Есть задача, пускать удаленных пользователей во внутреннюю сеть через VPN. Хотелось бы знать, в каком направлении копать, если с одной стороны кошка 2620XM c IOS C2600-IK8S-M, Version 12.2(17), а с другой клиенты на Windows XP.
поменять софт на тот, который поддерживает cisco vpn client
на XP поставить cisco vpn client
А какой именно IOS нужен? С буковкой T на конце?
Проще настроить на цыске PPTP - он в виндах аж со времен 95-х SP2 поддерживается.Поищите на цыске документ Configuring Virtual Private Dialup Networking (VPDN) и читайте, читайте ;-)
Мы уже пол года так абонентов в домашней сети подключаем.
Причем даже не на 2620XM, а на старой 2611
>поменять софт на тот, который поддерживает cisco vpn client
>на XP поставить cisco vpn client
Вообще если так подумать то в XP/2000/2003
Есть встроенная поддержка шифрования но в доках на cisco.com
Нет ничего полезного....
Может ктонить знает что и как
>Есть задача, пускать удаленных пользователей во внутреннюю сеть через VPN. Хотелось бы
>знать, в каком направлении копать, если с одной стороны кошка 2620XM
>c IOS C2600-IK8S-M, Version 12.2(17), а с другой клиенты на Windows
>XP.У меня 2610 XM c2600-ik9s-mz.122-15.T9.bin
и Таже проблема сколько бы не бился соединить не получилось
Знаю только что мой IOS держит CISCO Easy VPN Server
А где надыбать его и CISCO VPN Client ненаю
Ну вот надыбал CISCO VPN Client 4.0.2
Сделал все как по инструкции но вот незадача НЕРАБОТАЕТ
Причем Конект есть а передача данных не осуществляеться
В чем может быть трабл ?
Точнее данные улетают кудато не туда
>Ну вот надыбал CISCO VPN Client 4.0.2
>Сделал все как по инструкции но вот незадача НЕРАБОТАЕТ
>Причем Конект есть а передача данных не осуществляеться
>В чем может быть трабл ?
>Точнее данные улетают кудато не тудаСмотреть в сторону настройки ACL.
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns27/net...
только там, в примере строку
ip local pool dynpool 30.30.30.20 30.30.30.30
поменять на что-нить другое, например
ip local pool dynpool 30.30.31.20 30.30.31.30
Оки...долго мучался и всетаки допер
crypto isakmp client configuration group CLIENT
key KEY
dns 192.168.1.3
domain cisco.com
pool my-pool
acl 170
ip local pool my-pool 192.168.2.1 192.168.2.254
access-list 170 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 170 permit udp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
вот так должно быть......причем он этот access-list подгружает на клиента
и использует как route-mapНо у меня ща используется CISCO VPN Client 4.0.3 (D)
и возникает следующая проблема....после некоторой работы минут 2-3
Он обрывает канал ...причем на клиенте пишет следующее сообщение в лог
Cisco Systems VPN Client Version 4.0.3 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.21951 15:06:56.556 02/02/04 Sev=Info/4 CM/0x63100002
Begin connection process2 15:06:56.576 02/02/04 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully3 15:06:56.576 02/02/04 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet4 15:06:56.576 02/02/04 Sev=Info/4 CM/0x63100024
Attempt connection with server "80.80.80.80"5 15:06:57.597 02/02/04 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 80.80.80.80.6 15:06:57.617 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 80.80.80.807 15:06:57.657 02/02/04 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started8 15:06:57.657 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys9 15:06:57.657 02/02/04 Sev=Info/6 IPSEC/0x6370002B
Sent 208 packets, 0 were fragmented.10 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8011 15:06:58.388 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 80.80.80.8012 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer13 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DPD14 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code Only15 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH16 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T17 15:06:58.408 02/02/04 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful18 15:06:58.408 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 80.80.80.8019 15:06:58.408 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA20 15:06:58.408 02/02/04 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x1194, Remote Port = 0x119421 15:06:58.408 02/02/04 Sev=Info/5 IKE/0x63000071
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device22 15:06:58.408 02/02/04 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system23 15:06:58.479 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8024 15:06:58.479 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.8025 15:06:58.479 02/02/04 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds26 15:06:58.479 02/02/04 Sev=Info/5 IKE/0x63000046
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now27 15:06:58.489 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8028 15:06:58.489 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.8029 15:06:58.489 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application30 15:07:03.486 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8031 15:07:03.486 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.8032 15:07:06.120 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned33 15:07:06.120 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.8034 15:07:06.180 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8035 15:07:06.180 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.8036 15:07:06.180 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application37 15:07:08.853 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA38 15:07:10.406 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned39 15:07:10.406 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.8040 15:07:10.466 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8041 15:07:10.476 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.8042 15:07:10.476 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application43 15:07:13.670 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned44 15:07:13.670 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.8045 15:07:13.720 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8046 15:07:13.720 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.8047 15:07:13.720 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.8048 15:07:13.731 02/02/04 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=FC84D33BAEC8DFD4 R_Cookie=9C55C2EE59169DBC) reason = DEL_REASON_WE_FAILED_AUTH49 15:07:13.731 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 80.80.80.8050 15:07:14.371 02/02/04 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=FC84D33BAEC8DFD4 R_Cookie=9C55C2EE59169DBC) reason = DEL_REASON_WE_FAILED_AUTH51 15:07:14.371 02/02/04 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "80.80.80.80" because of "DEL_REASON_WE_FAILED_AUTH"52 15:07:14.371 02/02/04 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv53 15:07:14.421 02/02/04 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection54 15:07:14.462 02/02/04 Sev=Info/4 IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully55 15:07:14.462 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys56 15:07:14.462 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys57 15:07:14.472 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys58 15:07:14.472 02/02/04 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped59 15:07:26.980 02/02/04 Sev=Info/4 CM/0x63100002
Begin connection process60 15:07:26.990 02/02/04 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully61 15:07:26.990 02/02/04 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet62 15:07:26.990 02/02/04 Sev=Info/4 CM/0x63100024
Attempt connection with server "80.80.80.80"63 15:07:28.011 02/02/04 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 80.80.80.80.64 15:07:28.031 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 80.80.80.8065 15:07:28.071 02/02/04 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started66 15:07:28.071 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys67 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8068 15:07:28.782 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 80.80.80.8069 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer70 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DPD71 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code Only72 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH73 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T74 15:07:28.802 02/02/04 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful75 15:07:28.802 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 80.80.80.8076 15:07:28.802 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA77 15:07:28.802 02/02/04 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x1194, Remote Port = 0x119478 15:07:28.802 02/02/04 Sev=Info/5 IKE/0x63000071
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device79 15:07:28.802 02/02/04 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system80 15:07:28.862 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8081 15:07:28.862 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.8082 15:07:28.862 02/02/04 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds83 15:07:28.862 02/02/04 Sev=Info/5 IKE/0x63000046
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now84 15:07:28.872 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8085 15:07:28.872 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.8086 15:07:28.872 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application87 15:07:33.879 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8088 15:07:33.879 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.8089 15:07:35.051 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned90 15:07:35.051 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.8091 15:07:35.101 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8092 15:07:35.111 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.8093 15:07:35.111 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application94 15:07:38.897 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA95 15:07:40.098 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8096 15:07:40.098 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.8097 15:07:45.106 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8098 15:07:45.106 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.8099 15:07:46.548 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned100 15:07:46.548 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80101 15:07:46.608 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80102 15:07:46.608 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80103 15:07:46.608 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80104 15:07:46.608 02/02/04 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system105 15:07:46.638 02/02/04 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator106 15:07:46.638 02/02/04 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).107 15:07:46.648 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80108 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80109 15:07:46.758 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80110 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.35111 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.3112 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 192.168.1.3113 15:07:46.758 02/02/04 Sev=Info/5 IKE/0xA3000017
MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-1062731517) is not supported114 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = sevbank.local115 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000006116 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 17
src port = 0
dest port=0117 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #2
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0118 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #3
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 1
src port = 0
dest port=0119 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #4
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 6
src port = 0
dest port=0120 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #5
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0121 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #6
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 17
src port = 0
dest port=0122 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.2(15)T9, RELEASE SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 01-Nov-03 04:42 by ccai123 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194124 15:07:46.758 02/02/04 Sev=Info/4 CM/0x63100019
Mode Config data received125 15:07:46.778 02/02/04 Sev=Info/4 IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.2.35, GW IP = 80.80.80.80, Remote IP = 0.0.0.0126 15:07:46.778 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 80.80.80.80127 15:07:46.948 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys128 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80129 15:07:47.189 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80130 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 28800 seconds131 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 4608000 kb132 15:07:47.189 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 80.80.80.80133 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000058
Loading IPsec SA (MsgID=8D3C866F OUTBOUND SPI = 0xAA3CFAA5 INBOUND SPI = 0x34179701)134 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xAA3CFAA5135 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x34179701136 15:07:47.509 02/02/04 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.2.35/255.255.255.0
DNS=192.168.1.3,0.0.0.0
WINS=192.168.1.3,0.0.0.0
Domain=sevbank.local
Split DNS Names=137 15:07:47.559 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.35 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
138 15:07:47.589 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
80.80.80.80 80.80.80.80 80.80.80.80 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.1.0 192.168.1.0 192.168.1.0 192.168.2.35 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.35 1
192.168.2.1 192.168.2.1 192.168.2.1 192.168.2.3 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
139 15:07:47.589 02/02/04 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter140 15:07:47.609 02/02/04 Sev=Info/4 CM/0x6310001A
One secure connection established141 15:07:47.619 02/02/04 Sev=Info/4 CM/0x63100038
Address watch added for 192.168.2.3. Current address(es): 192.168.2.35, 192.168.2.3.142 15:07:47.629 02/02/04 Sev=Info/4 CM/0x63100038
Address watch added for 192.168.2.35. Current address(es): 192.168.2.35, 192.168.2.3.143 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure144 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xa5fa3caa into key list145 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure146 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x01971734 into key list147 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x6370002E
Assigned VA private interface addr 192.168.2.35Cisco Systems VPN Client Version 4.0.3 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.21951 15:08:09.060 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.802 15:08:09.070 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.803 15:08:09.070 02/02/04 Sev=Warning/3 IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)4 15:08:09.070 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)5 15:08:09.070 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)6 15:08:09.070 02/02/04 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)7 15:08:09.070 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=2BDD0FE28 15:08:19.044 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.809 15:08:19.044 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.8010 15:08:19.044 02/02/04 Sev=Warning/3 IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)11 15:08:19.044 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)12 15:08:19.044 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)13 15:08:19.044 02/02/04 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)14 15:08:19.044 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=3D10715615 15:08:19.054 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8016 15:08:19.054 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.8017 15:08:19.054 02/02/04 Sev=Warning/3 IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)18 15:08:19.054 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)19 15:08:19.054 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)20 15:08:19.054 02/02/04 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)21 15:08:19.054 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=2BDD0FE222 15:08:29.039 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.8023 15:08:29.039 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from 80.80.80.8024 15:08:29.039 02/02/04 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA457925 15:08:29.039 02/02/04 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = AA3CFAA5 INBOUND SPI = 34179701)26 15:08:29.039 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=8D3C866F27 15:08:29.039 02/02/04 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED28 15:08:29.149 02/02/04 Sev=Info/4 IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.2.35, GW IP = 0.0.0.0, Remote IP = 192.168.1.329 15:08:29.149 02/02/04 Sev=Warning/3 IKE/0xE3000065
Could not find an IKE SA for 192.168.1.3. KEY_REQ aborted.30 15:08:29.149 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to initiate P2 rekey: Error dectected (Initiate:176)31 15:08:29.149 02/02/04 Sev=Warning/2 IKE/0xE3000099
Unable to initiate QM (IKE_MAIN:458)32 15:08:29.780 02/02/04 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED33 15:08:29.780 02/02/04 Sev=Info/4 CM/0x63100013
Phase 1 SA deleted cause by PEER_DELETE-IKE_DELETE_UNSPECIFIED. 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system34 15:08:29.780 02/02/04 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv35 15:08:29.880 02/02/04 Sev=Info/6 CM/0x63100031
Tunnel to headend device 80.80.80.80 disconnected: duration: 0 days 0:0:4236 15:08:29.940 02/02/04 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection37 15:08:30.010 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
80.80.80.80 80.80.80.80 80.80.80.80 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.1.0 192.168.1.0 192.168.1.0 192.168.2.35 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.35 1
192.168.2.1 192.168.2.1 192.168.2.1 192.168.2.3 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
38 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 8739 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 8740 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 8741 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 8742 15:08:30.030 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
43 15:08:30.030 02/02/04 Sev=Info/6 CM/0x63100037
The routing table was returned to orginal state prior to Virtual Adapter44 15:08:31.182 02/02/04 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled45 15:08:31.192 02/02/04 Sev=Info/4 IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully46 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x0197173447 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x0197173448 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0xa5fa3caa49 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0xa5fa3caa50 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure51 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x0000000052 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys53 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure54 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x0000000055 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys56 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys57 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped58 15:08:31.202 02/02/04 Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:507)
Причем это возникать стало после установки галки чтобы Client запускался при startupe windows
Cliet стоял на Windows 2000 Prof SP4 RUS
не надо пользовать 4.0....
пробуйте 3.6
>не надо пользовать 4.0....
>пробуйте 3.6
Хм как так ненадо....ветка 3.6 вроде уже не поддерживается
ну тогда открывайте кейс в Cisco TAC, может и починят...3.6 меня вполне устраевает,
работает и с IOS, и с PIX, и с VPN3000
Ответе начинающему что такое кейс на CISCO TAC
И немоглибы вы помоч офрмить его (если я правильно понял это типа форума поодержки)
для эго нужен сервисный контракт на поддержку...
хм....я решил данную проблему>>Есть задача, пускать удаленных пользователей во внутреннюю сеть через VPN. Хотелось бы
>>знать, в каком направлении копать, если с одной стороны кошка 2620XM
>>c IOS C2600-IK8S-M, Version 12.2(17), а с другой клиенты на Windows
>>XP.
>
>У меня 2610 XM c2600-ik9s-mz.122-15.T9.bin
>и Таже проблема сколько бы не бился соединить не получилось
>Знаю только что мой IOS держит CISCO Easy VPN Server
>А где надыбать его и CISCO VPN Client ненаю