ElPolloDiablo
Posts: 2
Joined: 21.Feb.2005
Status: offline
|
Hi, I must establish a site-to-site VPN between my of my subnet in a DMZ to a remote 3rd party subnet, on my side I use an ISA 2004 SP2 server, on the 3rd party site there's a Netscreen firewall, that I don't control at all.
Remote LAN (in one DMZ among many I suppose) : 10.1.0.0/24
|
Netscreen LAN
|
Netscreen WAN : 3rd party public IP
|
|
ISA 2004 WAN : my public IP
|
|____________________________________________________________________
| | |
ISA 2004 "internal" : 10.2.0.0/24 DMZ1 : 192.168.1.0/24 DMZ2 : 192.168.2.0/24
In this case DMZ2 is the subnet that I must connect to the subnet behind the remote netscreen, DMZ1 is used with another site-to-site VPN to a Cisco Pix (and a 172.x.x.x subnet) that works just fine.
The probleme is I can't even complete phase 1, we've check both side parameters a dozen times and we can't find the source of the problem, and I don't know the first thing about netscreen firewalls, and so does the 3rd party about ISA 2004, which surely doesn't help.
On my end the oakley.log gives this :
5-29: 09:59:07:939:36c Receive: (get) SA = 0x00000000 from remote_public_ip.500
5-29: 09:59:07:939:36c ISAKMP Header: (V1.0), len = 156
5-29: 09:59:07:939:36c I-COOKIE 0271ef181ae341cd
5-29: 09:59:07:939:36c R-COOKIE 0000000000000000
5-29: 09:59:07:939:36c exchange: Oakley Main Mode
5-29: 09:59:07:939:36c flags: 0
5-29: 09:59:07:939:36c next payload: SA
5-29: 09:59:07:939:36c message ID: 00000000
5-29: 09:59:07:939:36c Filter to match: Src remote_public_ip Dst my_public_ip
5-29: 09:59:07:939:36c MM PolicyName: ISA Server 3rd party VPN MM Policy
5-29: 09:59:07:939:36c MMPolicy dwFlags 0 SoftSAExpireTime 28800
5-29: 09:59:07:939:36c MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
5-29: 09:59:07:939:36c MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
5-29: 09:59:07:939:36c Auth[0]:PresharedKey KeyLen 48
5-29: 09:59:07:939:36c Responding with new SA 100958
5-29: 09:59:07:939:36c processing payload SA
5-29: 09:59:07:939:36c Received Phase 1 Transform 1
5-29: 09:59:07:939:36c Encryption Alg Triple DES CBC(5)
5-29: 09:59:07:939:36c Hash Alg SHA(2)
5-29: 09:59:07:939:36c Oakley Group 2
5-29: 09:59:07:939:36c Auth Method Cl‚ pr‚-partag‚e(1)
5-29: 09:59:07:939:36c Life type in Seconds
5-29: 09:59:07:939:36c Life duration of 28800
5-29: 09:59:07:939:36c Phase 1 SA accepted: transform=1
5-29: 09:59:07:952:36c SA - Oakley proposal accepted
5-29: 09:59:07:952:36c processing payload VENDOR ID
5-29: 09:59:07:952:36c processing payload VENDOR ID
5-29: 09:59:07:952:36c processing payload VENDOR ID
5-29: 09:59:07:952:36c ClearFragList
5-29: 09:59:07:952:36c constructing ISAKMP Header
5-29: 09:59:07:952:36c constructing SA (ISAKMP)
5-29: 09:59:07:952:36c Constructing Vendor MS NT5 ISAKMPOAKLEY
5-29: 09:59:07:952:36c Constructing Vendor FRAGMENTATION
5-29: 09:59:07:952:36c Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
5-29: 09:59:07:952:36c
5-29: 09:59:07:952:36c Sending: SA = 0x00100958 to remote_public_ip:Type 2.500
5-29: 09:59:07:952:36c ISAKMP Header: (V1.0), len = 148
5-29: 09:59:07:952:36c I-COOKIE 0271ef181ae341cd
5-29: 09:59:07:952:36c R-COOKIE 66d039ae27265c07
5-29: 09:59:07:952:36c exchange: Oakley Main Mode
5-29: 09:59:07:952:36c flags: 0
5-29: 09:59:07:952:36c next payload: SA
5-29: 09:59:07:952:36c message ID: 00000000
5-29: 09:59:07:952:36c Ports S:f401 D:f401
5-29: 09:59:07:993:36c
5-29: 09:59:07:993:36c Receive: (get) SA = 0x00100958 from remote_public_ip.500
5-29: 09:59:07:993:36c ISAKMP Header: (V1.0), len = 184
5-29: 09:59:07:993:36c I-COOKIE 0271ef181ae341cd
5-29: 09:59:07:993:36c R-COOKIE 66d039ae27265c07
5-29: 09:59:07:993:36c exchange: Oakley Main Mode
5-29: 09:59:07:993:36c flags: 0
5-29: 09:59:07:993:36c next payload: KE
5-29: 09:59:07:993:36c message ID: 00000000
5-29: 09:59:07:993:36c processing payload KE
5-29: 09:59:08:34:36c processing payload NONCE
5-29: 09:59:08:34:36c ClearFragList
5-29: 09:59:08:34:36c constructing ISAKMP Header
5-29: 09:59:08:34:36c constructing KE
5-29: 09:59:08:34:36c constructing NONCE (ISAKMP)
5-29: 09:59:08:34:36c
5-29: 09:59:08:34:36c Sending: SA = 0x00100958 to remote_public_ip:Type 2.500
5-29: 09:59:08:34:36c ISAKMP Header: (V1.0), len = 184
5-29: 09:59:08:34:36c I-COOKIE 0271ef181ae341cd
5-29: 09:59:08:34:36c R-COOKIE 66d039ae27265c07
5-29: 09:59:08:34:36c exchange: Oakley Main Mode
5-29: 09:59:08:34:36c flags: 0
5-29: 09:59:08:34:36c next payload: KE
5-29: 09:59:08:34:36c message ID: 00000000
5-29: 09:59:08:34:36c Ports S:f401 D:f401
5-29: 09:59:08:47:36c
5-29: 09:59:08:47:36c Receive: (get) SA = 0x00100958 from remote_public_ip.500
5-29: 09:59:08:47:36c ISAKMP Header: (V1.0), len = 68
5-29: 09:59:08:47:36c I-COOKIE 0271ef181ae341cd
5-29: 09:59:08:47:36c R-COOKIE 66d039ae27265c07
5-29: 09:59:08:47:36c exchange: Oakley Main Mode
5-29: 09:59:08:47:36c flags: 1 ( encrypted )
5-29: 09:59:08:47:36c next payload: ID
5-29: 09:59:08:47:36c message ID: 00000000
5-29: 09:59:08:47:36c invalid payload received
5-29: 09:59:08:75:36c ID de la cl‚ pr‚-partag‚e. Adresse IP de l'homologue˙: remote_public_ip
5-29: 09:59:08:75:36c Adresse IP sourcemy_public_ip Masque d'adresse IP source 255.255.255.255 Adresse IP de destination remote_public_ip Masque d'adresse IP de destination 255.255.255.255 Protocole 0 Port source 0 Port de destination 0 Adresse locale IKE my_public_ip Adresse homologue IKE remote_public_ip Port source IKE 500 Port de destination IKE 500 Adr priv‚e homologue
5-29: 09:59:08:75:36c GetPacket failed 3613
5-29: 09:59:09:162:dc retransmit: sa = 00100958 centry 00000000 , count = 1
5-29: 09:59:09:162:dc
5-29: 09:59:09:162:dc Sending: SA = 0x00100958 to remote_public_ip:Type 2.500
5-29: 09:59:09:162:dc ISAKMP Header: (V1.0), len = 184
5-29: 09:59:09:162:dc I-COOKIE 0271ef181ae341cd
5-29: 09:59:09:162:dc R-COOKIE 66d039ae27265c07
5-29: 09:59:09:162:dc exchange: Oakley Main Mode
5-29: 09:59:09:162:dc flags: 0
5-29: 09:59:09:162:dc next payload: KE
5-29: 09:59:09:162:dc message ID: 00000000
5-29: 09:59:09:162:dc Ports S:f401 D:f401
5-29: 09:59:10:903:dc retransmit: sa = 00100958 centry 00000000 , count = 2
5-29: 09:59:10:903:dc
5-29: 09:59:10:903:dc Sending: SA = 0x00100958 to remote_public_ip:Type 2.500
5-29: 09:59:10:903:dc ISAKMP Header: (V1.0), len = 184
5-29: 09:59:10:903:dc I-COOKIE 0271ef181ae341cd
5-29: 09:59:10:903:dc R-COOKIE 66d039ae27265c07
5-29: 09:59:10:903:dc exchange: Oakley Main Mode
5-29: 09:59:10:903:dc flags: 0
5-29: 09:59:10:903:dc next payload: KE
5-29: 09:59:10:903:dc message ID: 00000000
5-29: 09:59:10:903:dc Ports S:f401 D:f401
5-29: 09:59:11:351:36c
5-29: 09:59:11:351:36c Receive: (get) SA = 0x00100958 from remote_public_ip.500
5-29: 09:59:11:351:36c ISAKMP Header: (V1.0), len = 68
5-29: 09:59:11:351:36c I-COOKIE 0271ef181ae341cd
5-29: 09:59:11:351:36c R-COOKIE 66d039ae27265c07
5-29: 09:59:11:351:36c exchange: Oakley Main Mode
5-29: 09:59:11:351:36c flags: 1 ( encrypted )
5-29: 09:59:11:351:36c next payload: ID
5-29: 09:59:11:351:36c message ID: 00000000
5-29: 09:59:11:351:36c invalid payload received
5-29: 09:59:11:351:36c GetPacket failed 3613
5-29: 09:59:14:383:dc retransmit: sa = 00100958 centry 00000000 , count = 3
The Netscreen logs that the 3rd party gave me look like this :
## 15:08:25 : IKE<my_public_ip4 > Create sa: 3rd_party_public_ip->my_public_ip4
## 15:08:25 : IKE<0.0.0.0 > getProfileFromP1Proposal->
## 15:08:25 : IKE<0.0.0.0 > xauthstatus is 0
## 15:08:25 : IKE<0.0.0.0 > find profile[0]=<00000005 00000002 00000001 00000002> for p1 proosal (id 5)
## 15:08:25 : IKE<0.0.0.0 > init p1sa by peer, pidt = 0x0
## 15:08:25 : IKE<0.0.0.0 > peer change peer identity for p1 sa, pidt = 0x0
## 15:08:25 : IKE<0.0.0.0 > create peer identity 0863005fb0
## 15:08:25 : IKE<my_public_ip4 > Phase 2 task added
## 15:08:25 : IKE<my_public_ip4 > Phase 1: Initiated negotiation in main mode. <3rd_party_public_ip => my_public_ip4>
## 15:08:25 : IKE<my_public_ip4 > Construct ISAKMP header.
## 15:08:25 : IKE<my_public_ip4 > Msg header built (next payload #1)
## 15:08:25 : IKE<my_public_ip4 > Construct [SA] for ISAKMP
## 15:08:25 : IKE<my_public_ip4 > auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)
## 15:08:25 : IKE<my_public_ip4 > xauth: disabled
## 15:08:25 : IKE<my_public_ip4 > lifetime/lifesize (28800/0)
## 15:08:25 : IKE<my_public_ip4 > Construct NetScreen [VID]
## 15:08:25 : IKE<my_public_ip4 > Construct custom [VID]
## 15:08:25 : IKE<my_public_ip4 > Xmit : [SA] [VID] [VID]
## 15:08:25 : IKE<my_public_ip4 > send_request to peer
## 15:08:25 : IKE<my_public_ip4 > Send Phase 1 packet (len=136)
## 15:08:25 : IKE<my_public_ip4 > ike packet, len 176, action 0
## 15:08:25 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:25 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:25 : IKE<my_public_ip4 > Catcher: get 148 bytes. src port 500
## 15:08:25 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 0/0001, i):
## 15:08:25 : IKE<my_public_ip4 > ISAKMP msg: len 148, nxp 1[SA], exch 2[MM], flag 00
## 15:08:25 : IKE<my_public_ip4 > Recv : [SA] [VID] [VID] [VID]
## 15:08:25 : IKE<my_public_ip4 > extract payload (120):
## 15:08:25 : IKE<my_public_ip4 > MM in state OAK_MM_NO_STATE.
## 15:08:25 : IKE<my_public_ip4 > Process [VID]:
## 15:08:25 : IKE<my_public_ip4 > Vendor ID:
## 15:08:25 : 1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
## 15:08:25 : 00 00 00 04
## 15:08:25 : IKE<my_public_ip4 > receive unknown vendor ID payload
## 15:08:25 : IKE<my_public_ip4 > Process [VID]:
## 15:08:25 : IKE<my_public_ip4 > Vendor ID:
## 15:08:25 : 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
## 15:08:25 : IKE<my_public_ip4 > rcv non-NAT-Traversal VID payload.
## 15:08:25 : IKE<my_public_ip4 > Process [VID]:
## 15:08:25 : IKE<my_public_ip4 > Vendor ID:
## 15:08:25 : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
## 15:08:25 : IKE<my_public_ip4 > rcv non-NAT-Traversal VID payload.
## 15:08:25 : IKE<my_public_ip4 > Process [SA]:
## 15:08:25 : IKE<my_public_ip4 > Proposal received:
## 15:08:25 : IKE<my_public_ip4 > auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)
## 15:08:25 : IKE<my_public_ip4 > xauth: disabled
## 15:08:25 : IKE<my_public_ip4 > Phase 1 proposal [0] selected.
## 15:08:25 : IKE<my_public_ip4 > SA Life Type = seconds
## 15:08:25 : IKE<my_public_ip4 > SA lifetime (TLV) = 28800
## 15:08:25 : IKE<0.0.0.0 > dh group 2
## 15:08:25 : IKE<my_public_ip4 > DH_BG_consume OK. p1 resp
## 15:08:25 : IKE<my_public_ip4 > Phase 1 MM Initiator constructing 3rd message.
## 15:08:25 : IKE<my_public_ip4 > Construct ISAKMP header.
## 15:08:25 : IKE<my_public_ip4 > Msg header built (next payload #4)
## 15:08:25 : IKE<my_public_ip4 > Construct [KE] for ISAKMP
## 15:08:25 : IKE<my_public_ip4 > Construct [NONCE]
## 15:08:25 : IKE<my_public_ip4 > Xmit : [KE] [NONCE]
## 15:08:25 : IKE<my_public_ip4 > send_request to peer
## 15:08:25 : IKE<my_public_ip4 > Send Phase 1 packet (len=184)
## 15:08:25 : IKE<my_public_ip4 > IKE msg done: PKI state<0> IKE state<1/0007>
## 15:08:25 : IKE<my_public_ip4 > ike packet, len 212, action 0
## 15:08:25 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:25 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:25 : IKE<my_public_ip4 > Catcher: get 184 bytes. src port 500
## 15:08:25 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 1/0007, i):
## 15:08:25 : IKE<my_public_ip4 > ISAKMP msg: len 184, nxp 4[KE], exch 2[MM], flag 00
## 15:08:25 : IKE<my_public_ip4 > Recv : [KE] [NONCE]
## 15:08:25 : IKE<my_public_ip4 > extract payload (156):
## 15:08:25 : IKE<my_public_ip4 > MM in state OAK_MM_SA_SETUP.
## 15:08:25 : IKE<my_public_ip4 > Process [KE]:
## 15:08:25 : IKE<my_public_ip4 > processing ISA_KE in phase 1.
## 15:08:25 : IKE<0.0.0.0 > pka_job_enqueue, cmd 1, p1 init cookie 72df6af4e6b6,1, msg_id 0x00000000
## 15:08:25 : IKE<0.0.0.0 > DH job submitted to pka #0, cmd 1, p1 init cookie 72df6af4e6b6,1, msg_id 0x00000000
## 15:08:25 : IKE<0.0.0.0 > start offline DH, cmd 1, p1 init cookie 72df6af4e6b6,1, msg_id 0x00000000
## 15:08:25 : IKE<my_public_ip4 > Process [NONCE]:
## 15:08:25 : IKE<my_public_ip4 > processing NONCE in phase 1.
## 15:08:25 : IKE<my_public_ip4 > IKE msg done: PKI state<0> IKE state<1/000f>
## 15:08:25 : IKE<0.0.0.0 > DH job done on pka #0, status 0x00000008, cmd 1, p1 init cookie 72df6af4e6b6,1, msg_id 0x000000
## 15:08:25 : IKE<0.0.0.0 > IKE dh event 63007800, 1
## 15:08:25 : IKE<0.0.0.0 > got finished DH, cmd 1, p1 init cookie 72df6af4e6b6,1, msg_id 0x00000000
## 15:08:25 : IKE<my_public_ip4 > gen_skeyid()
## 15:08:25 : IKE<my_public_ip4 > MM in state OAK_MM_SA_SETUP.
## 15:08:25 : IKE<my_public_ip4 > re-enter MM after offline DH done
## 15:08:25 : IKE<my_public_ip4 > Phase 1 MM Initiator constructing 5th message.
## 15:08:25 : IKE<my_public_ip4 > Construct ISAKMP header.
## 15:08:25 : IKE<my_public_ip4 > Msg header built (next payload #5)
## 15:08:25 : IKE<my_public_ip4 > Construct [ID] for ISAKMP
## 15:08:25 : IKE<my_public_ip4 > Construct [HASH]
## 15:08:25 : IKE<my_public_ip4 > ID, len=8, type=1, pro=17, port=500,
## 15:08:25 : IKE<my_public_ip4 > addr=3rd_party_public_ip
## 15:08:25 : IKE<my_public_ip4 > throw packet to the peer, paket_len=64
## 15:08:25 : IKE<my_public_ip4 > Xmit*: [ID] [HASH]
## 15:08:25 : IKE<my_public_ip4 > Encrypt P1 payload (len 64)
## 15:08:25 : IKE<my_public_ip4 > send_request to peer
## 15:08:25 : IKE<my_public_ip4 > Send Phase 1 packet (len=68)
## 15:08:26 : IKE<my_public_ip4 > nhtb_list_update_status: vpn VPN_OL, status 8
## 15:08:26 : IKE<my_public_ip4 > ike packet, len 212, action 0
## 15:08:26 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:26 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:26 : IKE<my_public_ip4 > Catcher: get 184 bytes. src port 500
## 15:08:26 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:26 : IKE<my_public_ip4 > ISAKMP msg: len 184, nxp 4[KE], exch 2[MM], flag 00
## 15:08:26 : IKE<my_public_ip4 > Recv : [KE] [NONCE]
## 15:08:26 : IKE<my_public_ip4 > Receive re-transmit IKE packet phase 1 SA(my_public_ip4) exchg(2) len(184)
## 15:08:27 : IKE<my_public_ip4 > ike packet, len 112, action 0
## 15:08:27 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:27 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:27 : IKE<my_public_ip4 > Catcher: get 84 bytes. src port 500
## 15:08:27 : IKE<my_public_ip4 > New Phase 1 SA
## 15:08:27 : IKE<my_public_ip4 > ISAKMP msg: len 84, nxp 8[HASH], exch 5[INFO], flag 01 E
## 15:08:27 : IKE<my_public_ip4 > Cannot locate phase 1 session for IKE packet. next payload type<8>
## 15:08:28 : IKE<my_public_ip4 > ike packet, len 212, action 0
## 15:08:28 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:28 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:28 : IKE<my_public_ip4 > Catcher: get 184 bytes. src port 500
## 15:08:28 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:28 : IKE<my_public_ip4 > ISAKMP msg: len 184, nxp 4[KE], exch 2[MM], flag 00
## 15:08:28 : IKE<my_public_ip4 > Recv : [KE] [NONCE]
## 15:08:28 : IKE<my_public_ip4 > Receive re-transmit IKE packet phase 1 SA(my_public_ip4) exchg(2) len(184)
## 15:08:30 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:30 : IKE<my_public_ip4 > re-trans timer expired, msg retry (0) (100f/2)
## 15:08:30 : IKE<my_public_ip4 > send_request to peer
## 15:08:30 : IKE<my_public_ip4 > Send Phase 1 packet (len=68)
## 15:08:32 : IKE<0.0.0.0 > Start DH BG gen for group 2
## 15:08:32 : IKE<0.0.0.0 > dh group 2
## 15:08:32 : IKE<0.0.0.0 > pka_job_enqueue, cmd 0, p1 init cookie 6e756c6c0000,0, msg_id 0x00000000
## 15:08:32 : IKE<0.0.0.0 > DH job submitted to pka #0, cmd 0, p1 init cookie 6e756c6c0000,0, msg_id 0x00000000
## 15:08:32 : IKE<0.0.0.0 > start offline DH, cmd 0, p1 init cookie 6e756c6c0000,0, msg_id 0x00000000
## 15:08:32 : IKE<0.0.0.0 > DH job done on pka #0, status 0x00000008, cmd 0, p1 init cookie 6e756c6c0000,0, msg_id 0x000000
## 15:08:32 : IKE<0.0.0.0 > IKE dh event 63007800, 1
## 15:08:32 : IKE<0.0.0.0 > got finished DH, cmd 0, p1 init cookie 6e756c6c0000,0, msg_id 0x00000000
## 15:08:32 : IKE<my_public_ip4 > ike packet, len 212, action 0
## 15:08:32 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:32 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:32 : IKE<my_public_ip4 > Catcher: get 184 bytes. src port 500
## 15:08:32 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:32 : IKE<my_public_ip4 > ISAKMP msg: len 184, nxp 4[KE], exch 2[MM], flag 00
## 15:08:32 : IKE<my_public_ip4 > Recv : [KE] [NONCE]
## 15:08:32 : IKE<my_public_ip4 > Receive re-transmit IKE packet phase 1 SA(my_public_ip4) exchg(2) len(184)
## 15:08:34 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:34 : IKE<my_public_ip4 > re-trans timer expired, msg retry (1) (100f/2)
## 15:08:34 : IKE<my_public_ip4 > send_request to peer
## 15:08:34 : IKE<my_public_ip4 > Send Phase 1 packet (len=68)
## 15:08:38 : IKE<my_public_ip4 > nhtb_list_update_status: vpn VPN_OL, status 8
## 15:08:38 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:38 : IKE<my_public_ip4 > re-trans timer expired, msg retry (2) (100f/2)
## 15:08:38 : IKE<my_public_ip4 > send_request to peer
## 15:08:38 : IKE<my_public_ip4 > Send Phase 1 packet (len=68)
## 15:08:40 : IKE<my_public_ip4 > ike packet, len 212, action 0
## 15:08:40 : IKE<0.0.0.0 > coach. sock 2048
## 15:08:40 : IKE<my_public_ip4 > ****** Recv packet if <ethernet1/1> of vsys <Root> ******
## 15:08:40 : IKE<my_public_ip4 > Catcher: get 184 bytes. src port 500
## 15:08:40 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:40 : IKE<my_public_ip4 > ISAKMP msg: len 184, nxp 4[KE], exch 2[MM], flag 00
## 15:08:40 : IKE<my_public_ip4 > Recv : [KE] [NONCE]
## 15:08:40 : IKE<my_public_ip4 > Receive re-transmit IKE packet phase 1 SA(my_public_ip4) exchg(2) len(184)
## 15:08:42 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:42 : IKE<my_public_ip4 > re-trans timer expired, msg retry (3) (100f/2)
## 15:08:42 : IKE<my_public_ip4 > send_request to peer
## 15:08:42 : IKE<my_public_ip4 > Send Phase 1 packet (len=68)
## 15:08:46 : IKE<my_public_ip4 > SA: (Root, local 3rd_party_public_ip, state 2/100f +, i):
## 15:08:46 : IKE<my_public_ip4 > re-trans timer expired, msg retry (4) (100f/2)
## 15:08:46 : IKE<my_public_ip4 > send_request to peer
## 15:08:46 : IKE<my_public_ip4 > Send Phase 1 packet (len=68)
And from there I'm stuck, I tried to google the error codes but it didn't gave me any useful info.
The 3rd party says there's nothing wrong on his side (something that I can't verify), and I really don't know what could be wrong on mine, so any lead will be a great help, thanks in advance.
|
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
Problem with ISA/Netscreen site-to-site - 
RE: Problem with ISA/Netscreen site-to-site - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread