash MD5
1y24w: ISAKMP: default group 2
1y24w: ISAKMP (0:8): Encryption algorithm offered does not match policy!
1y24w: ISAKMP (0:8): atts are not acceptable. Next payload is 3
1y24w: ISAKMP (0:8): Checking ISAKMP transform 4 against priority 3 policy
1y24w: ISAKMP: life type in seconds
1y24w: ISAKMP: life duration (basic) of 3600
1y24w: ISAKMP: encryption AES-CBC
1y24w: ISAKMP: keylength of 128
1y24w: ISAKMP: auth XAUTHInitPreShared
1y24w: ISAKMP: hash MD5
1y24w: ISAKMP: default group 2
1y24w: ISAKMP (0:8): Encryption algorithm offered does not match policy!
1y24w: ISAKMP (0:8): atts are not acceptable. Next payload is 3
1y24w: ISAKMP (0:8): Checking ISAKMP transform 5 against priority 3 policy
1y24w: ISAKMP: life type in seconds
1y24w: ISAKMP: life duration (basic) of 3600
1y24w: ISAKMP: encryption 3DES-CBC
1y24w: ISAKMP: auth XAUTHInitPreShared
1y24w: ISAKMP: hash SHA
1y24w: ISAKMP: default group 2
1y24w: ISAKMP (0:8): atts are acceptable. Next payload is 3
1y24w: ISAKMP (0:8): processing KE payload. message ID = 0
1y24w: ISAKMP (0:8): processing NONCE payload. message ID = 0
1y24w: ISAKMP (0:8): vendor ID is NAT-T v7
1y24w: ISAKMP (0:8): vendor ID is NAT-T v3
1y24w: ISAKMP (0:8): vendor ID is NAT-T v2
1y24w: ISAKMP (0:8): Input = IKE MESG_FROMPEER, IKE AMEXCH
1y24w: ISAKMP (0:8): Old State = IKE_READY New State = IKE R_AM_AAAAWAIT
1y24w: ISAKMP: got callback 1
1y24w: ISAKMP (0:8): SKEYID state generated
1y24w: ISAKMP (0:8): constructed NAT-T vendor-07 ID
1y24w: ISAKMP (0:8): SA is doing pre-shared key authentication plus XAUTH using id type ID IPV4ADDR
1y24w: ISAKMP (0:8): ID payload
next-payload : 10
type : 1
address : x.x.x.x
protocol : 17
port : 0
length : 12
1y24w: ISAKMP (8): Total payload length: 12
1y24w: ISAKMP (0:8): sending packet to 212.166.128.118 my_port 500 peer_port 500 (R) AG INITEXCH
1y24w: ISAKMP (0:8): Input = IKE MESG_FROMAAA, PRESHARED KEYREPLY
1y24w: ISAKMP (0:8): Old State = IKE R_AM_AAAAWAIT New State = IKE RAM2
1y24w: ISAKMP (0:0): received packet from 212.166.128.117 dport 4500 sport 4500 Global (N) NEW SA
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:8): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH
1y24w: ISAKMP (0:8): sending packet to 212.166.128.118 my_port 500 peer_port 500 (R) AG INITEXCH
1y24w: ISAKMP (0:0): received packet from 212.166.128.117 dport 4500 sport 4500 Global (N) NEW SA
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:8): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH
1y24w: ISAKMP (0:8): sending packet to 212.166.128.118 my_port 500 peer_port 500 (R) AG INITEXCH
1y24w: ISAKMP (0:0): received packet from 212.166.128.117 dport 4500 sport 4500 Global (N) NEW SA
1y24w: ISAKMP (0:6): purging SA., sa=8276914C, delme=8276914C
1y24w: %FW-6-SESS AUDITTRAIL: udp session initiator (192.168.11.69:5060) sent 1491 bytes -- responder (192.168.4.21:50000) sent 342 bytes
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:8): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH
1y24w: ISAKMP (0:8): sending packet to 212.166.128.118 my_port 500 peer_port 500 (R) AG INITEXCH
1y24w: ISAKMP (0:0): received packet from 212.166.128.117 dport 4500 sport 4500 Global (N) NEW SA
1y24w: %CRYPTO-4-IKMP NOSA: IKE message from 212.166.128.117 has no SA and is not an initialization offer
1y24w: ISAKMP (0:0): received packet from 212.166.128.117 dport 4500 sport 4500 Global (N) NEW SA
1y24w: ISAKMP (0:5): purging SA., sa=83463A3C, delme=83463A3C
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:8): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH
1y24w: ISAKMP (0:8): sending packet to 212.166.128.118 my_port 500 peer_port 500 (R) AG INITEXCH
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:8): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH
1y24w: ISAKMP (0:8): sending packet to 212.166.128.118 my_port 500 peer_port 500 (R) AG INITEXCH
1y24w: %SEC-6-IPACCESSLOGDP: list 120 denied icmp 82.207.44.234 -> x.x.x.x (8/0), 1 packet
1y24w: ISAKMP (0:7): purging SA., sa=8318FF08, delme=8318FF08
1y24w: ISAKMP (0:8): retransmitting phase 1 AG INITEXCH...
1y24w: ISAKMP (0:8): peer does not do paranoid keepalives.
1y24w: ISAKMP (0:8): deleting SA reason "death by retransmission P1" state (R) AG INITEXCH (peer 212.166.128.118) input queue 0
1y24w: ISAKMP (0:8): deleting SA reason "death by retransmission P1" state (R) AG INITEXCH (peer 212.166.128.118) input queue 0
1y24w: ISAKMP: Unlocking IKE struct 0x82ADFC0C for isadb mark_sadeleted(), count 0
1y24w: ISAKMP: Deleting peer node by peer_reap for 212.166.128.118: 82ADFC0C
1y24w: ISAKMP (0:8): Input = IKE MESGINTERNAL, IKE PHASE1DEL
1y24w: ISAKMP (0:8): Old State = IKE RAM2 New State = IKE DESTSA
1y24w: %SEC-6-IPACCESSLOGDP: list 120 denied icmp 82.207.44.234 -> x.x.x.x (8/0), 1 packet
x.x.x.x
Mac Pro 2.8ghz Intel Quad Core 4GB RAM, Mac OS X (10.6.5), Roland MT32, Roland SC-55, Roland CM-64