Jump to content

Recommended Posts

J'ai installe un vpn cisco pix 501

J'ai cree une connexion site-a-site, grace a l'applet de configuration... (avec l'assistant)

Quand je souhaite tester la connexion avec cisco vpn client, le journal me repond cela

Begin connection process

Establish secure connection using Ethernet

Attempt connection with server

Attempting to establish a connection

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to

IPSec driver successfully started

Deleted all keys

Received ISAKMP packet: peer =

RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, HASH) from

Peer supports XAUTH

Peer supports DPD

Peer is a Cisco-Unity compliant peer

Received IOS Vendor ID with unknown capabilities flag 0x00000025

IOS Vendor ID Contruction successful

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to

IKE Port in use - Local Port =  0x01F4, Remote Port = 0x01F4

Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

Firewall, Sygate Personal Firewall, is not running, the client will not send firewall information to concentrator.

Client sending a firewall request to concentrator

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to

Received ISAKMP packet: peer =

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from

RESPONDER-LIFETIME notify has value of 86400 seconds

This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

Received ISAKMP packet: peer =

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from

No private IP address was assigned by the peer

Failed to process ModeCfg Reply (NavigatorTM:175)

Marking IKE SA for deletion  (I_Cookie=A18144ED96BC192E R_Cookie=2C6EEB39A3EB339F) reason = DEL_REASON_IKE_NEG_FAILED

SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to

Discarding IKE SA negotiation (I_Cookie=A18144ED96BC192E R_Cookie=2C6EEB39A3EB339F) reason = DEL_REASON_IKE_NEG_FAILED

Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

Initializing CVPNDrv

IKE received signal to terminate VPN connection

Microsoft IPSec Policy Agent service started successfully

Deleted all keys

IPSec driver successfully stopped

nb: j'ai enleve l'ip du pix (ip publique...)

si quelqu'un pouvait me filer un coup de main, ce serait sympa :D

Link to comment
Share on other sites

Quelle est la configuration, ou plutot le synoptique du reseau VPN ?

la machine cliente est directement branchée sur le switch où est branché la sortie du pix (le prise externe)

mais peut-être que cela vient de ma configuration du pix...

j'ai lancer l'assistant "vpn connection"

j'ai entré l'ip de la machine cliente, celle de la machine à atteindre et j'ai mis une clé...

y a-t-il autre chose à faire ?

Sinon, un lien pour un coup de main http://www.generation-nt.com/dossiers/lire...ws-2000-XP-Pro/

Cordialement, Pascal L.

Je vais regarder merci

Link to comment
Share on other sites

J'ai un diagnostic plus précis.

J'ai tenté une connexion avec vpnc depuis une debian etch. et le log du PIX me répond cela...

ISAKMP: session connected (local IP_PIX (responder), remote IP_CLIENT)
ISAKMP: Phase 1 SA created (local IP_PIX/500 (responder), remote IP_CLIENT/500, authentication=pre-share, encryption=3DES-CBC, hash=MD, group=2, lifetime=86400s)
ISAKMP: Failed to allocate address from client pool
ISAKMP session disconnected (local IP_PIX (responder), remote IP_CLIENT)

Voilà, si quelqu'un a la solution... je suis preneur :chinois:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...