Hi again.
I captured the log from the Cisco concentrator (see below). It looks like (to a layman like me) that the Mac & Cisco are negotiating some encryption protocol and then has some troubles with IKEDECODE and then shows the following problem near the end:
2989 07/21/2011 11:31:07.220 SEV=6 IKE/130 RPT=11002 172.16.110.252
Group [NF_SE_IPSec] User [twolf]
Received unsupported transaction mode attribute: 5
2991 07/21/2011 11:31:07.220 SEV=5 IKE/184 RPT=9995 172.16.110.252
If you have any idea as to what to try next, please do. Any info is much appreciated.
Tom
2851 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12318 172.16.110.252
Transform # 1 Decode for Proposal # 1:
Transform # : 1
Transform ID : IKE (1)
Length : 36
2853 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12319 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 1:
Life Time : 3600 seconds
Encryption Alg: AES (7)
Key Length : 256 Bits (256)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : SHA (2)
DH Group : Oakley Group 2 (2)
2859 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12320 172.16.110.252
Transform # 2 Decode for Proposal # 1:
Transform # : 2
Transform ID : IKE (1)
Length : 36
2861 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12321 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 2:
Life Time : 3600 seconds
Encryption Alg: AES (7)
Key Length : 128 Bits (128)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : SHA (2)
DH Group : Oakley Group 2 (2)
2867 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12322 172.16.110.252
Transform # 3 Decode for Proposal # 1:
Transform # : 3
Transform ID : IKE (1)
Length : 36
2869 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12323 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 3:
Life Time : 3600 seconds
Encryption Alg: AES (7)
Key Length : 256 Bits (256)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : MD5 (1)
DH Group : Oakley Group 2 (2)
2875 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12324 172.16.110.252
Transform # 4 Decode for Proposal # 1:
Transform # : 4
Transform ID : IKE (1)
Length : 36
2877 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12325 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 4:
Life Time : 3600 seconds
Encryption Alg: AES (7)
Key Length : 128 Bits (128)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : MD5 (1)
DH Group : Oakley Group 2 (2)
2883 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12326 172.16.110.252
Transform # 5 Decode for Proposal # 1:
Transform # : 5
Transform ID : IKE (1)
Length : 32
2885 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12327 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 5:
Life Time : 3600 seconds
Encryption Alg: Triple-DES (5)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : SHA (2)
DH Group : Oakley Group 2 (2)
2890 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12328 172.16.110.252
Transform # 6 Decode for Proposal # 1:
Transform # : 6
Transform ID : IKE (1)
Length : 32
2892 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12329 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 6:
Life Time : 3600 seconds
Encryption Alg: Triple-DES (5)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : MD5 (1)
DH Group : Oakley Group 2 (2)
2897 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12330 172.16.110.252
Transform # 7 Decode for Proposal # 1:
Transform # : 7
Transform ID : IKE (1)
Length : 32
2899 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12331 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 7:
Life Time : 3600 seconds
Encryption Alg: DES-CBC (1)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : SHA (2)
DH Group : Oakley Group 2 (2)
2904 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12332 172.16.110.252
Transform # 8 Decode for Proposal # 1:
Transform # : 8
Transform ID : IKE (1)
Length : 32
2906 07/21/2011 11:31:02.550 SEV=8 IKEDECODE/0 RPT=12333 172.16.110.252
Phase 1 SA Attribute Decode for Transform # 8:
Life Time : 3600 seconds
Encryption Alg: DES-CBC (1)
Auth Method : XAUTH with Preshared Key (Initiator authenticated) (65001)
Hash Alg : MD5 (1)
DH Group : Oakley Group 2 (2)
2911 07/21/2011 11:31:02.660 SEV=12 IKEDECODE/0 RPT=12334
IKE Decode of received SA attributes follows:
0000: 800B0001 800C0E10 80010007 800E0100 ................
0010: 8003FDE9 80020002 80040002 ............
2914 07/21/2011 11:31:02.660 SEV=12 IKEDECODE/0 RPT=12335
IKE Decode of received SA attributes follows:
0000: 800B0001 800C0E10 80010007 800E0080 ................
0010: 8003FDE9 80020002 80040002 ............
2917 07/21/2011 11:31:02.660 SEV=12 IKEDECODE/0 RPT=12336
IKE Decode of received SA attributes follows:
0000: 800B0001 800C0E10 80010007 800E0100 ................
0010: 8003FDE9 80020001 80040002 ............
2920 07/21/2011 11:31:02.660 SEV=12 IKEDECODE/0 RPT=12337
IKE Decode of received SA attributes follows:
0000: 800B0001 800C0E10 80010007 800E0080 ................
0010: 8003FDE9 80020001 80040002 ............
2923 07/21/2011 11:31:02.660 SEV=12 IKEDECODE/0 RPT=12338
IKE Decode of received SA attributes follows:
0000: 800B0001 800C0E10 80010005 8003FDE9 ................
0010: 80020002 80040002 ........
2926 07/21/2011 11:31:02.660 SEV=12 IKEDECODE/0 RPT=12339
IKE Decode of received SA attributes follows:
0000: 800B0001 800C0E10 80010005 8003FDE9 ................
0010: 80020001 80040002 ........
2929 07/21/2011 11:31:02.910 SEV=8 IKEDECODE/0 RPT=12340 172.16.110.252
ISAKMP HEADER : ( Version 1.0 )
Initiator Cookie(8): 0D DE A3 55 D2 30 3A 92
Responder Cookie(8): C2 D8 6D 76 A8 2B DE 37
Next Payload : HASH (8)
Exchange Type : Oakley Aggressive Mode
Flags : 1 (ENCRYPT )
Message ID : 0
Length : 84
2935 07/21/2011 11:31:02.910 SEV=8 IKEDECODE/0 RPT=12341 172.16.110.252
Notify Payload Decode :
DOI : IPSEC (1)
Protocol : ISAKMP (1)
Message : Initial contact (24578)
Spi : 0D DE A3 55 D2 30 3A 92 C2 D8 6D 76 A8 2B DE 37
Length : 28
2967 07/21/2011 11:31:06.900 SEV=8 IKEDECODE/0 RPT=12346 172.16.110.252
ISAKMP HEADER : ( Version 1.0 )
Initiator Cookie(8): 0D DE A3 55 D2 30 3A 92
Responder Cookie(8): C2 D8 6D 76 A8 2B DE 37
Next Payload : HASH (8)
Exchange Type : Oakley Transactional
Flags : 1 (ENCRYPT )
Message ID : 3964d242
Length : 84
2974 07/21/2011 11:31:07.210 SEV=4 IKE/52 RPT=11077 172.16.110.252
Group [NF_SE_IPSec] User [twolf]
User (twolf) authenticated.
2975 07/21/2011 11:31:07.220 SEV=8 IKEDECODE/0 RPT=12347 172.16.110.252
ISAKMP HEADER : ( Version 1.0 )
Initiator Cookie(8): 0D DE A3 55 D2 30 3A 92
Responder Cookie(8): C2 D8 6D 76 A8 2B DE 37
Next Payload : HASH (8)
Exchange Type : Oakley Transactional
Flags : 1 (ENCRYPT )
Message ID : 5495234e
Length : 68
2982 07/21/2011 11:31:07.220 SEV=8 IKEDECODE/0 RPT=12348 172.16.110.252
ISAKMP HEADER : ( Version 1.0 )
Initiator Cookie(8): 0D DE A3 55 D2 30 3A 92
Responder Cookie(8): C2 D8 6D 76 A8 2B DE 37
Next Payload : HASH (8)
Exchange Type : Oakley Transactional
Flags : 1 (ENCRYPT )
Message ID : ebe3575e
Length : 164
2989 07/21/2011 11:31:07.220 SEV=6 IKE/130 RPT=11002 172.16.110.252
Group [NF_SE_IPSec] User [twolf]
Received unsupported transaction mode attribute: 5
2991 07/21/2011 11:31:07.220 SEV=5 IKE/184 RPT=9995 172.16.110.252