• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Book - 743 - L2TP VPN Problems

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Book - 743 - L2TP VPN Problems Page: [1]
Login
Message << Older Topic   Newer Topic >>
Book - 743 - L2TP VPN Problems - 24.Feb.2005 3:57:00 PM   
helfirex

 

Posts: 86
Joined: 2.Jan.2004
Status: offline
Here we go, set up a vpn conection as per the book. <Client - Dialup> - <Internet> - <ISA> - <LAN>

Client is win xp SP2 with all patches and Nat Fix applied to reg. Conects to internet via dial up. VPN client set shared key and also has certs applied. Windows firewall disabled.

Isa 2004 running on win 2003, is directly conected to the internet using an actel speedtouch internal modem(static ip address from isp). Its also part of an AD domain. Set up per the book with same shared key (123) as the client. Also has certs installed from cert server running on my DC (enterprise cert server).

DC is win 2003 with AD,Enterprise cert server, DNS, DHCP.

Ok i can connect using PPTP no problem. Browse the network and access files. Also used to install certs on client. But soon as i select to use L2TP on the client with ether pre shared key or to use certs i get a error 678 remote computer did not respond. Tried reinstalling isa re doing all the settings, checked and redid shared key and all certs. And still the exact same thing.
I`m not getting any failurs un the security logs on the isa server or on the client. On the isa server i have an alow rule to allow all protocols from vpn clients to all internal.
Here is the logs from the isa when trying to make the L2TP conection.

10.0.0.1 - ISA
10.0.0.2 - DC
80.229.x.x - ISA external address
62.7.164.198 - Clients address from isp

Destination IP Destination Port Source Port Client IP Protocol Action Rule Source Network Destination Network Original Client IP Transport Result Code

80.229.x.x 500 500 62.7.164.198 IKE Client Initiated Connection Allow VPN client traffic to ISA Server External Local Host 62.7.164.198 UDP 0x0
255.255.255.255 67 68 10.0.0.20 DHCP (request) Denied Connection Default rule Internal Local Host 10.0.0.20 UDP 0xc004000d FWX_E_POLICY_RULES_DENIED
10.0.0.2 389 10899 10.0.0.1 LDAP Closed Connection Local Host Internal 10.0.0.1 TCP 0x80074e21
10.0.0.2 389 10902 10.0.0.1 LDAP Initiated Connection Local Host Internal 10.0.0.1 TCP 0x0
80.229.x.x 1701 1701 62.7.164.198 L2TP Client Initiated Connection Allow VPN client traffic to ISA Server External Local Host 62.7.164.198 UDP 0x0
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
218.151.0.153 4918 25 80.229.x.x Unidentified IP Traffic Denied Connection Local Host External 80.229.x.x TCP 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
212.159.13.49 53 1057 10.0.0.2 DNS Closed Connection DNS From Internal Network Internal External 10.0.0.2 UDP 0x80074e20
10.0.0.2 389 10902 10.0.0.1 LDAP Closed Connection Local Host Internal 10.0.0.1 TCP 0x80074e21
10.0.0.2 389 10906 10.0.0.1 LDAP Initiated Connection Local Host Internal 10.0.0.1 TCP 0x0
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
80.229.x.x 10903 1701 80.229.x.x Unidentified IP Traffic Denied Connection Local Host Local Host 80.229.x.x UDP 0xc004002d FWX_E_UNREACHABLE_ADDRESS
10.0.0.2 389 10906 10.0.0.1 LDAP Closed Connection Local Host Internal 10.0.0.1 TCP 0x80074e21
10.0.0.2 389 10907 10.0.0.1 LDAP Initiated Connection Local Host Internal 10.0.0.1 TCP 0x0
255.255.255.255 67 68 10.0.0.20 DHCP (request) Denied Connection Default rule Internal Local Host 10.0.0.20 UDP 0xc004000d FWX_E_POLICY_RULES_DENIED
255.255.255.255 67 68 10.0.0.20 DHCP (request) Denied Connection Default rule Internal Local Host 10.0.0.20 UDP 0xc004000d FWX_E_POLICY_RULES_DENIED
10.0.0.2 389 10907 10.0.0.1 LDAP Closed Connection Local Host Internal 10.0.0.1 TCP 0x80074e21
10.0.0.2 389 10908 10.0.0.1 LDAP Initiated Connection Local Host Internal 10.0.0.1 TCP 0x0
10.0.0.2 0 8 10.0.0.1 Ping Initiated Connection Allow ICMP requests from ISA Server to selected servers Local Host Internal 10.0.0.1 ICMP 0x0
10.0.0.2 137 137 10.0.0.30 NetBios Name Service Denied Connection Local Host Internal 10.0.0.30 UDP 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
10.0.0.2 137 137 10.0.0.30 NetBios Name Service Denied Connection Local Host Internal 10.0.0.30 UDP 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
10.0.0.2 137 137 10.0.0.30 NetBios Name Service Denied Connection Local Host Internal 10.0.0.30 UDP 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
10.0.0.2 389 10908 10.0.0.1 LDAP Closed Connection Local Host Internal 10.0.0.1 TCP 0x80074e21
10.0.0.2 389 10910 10.0.0.1 LDAP Initiated Connection Local Host Internal 10.0.0.1 TCP 0x0
10.0.0.2 137 137 10.0.0.30 NetBios Name Service Denied Connection Local Host Internal 10.0.0.30 UDP 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
10.0.0.2 137 137 10.0.0.30 NetBios Name Service Denied Connection Local Host Internal 10.0.0.30 UDP 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
10.0.0.2 137 137 10.0.0.30 NetBios Name Service Denied Connection Local Host Internal 10.0.0.30 UDP 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
10.0.0.2 53 10912 10.0.0.1 DNS Initiated Connection Allow DNS from ISA Server to selected servers Local Host Internal 10.0.0.1 UDP 0x0
10.0.0.2 389 10915 10.0.0.1 LDAP (UDP) Initiated Connection Allow access to directory services for authentication purposes Local Host Internal 10.0.0.1 UDP 0x0
80.229.x.x 1701 1701 62.7.164.198 L2TP Client Closed Connection Allow VPN client traffic to ISA Server External Local Host 62.7.164.198 UDP 0x80074e20

I hope this helps. I can send more logs if you require.

Anyone have any suggestions as to why this is not working and its very fustrating to say the least.

Chris
Post #: 1
RE: Book - 743 - L2TP VPN Problems - 25.Feb.2005 1:51:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Chris,

If both the machines have a certificate, then remove the pre-shared key.

HTH,
Tom

(in reply to helfirex)
Post #: 2
RE: Book - 743 - L2TP VPN Problems - 26.Feb.2005 1:25:00 PM   
helfirex

 

Posts: 86
Joined: 2.Jan.2004
Status: offline
Tried removing the pr shared key and exactly the same promlem. Just says connecting to <ip address> then errers out after a while with 679 remote computer did not respond. Anything else i could do or use to chech whats not working.

chris

(in reply to helfirex)
Post #: 3
RE: Book - 743 - L2TP VPN Problems - 26.Feb.2005 2:54:00 PM   
helfirex

 

Posts: 86
Joined: 2.Jan.2004
Status: offline
Ok enabled that oakly logging thing on the client and got these results. Not sure what they mean but might prove some help.

2-26: 13:46:55:451:5b4 Initialization OK
2-26: 13:48:58:218:2f4 QM PolicyName: L2TP Require Encryption Quick Mode Policy dwFlags 0
2-26: 13:48:58:218:2f4 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:218:2f4 QMOffer[0] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:48:58:238:2f4 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[1] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
2-26: 13:48:58:238:2f4 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[2] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:238:2f4 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
2-26: 13:48:58:238:2f4 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[3] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:238:2f4 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
2-26: 13:48:58:238:2f4 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[4] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:238:2f4 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
2-26: 13:48:58:238:2f4 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[5] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:238:2f4 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:48:58:238:2f4 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[6] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
2-26: 13:48:58:238:2f4 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[7] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:238:2f4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
2-26: 13:48:58:238:2f4 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:238:2f4 QMOffer[8] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:248:2f4 Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:248:2f4 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
2-26: 13:48:58:248:2f4 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:248:2f4 QMOffer[9] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:248:2f4 Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:248:2f4 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
2-26: 13:48:58:248:2f4 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:248:2f4 QMOffer[10] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:248:2f4 Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:248:2f4 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
2-26: 13:48:58:248:2f4 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:248:2f4 QMOffer[11] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:248:2f4 Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:248:2f4 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
2-26: 13:48:58:258:2f4 Internal Acquire: op=00000001 src=62.7.135.130.1701 dst=80.229.138.37.1701 proto = 17, SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0, TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0, InitiateEvent=00000674, IKE SrcPort=500 IKE DstPort=500
2-26: 13:48:58:258:2bc Filter to match: Src 80.229.138.37 Dst 62.7.135.130
2-26: 13:48:58:258:2bc MM PolicyName: L2TP Main Mode Policy
2-26: 13:48:58:258:2bc MMPolicy dwFlags 8 SoftSAExpireTime 28800
2-26: 13:48:58:258:2bc MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 268435457
2-26: 13:48:58:258:2bc MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
2-26: 13:48:58:258:2bc MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
2-26: 13:48:58:258:2bc MMOffer[1] Encrypt: Triple DES CBC Hash: SHA
2-26: 13:48:58:258:2bc MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
2-26: 13:48:58:258:2bc MMOffer[2] Encrypt: Triple DES CBC Hash: MD5
2-26: 13:48:58:258:2bc MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
2-26: 13:48:58:258:2bc MMOffer[3] Encrypt: DES CBC Hash: SHA
2-26: 13:48:58:258:2bc MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
2-26: 13:48:58:268:2bc MMOffer[4] Encrypt: DES CBC Hash: MD5
2-26: 13:48:58:268:2bc Auth[0]:PresharedKey KeyLen 6
2-26: 13:48:58:268:2bc QM PolicyName: L2TP Require Encryption Quick Mode Policy dwFlags 0
2-26: 13:48:58:268:2bc QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[0] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:48:58:268:2bc QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[1] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
2-26: 13:48:58:268:2bc QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[2] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
2-26: 13:48:58:268:2bc QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[3] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
2-26: 13:48:58:268:2bc QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[4] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
2-26: 13:48:58:268:2bc QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[5] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:48:58:268:2bc QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[6] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
2-26: 13:48:58:268:2bc QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[7] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
2-26: 13:48:58:268:2bc QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[8] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
2-26: 13:48:58:268:2bc QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[9] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
2-26: 13:48:58:268:2bc QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[10] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
2-26: 13:48:58:268:2bc QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:48:58:268:2bc QMOffer[11] dwFlags 0 dwPFSGroup 0
2-26: 13:48:58:268:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:48:58:268:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
2-26: 13:48:58:268:2bc Starting Negotiation: src = 62.7.135.130.0500, dst = 80.229.138.37.0500, proto = 17, context = 00000000, ProxySrc = 62.7.135.130.1701, ProxyDst = 80.229.138.37.1701 SrcMask = 0.0.0.0 DstMask = 0.0.0.0
2-26: 13:48:58:268:2bc constructing ISAKMP Header
2-26: 13:48:58:268:2bc constructing SA (ISAKMP)
2-26: 13:48:58:268:2bc Constructing Vendor MS NT5 ISAKMPOAKLEY
2-26: 13:48:58:278:2bc Constructing Vendor FRAGMENTATION
2-26: 13:48:58:278:2bc Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
2-26: 13:48:58:278:2bc Constructing Vendor Vid-Initial-Contact
2-26: 13:48:58:278:2bc
2-26: 13:48:58:278:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:48:58:278:2bc ISAKMP Header: (V1.0), len = 312
2-26: 13:48:58:278:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:48:58:278:2bc R-COOKIE 0000000000000000
2-26: 13:48:58:278:2bc exchange: Oakley Main Mode
2-26: 13:48:58:278:2bc flags: 0
2-26: 13:48:58:278:2bc next payload: SA
2-26: 13:48:58:278:2bc message ID: 00000000
2-26: 13:48:58:278:2bc Ports S:f401 D:f401
2-26: 13:48:58:278:2bc Activating InitiateEvent 00000674
2-26: 13:48:58:778:2bc
2-26: 13:48:58:778:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:48:58:778:2bc ISAKMP Header: (V1.0), len = 148
2-26: 13:48:58:778:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:48:58:778:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:48:58:778:2bc exchange: Oakley Main Mode
2-26: 13:48:58:778:2bc flags: 0
2-26: 13:48:58:778:2bc next payload: SA
2-26: 13:48:58:778:2bc message ID: 00000000
2-26: 13:48:58:778:2bc processing payload SA
2-26: 13:48:58:778:2bc Received Phase 1 Transform 1
2-26: 13:48:58:778:2bc Encryption Alg Triple DES CBC(5)
2-26: 13:48:58:778:2bc Hash Alg SHA(2)
2-26: 13:48:58:778:2bc Oakley Group 2
2-26: 13:48:58:778:2bc Auth Method Preshared Key(1)
2-26: 13:48:58:778:2bc Life type in Seconds
2-26: 13:48:58:778:2bc Life duration of 28800
2-26: 13:48:58:778:2bc Phase 1 SA accepted: transform=1
2-26: 13:48:58:788:2bc SA - Oakley proposal accepted
2-26: 13:48:58:788:2bc processing payload VENDOR ID
2-26: 13:48:58:788:2bc Received VendorId MS NT5 ISAKMPOAKLEY
2-26: 13:48:58:788:2bc processing payload VENDOR ID
2-26: 13:48:58:788:2bc Received VendorId FRAGMENTATION
2-26: 13:48:58:788:2bc processing payload VENDOR ID
2-26: 13:48:58:788:2bc Received VendorId draft-ietf-ipsec-nat-t-ike-02
2-26: 13:48:58:788:2bc ClearFragList
2-26: 13:48:58:788:2bc constructing ISAKMP Header
2-26: 13:48:58:859:2bc constructing KE
2-26: 13:48:58:859:2bc constructing NONCE (ISAKMP)
2-26: 13:48:58:859:2bc Constructing NatDisc
2-26: 13:48:58:859:2bc
2-26: 13:48:58:859:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:48:58:859:2bc ISAKMP Header: (V1.0), len = 232
2-26: 13:48:58:859:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:48:58:859:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:48:58:859:2bc exchange: Oakley Main Mode
2-26: 13:48:58:859:2bc flags: 0
2-26: 13:48:58:859:2bc next payload: KE
2-26: 13:48:58:859:2bc message ID: 00000000
2-26: 13:48:58:859:2bc Ports S:f401 D:f401
2-26: 13:48:59:650:5e0 retransmit: sa = 000F1BE0 centry 00000000 , count = 1
2-26: 13:48:59:650:5e0
2-26: 13:48:59:650:5e0 Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:48:59:650:5e0 ISAKMP Header: (V1.0), len = 232
2-26: 13:48:59:650:5e0 I-COOKIE 3bee78829bc8af3d
2-26: 13:48:59:650:5e0 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:48:59:650:5e0 exchange: Oakley Main Mode
2-26: 13:48:59:650:5e0 flags: 0
2-26: 13:48:59:650:5e0 next payload: KE
2-26: 13:48:59:650:5e0 message ID: 00000000
2-26: 13:48:59:650:5e0 Ports S:f401 D:f401
2-26: 13:49:01:653:5e0 retransmit: sa = 000F1BE0 centry 00000000 , count = 2
2-26: 13:49:01:653:5e0
2-26: 13:49:01:653:5e0 Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:01:653:5e0 ISAKMP Header: (V1.0), len = 232
2-26: 13:49:01:653:5e0 I-COOKIE 3bee78829bc8af3d
2-26: 13:49:01:653:5e0 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:01:653:5e0 exchange: Oakley Main Mode
2-26: 13:49:01:653:5e0 flags: 0
2-26: 13:49:01:653:5e0 next payload: KE
2-26: 13:49:01:653:5e0 message ID: 00000000
2-26: 13:49:01:653:5e0 Ports S:f401 D:f401
2-26: 13:49:02:13:2bc
2-26: 13:49:02:13:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:02:13:2bc ISAKMP Header: (V1.0), len = 232
2-26: 13:49:02:13:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:02:13:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:02:13:2bc exchange: Oakley Main Mode
2-26: 13:49:02:13:2bc flags: 0
2-26: 13:49:02:13:2bc next payload: KE
2-26: 13:49:02:13:2bc message ID: 00000000
2-26: 13:49:02:13:2bc processing payload KE
2-26: 13:49:02:33:2bc processing payload NONCE
2-26: 13:49:02:33:2bc processing payload NATDISC
2-26: 13:49:02:33:2bc Processing NatHash
2-26: 13:49:02:33:2bc Nat hash a0c01c61f0cbe725c85c7b980884b4ab
2-26: 13:49:02:33:2bc 7778ee8f
2-26: 13:49:02:33:2bc SA StateMask2 e
2-26: 13:49:02:33:2bc processing payload NATDISC
2-26: 13:49:02:33:2bc Processing NatHash
2-26: 13:49:02:33:2bc Nat hash 54704face322454f84113110aa683e13
2-26: 13:49:02:33:2bc b86a7ab6
2-26: 13:49:02:33:2bc SA StateMask2 8e
2-26: 13:49:02:33:2bc ClearFragList
2-26: 13:49:02:33:2bc constructing ISAKMP Header
2-26: 13:49:02:33:2bc constructing ID
2-26: 13:49:02:33:2bc MM ID Type 1
2-26: 13:49:02:33:2bc MM ID 3e078782
2-26: 13:49:02:33:2bc constructing HASH
2-26: 13:49:02:33:2bc
2-26: 13:49:02:33:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:02:33:2bc ISAKMP Header: (V1.0), len = 68
2-26: 13:49:02:33:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:02:33:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:02:33:2bc exchange: Oakley Main Mode
2-26: 13:49:02:33:2bc flags: 1 ( encrypted )
2-26: 13:49:02:33:2bc next payload: ID
2-26: 13:49:02:33:2bc message ID: 00000000
2-26: 13:49:02:33:2bc Ports S:f401 D:f401
2-26: 13:49:02:73:2bc
2-26: 13:49:02:73:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:02:73:2bc ISAKMP Header: (V1.0), len = 232
2-26: 13:49:02:73:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:02:73:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:02:73:2bc exchange: Oakley Main Mode
2-26: 13:49:02:73:2bc flags: 0
2-26: 13:49:02:73:2bc next payload: KE
2-26: 13:49:02:73:2bc message ID: 00000000
2-26: 13:49:02:73:2bc received an unencrypted packet when crypto active
2-26: 13:49:02:73:2bc GetPacket failed 35ec
2-26: 13:49:02:103:2bc
2-26: 13:49:02:103:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:02:103:2bc ISAKMP Header: (V1.0), len = 232
2-26: 13:49:02:103:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:02:103:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:02:103:2bc exchange: Oakley Main Mode
2-26: 13:49:02:103:2bc flags: 0
2-26: 13:49:02:103:2bc next payload: KE
2-26: 13:49:02:103:2bc message ID: 00000000
2-26: 13:49:02:103:2bc received an unencrypted packet when crypto active
2-26: 13:49:02:103:2bc GetPacket failed 35ec
2-26: 13:49:02:213:2bc
2-26: 13:49:02:213:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:02:213:2bc ISAKMP Header: (V1.0), len = 232
2-26: 13:49:02:213:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:02:213:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:02:213:2bc exchange: Oakley Main Mode
2-26: 13:49:02:213:2bc flags: 0
2-26: 13:49:02:213:2bc next payload: KE
2-26: 13:49:02:213:2bc message ID: 00000000
2-26: 13:49:02:213:2bc received an unencrypted packet when crypto active
2-26: 13:49:02:213:2bc GetPacket failed 35ec
2-26: 13:49:02:654:5e0 retransmit: sa = 000F1BE0 centry 00000000 , count = 1
2-26: 13:49:02:654:5e0
2-26: 13:49:02:654:5e0 Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:02:654:5e0 ISAKMP Header: (V1.0), len = 68
2-26: 13:49:02:654:5e0 I-COOKIE 3bee78829bc8af3d
2-26: 13:49:02:654:5e0 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:02:654:5e0 exchange: Oakley Main Mode
2-26: 13:49:02:654:5e0 flags: 1 ( encrypted )
2-26: 13:49:02:654:5e0 next payload: ID
2-26: 13:49:02:654:5e0 message ID: 00000000
2-26: 13:49:02:654:5e0 Ports S:f401 D:f401
2-26: 13:49:03:746:2bc
2-26: 13:49:03:746:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:03:746:2bc ISAKMP Header: (V1.0), len = 68
2-26: 13:49:03:746:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:03:746:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:03:746:2bc exchange: Oakley Main Mode
2-26: 13:49:03:746:2bc flags: 1 ( encrypted )
2-26: 13:49:03:746:2bc next payload: ID
2-26: 13:49:03:746:2bc message ID: 00000000
2-26: 13:49:03:746:2bc processing payload ID
2-26: 13:49:03:746:2bc processing payload HASH
2-26: 13:49:03:746:2bc AUTH: Phase I authentication accepted
2-26: 13:49:03:746:2bc ClearFragList
2-26: 13:49:03:746:2bc MM established. SA: 000F1BE0
2-26: 13:49:03:796:2bc QM PolicyName: L2TP Require Encryption Quick Mode Policy dwFlags 0
2-26: 13:49:03:796:2bc QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[0] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:49:03:796:2bc QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[1] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
2-26: 13:49:03:796:2bc QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[2] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
2-26: 13:49:03:796:2bc QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[3] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
2-26: 13:49:03:796:2bc QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[4] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
2-26: 13:49:03:796:2bc QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[5] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:49:03:796:2bc QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[6] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
2-26: 13:49:03:796:2bc QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[7] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
2-26: 13:49:03:796:2bc QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[8] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
2-26: 13:49:03:796:2bc QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[9] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
2-26: 13:49:03:796:2bc QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[10] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: SHA
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
2-26: 13:49:03:796:2bc QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
2-26: 13:49:03:796:2bc QMOffer[11] dwFlags 0 dwPFSGroup 0
2-26: 13:49:03:796:2bc Algo[0] Operation: AH Algo: MD5
2-26: 13:49:03:796:2bc Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
2-26: 13:49:03:796:2bc GetSpi: src = 80.229.138.37.1701, dst = 62.7.135.130.1701, proto = 17, context = 00000000, srcMask = 255.255.255.255, destMask = 255.255.255.255, TunnelFilter 0
2-26: 13:49:03:796:2bc Setting SPI 1387338870
2-26: 13:49:03:796:2bc constructing ISAKMP Header
2-26: 13:49:03:796:2bc constructing HASH (null)
2-26: 13:49:03:796:2bc constructing SA (IPSEC)
2-26: 13:49:03:796:2bc constructing NONCE (IPSEC)
2-26: 13:49:03:796:2bc constructing ID (proxy)
2-26: 13:49:03:796:2bc constructing ID (proxy)
2-26: 13:49:03:796:2bc constructing HASH (QM)
2-26: 13:49:03:796:2bc
2-26: 13:49:03:796:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:03:796:2bc ISAKMP Header: (V1.0), len = 1116
2-26: 13:49:03:796:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:03:796:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:03:796:2bc exchange: Oakley Quick Mode
2-26: 13:49:03:796:2bc flags: 1 ( encrypted )
2-26: 13:49:03:796:2bc next payload: HASH
2-26: 13:49:03:796:2bc message ID: 172dec0d
2-26: 13:49:03:796:2bc Ports S:f401 D:f401
2-26: 13:49:03:796:2bc
2-26: 13:49:03:796:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:03:796:2bc ISAKMP Header: (V1.0), len = 68
2-26: 13:49:03:796:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:03:796:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:03:796:2bc exchange: Oakley Main Mode
2-26: 13:49:03:796:2bc flags: 1 ( encrypted )
2-26: 13:49:03:796:2bc next payload: ID
2-26: 13:49:03:796:2bc message ID: 00000000
2-26: 13:49:03:796:2bc invalid payload received
2-26: 13:49:03:796:2bc GetPacket failed 3613
2-26: 13:49:04:657:5e0 retransmit: sa = 000F1BE0 centry 000EA300 , count = 1
2-26: 13:49:04:657:5e0
2-26: 13:49:04:657:5e0 Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:04:657:5e0 ISAKMP Header: (V1.0), len = 1116
2-26: 13:49:04:657:5e0 I-COOKIE 3bee78829bc8af3d
2-26: 13:49:04:657:5e0 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:04:657:5e0 exchange: Oakley Quick Mode
2-26: 13:49:04:657:5e0 flags: 1 ( encrypted )
2-26: 13:49:04:657:5e0 next payload: HASH
2-26: 13:49:04:657:5e0 message ID: 172dec0d
2-26: 13:49:04:657:5e0 Ports S:f401 D:f401
2-26: 13:49:04:687:2bc
2-26: 13:49:04:687:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:04:687:2bc ISAKMP Header: (V1.0), len = 164
2-26: 13:49:04:687:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:04:687:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:04:687:2bc exchange: Oakley Quick Mode
2-26: 13:49:04:687:2bc flags: 3 ( encrypted commit )
2-26: 13:49:04:687:2bc next payload: HASH
2-26: 13:49:04:687:2bc message ID: 172dec0d
2-26: 13:49:04:687:2bc processing HASH (QM)
2-26: 13:49:04:687:2bc ClearFragList
2-26: 13:49:04:687:2bc processing payload NONCE
2-26: 13:49:04:687:2bc processing payload ID
2-26: 13:49:04:687:2bc processing payload ID
2-26: 13:49:04:687:2bc processing payload SA
2-26: 13:49:04:687:2bc Negotiated Proxy ID: Src 62.7.135.130.1701 Dst 80.229.138.37.1701
2-26: 13:49:04:687:2bc Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
2-26: 13:49:04:687:2bc Checking Transform # 1: ID=Triple DES CBC(3)
2-26: 13:49:04:687:2bc SA life type in seconds
2-26: 13:49:04:687:2bc SA life duration 00000e10
2-26: 13:49:04:687:2bc SA life type in kilobytes
2-26: 13:49:04:687:2bc SA life duration 0003d090
2-26: 13:49:04:687:2bc tunnel mode is Transport Mode(2)
2-26: 13:49:04:687:2bc HMAC algorithm is MD5(1)
2-26: 13:49:04:687:2bc Phase 2 SA accepted: proposal=1 transform=1
2-26: 13:49:04:687:2bc constructing ISAKMP Header
2-26: 13:49:04:687:2bc constructing HASH (QM)
2-26: 13:49:04:687:2bc Adding QMs: src = 62.7.135.130.1701, dst = 80.229.138.37.1701, proto = 17, context = 00000006, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes 250000 dwFlags 200 Direction 2 EncapType 1
2-26: 13:49:04:687:2bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:49:04:687:2bc Algo[0] MySpi: 1387338870 PeerSpi: 2431905245
2-26: 13:49:04:687:2bc Encap Ports Src 500 Dst 500
2-26: 13:49:04:687:2bc Skipping Outbound SA add
2-26: 13:49:04:687:2bc
2-26: 13:49:04:687:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:04:687:2bc ISAKMP Header: (V1.0), len = 52
2-26: 13:49:04:687:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:04:687:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:04:687:2bc exchange: Oakley Quick Mode
2-26: 13:49:04:687:2bc flags: 3 ( encrypted commit )
2-26: 13:49:04:687:2bc next payload: HASH
2-26: 13:49:04:687:2bc message ID: 172dec0d
2-26: 13:49:04:687:2bc Ports S:f401 D:f401
2-26: 13:49:05:658:5e0 retransmit: sa = 000F1BE0 centry 000EA300 , count = 1
2-26: 13:49:05:658:5e0
2-26: 13:49:05:658:5e0 Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 2.500
2-26: 13:49:05:658:5e0 ISAKMP Header: (V1.0), len = 52
2-26: 13:49:05:658:5e0 I-COOKIE 3bee78829bc8af3d
2-26: 13:49:05:658:5e0 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:05:658:5e0 exchange: Oakley Quick Mode
2-26: 13:49:05:658:5e0 flags: 3 ( encrypted commit )
2-26: 13:49:05:658:5e0 next payload: HASH
2-26: 13:49:05:658:5e0 message ID: 172dec0d
2-26: 13:49:05:658:5e0 Ports S:f401 D:f401
2-26: 13:49:06:129:2bc
2-26: 13:49:06:129:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:06:129:2bc ISAKMP Header: (V1.0), len = 84
2-26: 13:49:06:129:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:06:129:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:06:129:2bc exchange: Oakley Quick Mode
2-26: 13:49:06:129:2bc flags: 3 ( encrypted commit )
2-26: 13:49:06:129:2bc next payload: HASH
2-26: 13:49:06:129:2bc message ID: 172dec0d
2-26: 13:49:06:129:2bc processing HASH (Notify/Delete)
2-26: 13:49:06:129:2bc ClearFragList
2-26: 13:49:06:129:2bc processing payload NOTIFY
2-26: 13:49:06:129:2bc Adding QMs: src = 62.7.135.130.1701, dst = 80.229.138.37.1701, proto = 17, context = 00000006, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes 250000 dwFlags 200 Direction 3 EncapType 1
2-26: 13:49:06:129:2bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
2-26: 13:49:06:129:2bc Algo[0] MySpi: 1387338870 PeerSpi: 2431905245
2-26: 13:49:06:129:2bc Encap Ports Src 500 Dst 500
2-26: 13:49:06:129:2bc Skipping Inbound SA add
2-26: 13:49:06:129:2bc isadb_set_status sa:000F1BE0 centry:000EA300 status 0
2-26: 13:49:06:129:2bc isadb_set_status InitiateEvent 00000674: Setting Status 0
2-26: 13:49:06:129:2bc Clearing centry 000EA300 InitiateEvent 00000674
2-26: 13:49:06:129:2bc CE Dead. sa:000F1BE0 ce:000EA300 status:0
2-26: 13:49:06:129:460 CloseNegHandle 00000674
2-26: 13:49:06:129:460 SE cookie 3bee78829bc8af3d
2-26: 13:49:06:159:2bc
2-26: 13:49:06:159:2bc Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:06:159:2bc ISAKMP Header: (V1.0), len = 84
2-26: 13:49:06:159:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:06:159:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:06:159:2bc exchange: Oakley Quick Mode
2-26: 13:49:06:159:2bc flags: 3 ( encrypted commit )
2-26: 13:49:06:159:2bc next payload: HASH
2-26: 13:49:06:159:2bc message ID: 172dec0d
2-26: 13:49:06:159:2bc unable to create connection entry 35ec
2-26: 13:49:06:159:2bc GetCentry failed 35ec
2-26: 13:49:06:159:2bc ProcessFailure: sa:000F1BE0 centry:006DFCAC status:35ec
2-26: 13:49:06:159:2bc Not creating notify. Not permitted
2-26: 13:49:54:48:2bc QM Deleted. Notify from driver: Src 62.7.135.130 Dest 80.229.138.37 InSPI 1387338870 OutSpi 2431905245 Tunnel 0 TunnelFilter 0
2-26: 13:49:54:48:2bc constructing ISAKMP Header
2-26: 13:49:54:48:2bc constructing HASH (null)
2-26: 13:49:54:48:2bc constructing NONCE (ND)
2-26: 13:49:54:48:2bc Construct QM Delete Spi 1387338870
2-26: 13:49:54:48:2bc constructing HASH (Notify/Delete)
2-26: 13:49:54:48:2bc
2-26: 13:49:54:48:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 3.500
2-26: 13:49:54:48:2bc ISAKMP Header: (V1.0), len = 92
2-26: 13:49:54:48:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:54:48:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:54:48:2bc exchange: ISAKMP Informational Exchange
2-26: 13:49:54:48:2bc flags: 1 ( encrypted )
2-26: 13:49:54:48:2bc next payload: HASH
2-26: 13:49:54:48:2bc message ID: 75ddfe38
2-26: 13:49:54:48:2bc Ports S:f401 D:f401
2-26: 13:49:54:48:2bc PrivatePeerAddr 0
2-26: 13:49:54:58:460 isadb_schedule_kill_oldPolicy_sas: b816f059-7b84-4035-8ca1d408b4500edb 4
2-26: 13:49:54:58:a08 isadb_schedule_kill_oldPolicy_sas: 36985bf8-2062-4f1d-89d3aba85b4fa1ae 3
2-26: 13:49:54:58:2f4 isadb_schedule_kill_oldPolicy_sas: 59c8ba82-15a9-4c7b-9980875c02f6204d 2
2-26: 13:49:54:58:460 isadb_schedule_kill_oldPolicy_sas: 392a9b88-8259-4046-ab1a36f458b0eb92 1
2-26: 13:49:54:68:2bc entered kill_old_policy_sas 4
2-26: 13:49:54:68:2bc SA Dead. sa:000F1BE0 status:3619
2-26: 13:49:54:68:2bc isadb_set_status sa:000F1BE0 centry:00000000 status 3619
2-26: 13:49:54:68:2bc constructing ISAKMP Header
2-26: 13:49:54:68:2bc constructing HASH (null)
2-26: 13:49:54:68:2bc constructing NONCE (ND)
2-26: 13:49:54:68:2bc constructing DELETE. MM 000F1BE0
2-26: 13:49:54:68:2bc constructing HASH (Notify/Delete)
2-26: 13:49:54:68:2bc
2-26: 13:49:54:68:2bc Sending: SA = 0x000F1BE0 to 80.229.138.37:Type 3.500
2-26: 13:49:54:68:2bc ISAKMP Header: (V1.0), len = 108
2-26: 13:49:54:68:2bc I-COOKIE 3bee78829bc8af3d
2-26: 13:49:54:68:2bc R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:54:68:2bc exchange: ISAKMP Informational Exchange
2-26: 13:49:54:68:2bc flags: 1 ( encrypted )
2-26: 13:49:54:68:2bc next payload: HASH
2-26: 13:49:54:68:2bc message ID: 4b47d906
2-26: 13:49:54:68:2bc Ports S:f401 D:f401
2-26: 13:49:54:68:2bc entered kill_old_policy_sas 3
2-26: 13:49:54:68:2bc entered kill_old_policy_sas 2
2-26: 13:49:54:68:2bc entered kill_old_policy_sas 1
2-26: 13:49:54:358:a28
2-26: 13:49:54:358:a28 Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:54:358:a28 ISAKMP Header: (V1.0), len = 92
2-26: 13:49:54:358:a28 I-COOKIE 3bee78829bc8af3d
2-26: 13:49:54:358:a28 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:54:358:a28 exchange: ISAKMP Informational Exchange
2-26: 13:49:54:358:a28 flags: 1 ( encrypted )
2-26: 13:49:54:358:a28 next payload: HASH
2-26: 13:49:54:358:a28 message ID: 75ddfe38
2-26: 13:49:54:358:a28 processing HASH (Notify/Delete)
2-26: 13:49:54:418:a28
2-26: 13:49:54:418:a28 Receive: (get) SA = 0x000f1be0 from 80.229.138.37.500
2-26: 13:49:54:418:a28 ISAKMP Header: (V1.0), len = 108
2-26: 13:49:54:418:a28 I-COOKIE 3bee78829bc8af3d
2-26: 13:49:54:418:a28 R-COOKIE 0dbc5211b3eca9e5
2-26: 13:49:54:418:a28 exchange: ISAKMP Informational Exchange
2-26: 13:49:54:418:a28 flags: 1 ( encrypted )
2-26: 13:49:54:418:a28 next payload: HASH
2-26: 13:49:54:418:a28 message ID: 4b47d906
2-26: 13:49:54:418:a28 processing HASH (Notify/Delete)
2-26: 13:49:55:480:a28 ClearFragList

If you need the same from the server let me know and will provide them aswell.

many thanks to everyone.

Chris

(in reply to helfirex)
Post #: 4
RE: Book - 743 - L2TP VPN Problems - 1.Mar.2005 12:22:00 AM   
helfirex

 

Posts: 86
Joined: 2.Jan.2004
Status: offline
Any Suggestions anyone, even mailed the makers of my adsl modem and they knew of no isues with it with l2tp vpn. In my logs any idea what the unidentified trafic thats denied from my external address to the same external address. seems strange as it onlt does this with l2tp and not pptp. The mystory continues.

(in reply to helfirex)
Post #: 5
RE: Book - 743 - L2TP VPN Problems - 8.Mar.2005 7:21:00 AM   
rjordan

 

Posts: 14
Joined: 19.Jan.2005
Status: offline
Have you assigned any ipsec policies in the 'ipsec security policies' snap-in either on the local machine or in a GPO? I had a very similar problem due to an errant ipsec policy setting. Un-assigning the policy fixed it for me.

(in reply to helfirex)
Post #: 6
RE: Book - 743 - L2TP VPN Problems - 8.Mar.2005 11:30:00 AM   
helfirex

 

Posts: 86
Joined: 2.Jan.2004
Status: offline
Not assigned any that i know of. Its strange as i can connect to my work isa box using l2tp with shared keys from home. but when i try to connect to home isa box with shared keys it does not work. Trying a dlink 502t router at home now with the vpn pass through enabled , but still no luck. The isa logs seem to show its does not deny port 500 and 4500 conections just does not seem to do anything after.

(in reply to helfirex)
Post #: 7
RE: Book - 743 - L2TP VPN Problems - 8.Mar.2005 12:09:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Chris,

Perhaps an MTU issue, or your ISP doesn't allow VPN connections?

HTH,
Tom

(in reply to helfirex)
Post #: 8
RE: Book - 743 - L2TP VPN Problems - 8.Mar.2005 1:51:00 PM   
helfirex

 

Posts: 86
Joined: 2.Jan.2004
Status: offline
Cheched with my ISP and they say they allow them. Tried a few mtu settings from default 1500, 1478 and some others. Any suggestions or is a hit/miss settings thing.

(in reply to helfirex)
Post #: 9
RE: Book - 743 - L2TP VPN Problems - 4.Feb.2007 6:20:01 PM   
MrWhy

 

Posts: 1
Joined: 4.Feb.2007
Status: offline
If this was solved I'd like to know how. I got the exact same problem on an ISA 2006. PPTP works like a charm, but L2TP won't work. Logs look exactly like the above. Please help.
Note: The log shows several denied incidents where client and destination IP both are the same, the external wan Ip. Like this:

193.213.x.x    NAMEOFISASERVER -  UDP -      -    04.02.2007 22:52:03 1701 0 0 0  0x0 Firewall - 04.02.2007 23:52:03 193.213.x.x 193.213.x.x 40578 Unidentified IP Traffic Denied Connection   Local Host Local Host - - 0xc004002d FWX_E_UNREACHABLE_ADDRESS 0x0

You will find the same in the above logs.

< Message edited by MrWhy -- 4.Feb.2007 6:28:03 PM >

(in reply to helfirex)
Post #: 10
RE: Book - 743 - L2TP VPN Problems - 27.Mar.2007 5:40:43 AM   
kris.nrj

 

Posts: 9
Joined: 15.Feb.2007
Status: offline
I also have this problem for some clients. i suspect MTU problem? did anyone resolve this?

(in reply to MrWhy)
Post #: 11
RE: Book - 743 - L2TP VPN Problems - 8.Jun.2007 8:34:34 AM   
vet

 

Posts: 3
Joined: 14.Dec.2005
Status: offline
Hi, guys! Finally after 2 years, during whose I spend a plenty of time fighting against Microsoft’s bags in the ISA, I have resolve this f.. ing problem…
My “investigation” shows, that the problem is in establishment of L2TP in tunnel mode after the IPSec security SA’s has been successfully established.
In my case refusing of automatic dialing to External network using isa server was significant. I was shocked, then after I disable this function in ISA-General-Dial-Up and, that is vary important in web-chaining rule too, the vpn client, that is using L2TP/IPSec, has been connected to isa 04 on server 03, as some body says here “like a charm”!  

I understand, that obviously problem some how is connected with using the ADSL modem (“Zyxel adsl usb annex A” meanwhile) that is use PPPoE protocol with my ISP. But any way with out any notification in manuals or any other documentation that is dedicated to ISA 04 such a behavior of product is inadmissible as for me!!!

Or may be I’m wrong and it is normal behavior?

P.S. Hope every body understand how to resolve the problem. Sory for my less grammar – simply English for me is very far from native language.. Good luck!

(in reply to kris.nrj)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Book - 743 - L2TP VPN Problems Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts