Добрый день All !Имеется :
Cisco ASA-5510
Cisco Adaptive Security Appliance Software Version 7.1(2)
Device Manager Version 5.1(2)Пытаюсь поднять по данной доке :
http://www.cisco.com/en/US/products/ps6120/products_configur...
кусок конфига:
ip local pool vpnpool 10.0.0.1-10.0.0.254 mask 255.255.255.0
group-policy hillvalleyvpn internal
username vpn123 password XXXXXXXXXXX
encrypted privilege 0
username vpn123 attributes
vpn-group-policy hillvalleyvpncrypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group hillvalleyvpn type ipsec-ra
tunnel-group hillvalleyvpn general-attributes
address-pool vpnpool
default-group-policy hillvalleyvpn
tunnel-group hillvalleyvpn ipsec-attributes
pre-shared-key *-----------------
На клиенте :Host: ip_outside
Name: hillvalleyvpn
Password: указанный_ключикДело доходит до запроса login/pass.. указываю test123 и пароль и Not connected.
Кусок лога :
Oct 11 2006 13:27:03 ciscoasa : %ASA-3-713119: Group = hillvalleyvpn, Username = test2, IP = XXXXXX, PHASE 1 COMPLETED
Oct 11 2006 13:27:03 ciscoasa : %ASA-3-713902: Group = hillvalleyvpn, Username = test2, IP = XXXXXXXXXX, QM FSM error (P2 struct &0x4273440, mess id 0x2cb7b915)!
Oct 11 2006 13:27:03 ciscoasa : %ASA-3-713902: Group = hillvalleyvpn, Username = test2, IP = XXXXXXXXX, Removing peer from correlator table failed, no match!
Oct 11 2006 13:27:03 ciscoasa : %ASA-4-113019: Group = hillvalleyvpn, Username = test2, IP = XXXXXXXXX, Session disconnected. Session Type: IPSec, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
Привожу debug с ASA:
ciscoasa# debug crypto isakmp 253
ciscoasa# Oct 11 14:04:28 [IKEv1]: IP = 195.128.50.89, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 857
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing SA payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing ke payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing ISA_KE payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing nonce payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing ID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, Received xauth V6 VID
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, Received DPD VID
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, Received NAT-Traversal ver 02 VID
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, Received Fragmentation VID
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: IP = 195.128.50.89, Received Cisco Unity client VID
Oct 11 14:04:28 [IKEv1]: IP = 195.128.50.89, Connection landed on tunnel_group hillvalleyvpn
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, processing IKE SA payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, IKE SA Proposal # 1, Transform # 13 acceptable Matches global IKE entry # 1
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing ISAKMP SA payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing ke payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing nonce payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Generating keys for Responder...
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing ID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing hash payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Computing hash for ISAKMP
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing Cisco Unity VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing xauth V6 VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing dpd vid payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing Fragmentation VID + extended capabilities payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Oct 11 14:04:28 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 387
Oct 11 14:04:28 [IKEv1]: IP = 195.128.50.89, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 116
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, processing hash payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Computing hash for ISAKMP
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, processing notify payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, processing VID payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Received Cisco Unity client VID
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing blank hash payload
Oct 11 14:04:28 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, constructing qm hash payload
Oct 11 14:04:28 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=d5794260) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 68
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE RECEIVED Message (msgid=d5794260) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 80
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, process_attr(): Enter!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, IP = 195.128.50.89, Processing MODE_CFG Reply attributes.
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKEGetUserAttributes: primary DNS = cleared
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKEGetUserAttributes: secondary DNS = cleared
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKEGetUserAttributes: primary WINS = cleared
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKEGetUserAttributes: secondary WINS = cleared
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKEGetUserAttributes: IP Compression = disabled
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, User (vpn123) authenticated.
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing blank hash payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing qm hash payload
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=4320780c) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE RECEIVED Message (msgid=4320780c) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 56
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, process_attr(): Enter!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Processing cfg ACK attributes
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE RECEIVED Message (msgid=4b46d5ca) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 184
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, process_attr(): Enter!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Processing cfg Request attributes
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for IPV4 address!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for IPV4 net mask!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for DNS server address!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for WINS server address!
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Received unsupported transaction mode attribute: 5
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for Banner!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for Save PW setting!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for Default Domain Name!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for Split Tunnel List!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for Split DNS!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for PFS setting!
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Received unknown transaction mode attribute: 28683
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for backup ip-sec peer list!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for Application Version!
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Client Type: WinNT Client Application Version: 4.6.00.0049
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for FWTYPE!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for DHCP hostname for DDNS is: vadim2!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, MODE_CFG: Received request for UDP Port!
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Assigned private IP address 10.0.0.1 to remote user
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing blank hash payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing qm hash payload
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=4b46d5ca) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 165
Oct 11 14:04:33 [IKEv1 DECODE]: IP = 195.128.50.89, IKE Responder starting QM: msg id = 50556e82
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, PHASE 1 COMPLETED
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, Keep-alive type for this connection: DPD
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Starting phase 1 rekey timer: 82080000 (ms)
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, sending notify message
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing blank hash payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing qm hash payload
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=9f7b79c6) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 88
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE RECEIVED Message (msgid=50556e82) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 1022
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, processing hash payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, processing SA payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, processing nonce payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, processing ID payload
Oct 11 14:04:33 [IKEv1 DECODE]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, ID_IPV4_ADDR ID received
10.0.0.1
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Received remote Proxy Host data in ID Payload: Address 10.0.0.1, Protocol 0, Port 0
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, processing ID payload
Oct 11 14:04:33 [IKEv1 DECODE]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Received local IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, QM IsRekeyed old sa not found by addr
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKE Remote Peer configured for crypto map: outside_dyn_map
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, processing IPSec SA payload
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, All IPSec SA proposals found unacceptable!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, sending notify message
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing blank hash payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing ipsec notify payload for msg id 50556e82
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing qm hash payload
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=8105a8be) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, QM FSM error (P2 struct &0x4273440, mess id 0x50556e82)!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKE QM Responder FSM error history (struct &0x4273440) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, sending delete/delete with reason message
Oct 11 14:04:33 [IKEv1]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, Removing peer from correlator table failed, no match!
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKE SA AM:519effc2 rcv'd Terminate: state AM_ACTIVE flags 0x0841c041, refcnt 1, tuncnt 0
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, IKE SA AM:519effc2 terminating: flags 0x0941c001, refcnt 0, tuncnt 0
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, sending delete/delete with reason message
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing blank hash payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing IKE delete payload
Oct 11 14:04:33 [IKEv1 DEBUG]: Group = hillvalleyvpn, Username = vpn123, IP = 195.128.50.89, constructing qm hash payload
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, IKE_DECODE SENDING Message (msgid=4c972d93) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Oct 11 14:04:33 [IKEv1]: IP = 195.128.50.89, Received encrypted packet with no matching SA, dropping
Столкнулся с такой же проблемой. Есть еще докаhttp://www.cisco.com/en/US/products/hw/vpndevc/ps2030/produc...
здесь предлагают поправить ключик в реестре. Но все равно не работает. Так что пока проблему не решил...
>Столкнулся с такой же проблемой. Есть еще дока
>
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/produc...
>
>здесь предлагают поправить ключик в реестре. Но все равно не работает. Так
>что пока проблему не решил...
А я решил )ciscoasa# show run crypto
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
У меня вот такая проблема: http://www.opennet.me/openforum/vsluhforumID6/18061.html
Может поможете?