URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 4589
[ Назад ]

Исходное сообщение
"Cisco 2620XM и VPN с клиентом на Windows XP"

Отправлено psv141 , 15-Янв-04 18:57 
Есть задача, пускать удаленных пользователей во внутреннюю сеть через VPN. Хотелось бы знать, в каком направлении копать, если с одной стороны кошка 2620XM c IOS C2600-IK8S-M, Version 12.2(17), а с другой клиенты на Windows XP.

Содержание

Сообщения в этом обсуждении
"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено ВОЛКА , 15-Янв-04 19:46 
поменять софт на тот, который поддерживает cisco vpn client
на XP поставить cisco vpn client

"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено psv141 , 16-Янв-04 11:59 
А какой именно IOS нужен? С буковкой T на конце?

"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено SG , 03-Фев-04 20:02 
Проще настроить на цыске PPTP - он в виндах аж со времен 95-х SP2 поддерживается.

Поищите на цыске документ Configuring Virtual Private Dialup Networking (VPDN) и читайте, читайте ;-)

Мы уже пол года так абонентов в домашней сети подключаем.

Причем даже не на 2620XM, а на старой 2611

>поменять софт на тот, который поддерживает cisco vpn client
>на XP поставить cisco vpn client



"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 04-Фев-04 09:52 
Вообще если так подумать то в XP/2000/2003
Есть встроенная поддержка шифрования но в доках на cisco.com
Нет ничего полезного....
Может ктонить знает что и как



"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 26-Янв-04 14:34 
>Есть задача, пускать удаленных пользователей во внутреннюю сеть через VPN. Хотелось бы
>знать, в каком направлении копать, если с одной стороны кошка 2620XM
>c IOS C2600-IK8S-M, Version 12.2(17), а с другой клиенты на Windows
>XP.

У меня 2610 XM c2600-ik9s-mz.122-15.T9.bin
и Таже проблема сколько бы не бился соединить не получилось
Знаю только что мой IOS держит CISCO Easy VPN Server
А где надыбать его и CISCO VPN Client ненаю


"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 28-Янв-04 10:42 
Ну вот надыбал CISCO VPN Client 4.0.2
Сделал все как по инструкции но вот незадача НЕРАБОТАЕТ
Причем Конект есть а передача данных не осуществляеться
В чем может быть трабл ?
Точнее данные улетают кудато не туда


"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Pavel , 28-Янв-04 11:50 
>Ну вот надыбал CISCO VPN Client 4.0.2
>Сделал все как по инструкции но вот незадача НЕРАБОТАЕТ
>Причем Конект есть а передача данных не осуществляеться
>В чем может быть трабл ?
>Точнее данные улетают кудато не туда

Смотреть в сторону настройки ACL.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns27/net...
только там, в примере строку
ip local pool dynpool 30.30.30.20 30.30.30.30
поменять на что-нить другое, например
ip local pool dynpool 30.30.31.20 30.30.31.30


"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 03-Фев-04 10:23 
Оки...долго мучался и всетаки допер
crypto isakmp client configuration group CLIENT
key KEY
dns 192.168.1.3
domain cisco.com
pool my-pool
acl 170
ip local pool my-pool 192.168.2.1 192.168.2.254
access-list 170 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 170 permit udp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
вот так должно быть......причем он этот access-list подгружает на клиента
и использует как route-map

Но у меня ща используется CISCO VPN Client 4.0.3 (D)
и возникает следующая проблема....после некоторой работы минут 2-3
Он обрывает канал ...причем на клиенте пишет следующее сообщение в лог
Cisco Systems VPN Client Version 4.0.3 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.2195

1      15:06:56.556  02/02/04  Sev=Info/4       CM/0x63100002
Begin connection process

2      15:06:56.576  02/02/04  Sev=Info/4       CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully

3      15:06:56.576  02/02/04  Sev=Info/4       CM/0x63100004
Establish secure connection using Ethernet

4      15:06:56.576  02/02/04  Sev=Info/4       CM/0x63100024
Attempt connection with server "80.80.80.80"

5      15:06:57.597  02/02/04  Sev=Info/6       IKE/0x6300003B
Attempting to establish a connection with 80.80.80.80.

6      15:06:57.617  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 80.80.80.80

7      15:06:57.657  02/02/04  Sev=Info/4       IPSEC/0x63700008
IPSec driver successfully started

8      15:06:57.657  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

9      15:06:57.657  02/02/04  Sev=Info/6       IPSEC/0x6370002B
Sent 208 packets, 0 were fragmented.

10     15:06:58.388  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

11     15:06:58.388  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 80.80.80.80

12     15:06:58.388  02/02/04  Sev=Info/5       IKE/0x63000001
Peer is a Cisco-Unity compliant peer

13     15:06:58.388  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports DPD

14     15:06:58.388  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports DWR Code Only

15     15:06:58.388  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports XAUTH

16     15:06:58.388  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports NAT-T

17     15:06:58.408  02/02/04  Sev=Info/6       IKE/0x63000001
IOS Vendor ID Contruction successful

18     15:06:58.408  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 80.80.80.80

19     15:06:58.408  02/02/04  Sev=Info/6       IKE/0x63000054
Sent a keepalive on the IPSec SA

20     15:06:58.408  02/02/04  Sev=Info/4       IKE/0x63000082
IKE Port in use - Local Port =  0x1194, Remote Port = 0x1194

21     15:06:58.408  02/02/04  Sev=Info/5       IKE/0x63000071
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

22     15:06:58.408  02/02/04  Sev=Info/4       CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

23     15:06:58.479  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

24     15:06:58.479  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80

25     15:06:58.479  02/02/04  Sev=Info/5       IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds

26     15:06:58.479  02/02/04  Sev=Info/5       IKE/0x63000046
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

27     15:06:58.489  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

28     15:06:58.489  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

29     15:06:58.489  02/02/04  Sev=Info/4       CM/0x63100015
Launch xAuth application

30     15:07:03.486  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

31     15:07:03.486  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80

32     15:07:06.120  02/02/04  Sev=Info/4       CM/0x63100017
xAuth application returned

33     15:07:06.120  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

34     15:07:06.180  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

35     15:07:06.180  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

36     15:07:06.180  02/02/04  Sev=Info/4       CM/0x63100015
Launch xAuth application

37     15:07:08.853  02/02/04  Sev=Info/6       IKE/0x63000054
Sent a keepalive on the IPSec SA

38     15:07:10.406  02/02/04  Sev=Info/4       CM/0x63100017
xAuth application returned

39     15:07:10.406  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

40     15:07:10.466  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

41     15:07:10.476  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

42     15:07:10.476  02/02/04  Sev=Info/4       CM/0x63100015
Launch xAuth application

43     15:07:13.670  02/02/04  Sev=Info/4       CM/0x63100017
xAuth application returned

44     15:07:13.670  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

45     15:07:13.720  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

46     15:07:13.720  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

47     15:07:13.720  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

48     15:07:13.731  02/02/04  Sev=Info/4       IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=FC84D33BAEC8DFD4 R_Cookie=9C55C2EE59169DBC) reason = DEL_REASON_WE_FAILED_AUTH

49     15:07:13.731  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 80.80.80.80

50     15:07:14.371  02/02/04  Sev=Info/4       IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=FC84D33BAEC8DFD4 R_Cookie=9C55C2EE59169DBC) reason = DEL_REASON_WE_FAILED_AUTH

51     15:07:14.371  02/02/04  Sev=Info/4       CM/0x63100014
Unable to establish Phase 1 SA with server "80.80.80.80" because of "DEL_REASON_WE_FAILED_AUTH"

52     15:07:14.371  02/02/04  Sev=Info/5       CM/0x63100025
Initializing CVPNDrv

53     15:07:14.421  02/02/04  Sev=Info/4       IKE/0x63000001
IKE received signal to terminate VPN connection

54     15:07:14.462  02/02/04  Sev=Info/4       IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully

55     15:07:14.462  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

56     15:07:14.462  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

57     15:07:14.472  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

58     15:07:14.472  02/02/04  Sev=Info/4       IPSEC/0x6370000A
IPSec driver successfully stopped

59     15:07:26.980  02/02/04  Sev=Info/4       CM/0x63100002
Begin connection process

60     15:07:26.990  02/02/04  Sev=Info/4       CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully

61     15:07:26.990  02/02/04  Sev=Info/4       CM/0x63100004
Establish secure connection using Ethernet

62     15:07:26.990  02/02/04  Sev=Info/4       CM/0x63100024
Attempt connection with server "80.80.80.80"

63     15:07:28.011  02/02/04  Sev=Info/6       IKE/0x6300003B
Attempting to establish a connection with 80.80.80.80.

64     15:07:28.031  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 80.80.80.80

65     15:07:28.071  02/02/04  Sev=Info/4       IPSEC/0x63700008
IPSec driver successfully started

66     15:07:28.071  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

67     15:07:28.782  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

68     15:07:28.782  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 80.80.80.80

69     15:07:28.782  02/02/04  Sev=Info/5       IKE/0x63000001
Peer is a Cisco-Unity compliant peer

70     15:07:28.782  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports DPD

71     15:07:28.782  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports DWR Code Only

72     15:07:28.782  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports XAUTH

73     15:07:28.782  02/02/04  Sev=Info/5       IKE/0x63000001
Peer supports NAT-T

74     15:07:28.802  02/02/04  Sev=Info/6       IKE/0x63000001
IOS Vendor ID Contruction successful

75     15:07:28.802  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 80.80.80.80

76     15:07:28.802  02/02/04  Sev=Info/6       IKE/0x63000054
Sent a keepalive on the IPSec SA

77     15:07:28.802  02/02/04  Sev=Info/4       IKE/0x63000082
IKE Port in use - Local Port =  0x1194, Remote Port = 0x1194

78     15:07:28.802  02/02/04  Sev=Info/5       IKE/0x63000071
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

79     15:07:28.802  02/02/04  Sev=Info/4       CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

80     15:07:28.862  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

81     15:07:28.862  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80

82     15:07:28.862  02/02/04  Sev=Info/5       IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds

83     15:07:28.862  02/02/04  Sev=Info/5       IKE/0x63000046
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now

84     15:07:28.872  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

85     15:07:28.872  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

86     15:07:28.872  02/02/04  Sev=Info/4       CM/0x63100015
Launch xAuth application

87     15:07:33.879  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

88     15:07:33.879  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80

89     15:07:35.051  02/02/04  Sev=Info/4       CM/0x63100017
xAuth application returned

90     15:07:35.051  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

91     15:07:35.101  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

92     15:07:35.111  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

93     15:07:35.111  02/02/04  Sev=Info/4       CM/0x63100015
Launch xAuth application

94     15:07:38.897  02/02/04  Sev=Info/6       IKE/0x63000054
Sent a keepalive on the IPSec SA

95     15:07:40.098  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

96     15:07:40.098  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80

97     15:07:45.106  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

98     15:07:45.106  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80

99     15:07:46.548  02/02/04  Sev=Info/4       CM/0x63100017
xAuth application returned

100    15:07:46.548  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

101    15:07:46.608  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

102    15:07:46.608  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

103    15:07:46.608  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

104    15:07:46.608  02/02/04  Sev=Info/4       CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

105    15:07:46.638  02/02/04  Sev=Info/5       IKE/0x6300005D
Client sending a firewall request to concentrator

106    15:07:46.638  02/02/04  Sev=Info/5       IKE/0x6300005C
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).

107    15:07:46.648  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80

108    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

109    15:07:46.758  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80

110    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.35

111    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.3

112    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 192.168.1.3

113    15:07:46.758  02/02/04  Sev=Info/5       IKE/0xA3000017
MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-1062731517) is not supported

114    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = sevbank.local

115    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000006

116    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000F
SPLIT_NET #1
        subnet = 192.168.1.0
        mask = 255.255.255.0
        protocol = 17
        src port = 0
        dest port=0

117    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000F
SPLIT_NET #2
        subnet = 192.168.1.0
        mask = 255.255.255.0
        protocol = 0
        src port = 0
        dest port=0

118    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000F
SPLIT_NET #3
        subnet = 192.168.1.0
        mask = 255.255.255.0
        protocol = 1
        src port = 0
        dest port=0

119    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000F
SPLIT_NET #4
        subnet = 192.168.1.0
        mask = 255.255.255.0
        protocol = 6
        src port = 0
        dest port=0

120    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000F
SPLIT_NET #5
        subnet = 192.168.2.0
        mask = 255.255.255.0
        protocol = 0
        src port = 0
        dest port=0

121    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000F
SPLIT_NET #6
        subnet = 192.168.2.0
        mask = 255.255.255.0
        protocol = 17
        src port = 0
        dest port=0

122    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.2(15)T9,  RELEASE SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 01-Nov-03 04:42 by ccai

123    15:07:46.758  02/02/04  Sev=Info/5       IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

124    15:07:46.758  02/02/04  Sev=Info/4       CM/0x63100019
Mode Config data received

125    15:07:46.778  02/02/04  Sev=Info/4       IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.2.35, GW IP = 80.80.80.80, Remote IP = 0.0.0.0

126    15:07:46.778  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 80.80.80.80

127    15:07:46.948  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

128    15:07:47.189  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

129    15:07:47.189  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80

130    15:07:47.189  02/02/04  Sev=Info/5       IKE/0x63000044
RESPONDER-LIFETIME notify has value of 28800 seconds

131    15:07:47.189  02/02/04  Sev=Info/5       IKE/0x63000045
RESPONDER-LIFETIME notify has value of 4608000 kb

132    15:07:47.189  02/02/04  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 80.80.80.80

133    15:07:47.189  02/02/04  Sev=Info/5       IKE/0x63000058
Loading IPsec SA (MsgID=8D3C866F OUTBOUND SPI = 0xAA3CFAA5 INBOUND SPI = 0x34179701)

134    15:07:47.189  02/02/04  Sev=Info/5       IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xAA3CFAA5

135    15:07:47.189  02/02/04  Sev=Info/5       IKE/0x63000026
Loaded INBOUND ESP SPI: 0x34179701

136    15:07:47.509  02/02/04  Sev=Info/4       CM/0x63100034
The Virtual Adapter was enabled:
        IP=192.168.2.35/255.255.255.0
        DNS=192.168.1.3,0.0.0.0
        WINS=192.168.1.3,0.0.0.0
        Domain=sevbank.local
        Split DNS Names=

137    15:07:47.559  02/02/04  Sev=Info/5       CVPND/0x63400016
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0           0.0.0.0       192.168.2.3        1
      127.0.0.0         127.0.0.0         127.0.0.0         127.0.0.1        1
    192.168.2.0       192.168.2.0       192.168.2.0       192.168.2.3        1
    192.168.2.0       192.168.2.0       192.168.2.0      192.168.2.35        1
    192.168.2.3       192.168.2.3       192.168.2.3         127.0.0.1        1
   192.168.2.35      192.168.2.35      192.168.2.35         127.0.0.1        1
  192.168.2.255     192.168.2.255     192.168.2.255       192.168.2.3        1
  192.168.2.255     192.168.2.255     192.168.2.255      192.168.2.35        1
      224.0.0.0         224.0.0.0         224.0.0.0       192.168.2.3        1
      224.0.0.0         224.0.0.0         224.0.0.0      192.168.2.35        1
255.255.255.255   255.255.255.255   255.255.255.255       192.168.2.3        1


138    15:07:47.589  02/02/04  Sev=Info/5       CVPND/0x63400016
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0           0.0.0.0       192.168.2.3        1
   80.80.80.80      80.80.80.80      80.80.80.80       192.168.2.3        1
      127.0.0.0         127.0.0.0         127.0.0.0         127.0.0.1        1
    192.168.1.0       192.168.1.0       192.168.1.0      192.168.2.35        1
    192.168.2.0       192.168.2.0       192.168.2.0       192.168.2.3        1
    192.168.2.0       192.168.2.0       192.168.2.0      192.168.2.35        1
    192.168.2.1       192.168.2.1       192.168.2.1       192.168.2.3        1
    192.168.2.3       192.168.2.3       192.168.2.3         127.0.0.1        1
   192.168.2.35      192.168.2.35      192.168.2.35         127.0.0.1        1
  192.168.2.255     192.168.2.255     192.168.2.255       192.168.2.3        1
  192.168.2.255     192.168.2.255     192.168.2.255      192.168.2.35        1
      224.0.0.0         224.0.0.0         224.0.0.0       192.168.2.3        1
      224.0.0.0         224.0.0.0         224.0.0.0      192.168.2.35        1
255.255.255.255   255.255.255.255   255.255.255.255       192.168.2.3        1


139    15:07:47.589  02/02/04  Sev=Info/6       CM/0x63100036
The routing table was updated for the Virtual Adapter

140    15:07:47.609  02/02/04  Sev=Info/4       CM/0x6310001A
One secure connection established

141    15:07:47.619  02/02/04  Sev=Info/4       CM/0x63100038
Address watch added for 192.168.2.3.  Current address(es): 192.168.2.35, 192.168.2.3.

142    15:07:47.629  02/02/04  Sev=Info/4       CM/0x63100038
Address watch added for 192.168.2.35.  Current address(es): 192.168.2.35, 192.168.2.3.

143    15:07:48.070  02/02/04  Sev=Info/4       IPSEC/0x63700010
Created a new key structure

144    15:07:48.070  02/02/04  Sev=Info/4       IPSEC/0x6370000F
Added key with SPI=0xa5fa3caa into key list

145    15:07:48.070  02/02/04  Sev=Info/4       IPSEC/0x63700010
Created a new key structure

146    15:07:48.070  02/02/04  Sev=Info/4       IPSEC/0x6370000F
Added key with SPI=0x01971734 into key list

147    15:07:48.070  02/02/04  Sev=Info/4       IPSEC/0x6370002E
Assigned VA private interface addr 192.168.2.35

Cisco Systems VPN Client Version 4.0.3 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.2195

1      15:08:09.060  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

2      15:08:09.070  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.80

3      15:08:09.070  02/02/04  Sev=Warning/3    IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)

4      15:08:09.070  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)

5      15:08:09.070  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)

6      15:08:09.070  02/02/04  Sev=Warning/2    IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)

7      15:08:09.070  02/02/04  Sev=Info/4       IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=2BDD0FE2

8      15:08:19.044  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

9      15:08:19.044  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.80

10     15:08:19.044  02/02/04  Sev=Warning/3    IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)

11     15:08:19.044  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)

12     15:08:19.044  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)

13     15:08:19.044  02/02/04  Sev=Warning/2    IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)

14     15:08:19.044  02/02/04  Sev=Info/4       IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=3D107156

15     15:08:19.054  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

16     15:08:19.054  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.80

17     15:08:19.054  02/02/04  Sev=Warning/3    IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)

18     15:08:19.054  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)

19     15:08:19.054  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)

20     15:08:19.054  02/02/04  Sev=Warning/2    IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)

21     15:08:19.054  02/02/04  Sev=Info/4       IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=2BDD0FE2

22     15:08:29.039  02/02/04  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80

23     15:08:29.039  02/02/04  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from 80.80.80.80

24     15:08:29.039  02/02/04  Sev=Info/5       IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies:  I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579

25     15:08:29.039  02/02/04  Sev=Info/5       IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = AA3CFAA5 INBOUND SPI = 34179701)

26     15:08:29.039  02/02/04  Sev=Info/4       IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=8D3C866F

27     15:08:29.039  02/02/04  Sev=Info/4       IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED

28     15:08:29.149  02/02/04  Sev=Info/4       IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.2.35, GW IP = 0.0.0.0, Remote IP = 192.168.1.3

29     15:08:29.149  02/02/04  Sev=Warning/3    IKE/0xE3000065
Could not find an IKE SA for 192.168.1.3.  KEY_REQ aborted.

30     15:08:29.149  02/02/04  Sev=Warning/2    IKE/0xE3000099
Failed to initiate P2 rekey: Error dectected (Initiate:176)

31     15:08:29.149  02/02/04  Sev=Warning/2    IKE/0xE3000099
Unable to initiate QM (IKE_MAIN:458)

32     15:08:29.780  02/02/04  Sev=Info/4       IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED

33     15:08:29.780  02/02/04  Sev=Info/4       CM/0x63100013
Phase 1 SA deleted cause by PEER_DELETE-IKE_DELETE_UNSPECIFIED.  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

34     15:08:29.780  02/02/04  Sev=Info/5       CM/0x63100025
Initializing CVPNDrv

35     15:08:29.880  02/02/04  Sev=Info/6       CM/0x63100031
Tunnel to headend device 80.80.80.80 disconnected: duration: 0 days 0:0:42

36     15:08:29.940  02/02/04  Sev=Info/4       IKE/0x63000001
IKE received signal to terminate VPN connection

37     15:08:30.010  02/02/04  Sev=Info/5       CVPND/0x63400016
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0           0.0.0.0       192.168.2.3        1
   80.80.80.80        80.80.80.80       80.80.80.80       192.168.2.3        1
      127.0.0.0         127.0.0.0         127.0.0.0         127.0.0.1        1
    192.168.1.0       192.168.1.0       192.168.1.0      192.168.2.35        1
    192.168.2.0       192.168.2.0       192.168.2.0       192.168.2.3        1
    192.168.2.0       192.168.2.0       192.168.2.0      192.168.2.35        1
    192.168.2.1       192.168.2.1       192.168.2.1       192.168.2.3        1
    192.168.2.3       192.168.2.3       192.168.2.3         127.0.0.1        1
   192.168.2.35      192.168.2.35      192.168.2.35         127.0.0.1        1
  192.168.2.255     192.168.2.255     192.168.2.255       192.168.2.3        1
  192.168.2.255     192.168.2.255     192.168.2.255      192.168.2.35        1
      224.0.0.0         224.0.0.0         224.0.0.0       192.168.2.3        1
      224.0.0.0         224.0.0.0         224.0.0.0      192.168.2.35        1
255.255.255.255   255.255.255.255   255.255.255.255       192.168.2.3        1


38     15:08:30.020  02/02/04  Sev=Warning/2    CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87

39     15:08:30.020  02/02/04  Sev=Warning/2    CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87

40     15:08:30.020  02/02/04  Sev=Warning/2    CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87

41     15:08:30.020  02/02/04  Sev=Warning/2    CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87

42     15:08:30.030  02/02/04  Sev=Info/5       CVPND/0x63400016
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0           0.0.0.0       192.168.2.3        1
      127.0.0.0         127.0.0.0         127.0.0.0         127.0.0.1        1
    192.168.2.0       192.168.2.0       192.168.2.0       192.168.2.3        1
    192.168.2.3       192.168.2.3       192.168.2.3         127.0.0.1        1
   192.168.2.35      192.168.2.35      192.168.2.35         127.0.0.1        1
  192.168.2.255     192.168.2.255     192.168.2.255       192.168.2.3        1
  192.168.2.255     192.168.2.255     192.168.2.255      192.168.2.35        1
      224.0.0.0         224.0.0.0         224.0.0.0       192.168.2.3        1
      224.0.0.0         224.0.0.0         224.0.0.0      192.168.2.35        1
255.255.255.255   255.255.255.255   255.255.255.255       192.168.2.3        1


43     15:08:30.030  02/02/04  Sev=Info/6       CM/0x63100037
The routing table was returned to orginal state prior to Virtual Adapter

44     15:08:31.182  02/02/04  Sev=Info/4       CM/0x63100035
The Virtual Adapter was disabled

45     15:08:31.192  02/02/04  Sev=Info/4       IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully

46     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700013
Delete internal key with SPI=0x01971734

47     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x6370000C
Key deleted by SPI 0x01971734

48     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700013
Delete internal key with SPI=0xa5fa3caa

49     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x6370000C
Key deleted by SPI 0xa5fa3caa

50     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700010
Created a new key structure

51     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700013
Delete internal key with SPI=0x00000000

52     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

53     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700010
Created a new key structure

54     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700013
Delete internal key with SPI=0x00000000

55     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

56     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x63700014
Deleted all keys

57     15:08:31.202  02/02/04  Sev=Info/4       IPSEC/0x6370000A
IPSec driver successfully stopped

58     15:08:31.202  02/02/04  Sev=Warning/2    IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:507)



"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 03-Фев-04 10:25 
Причем это возникать стало после установки галки чтобы Client запускался при startupe windows
Cliet стоял на Windows 2000 Prof SP4 RUS

"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено ВОЛКА , 03-Фев-04 11:03 
не надо пользовать 4.0....
пробуйте 3.6

"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 03-Фев-04 11:49 
>не надо пользовать 4.0....
>пробуйте 3.6
Хм как так ненадо....ветка 3.6 вроде уже не поддерживается



"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено ВОЛКА , 03-Фев-04 11:57 
ну тогда открывайте кейс в Cisco TAC, может и починят...

3.6 меня вполне устраевает,
работает и с IOS, и с PIX, и с VPN3000


"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено Alexeo , 03-Фев-04 15:08 
Ответе начинающему что такое кейс на CISCO TAC
И немоглибы вы помоч офрмить его (если я правильно понял это типа форума поодержки)

"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено ВОЛКА , 03-Фев-04 20:34 
для эго нужен сервисный контракт на поддержку...

"Cisco 2620XM и VPN с клиентом на Windows XP"
Отправлено HotIcer , 12-Ноя-04 12:26 
хм....я решил данную проблему

>>Есть задача, пускать удаленных пользователей во внутреннюю сеть через VPN. Хотелось бы
>>знать, в каком направлении копать, если с одной стороны кошка 2620XM
>>c IOS C2600-IK8S-M, Version 12.2(17), а с другой клиенты на Windows
>>XP.
>
>У меня 2610 XM c2600-ik9s-mz.122-15.T9.bin
>и Таже проблема сколько бы не бился соединить не получилось
>Знаю только что мой IOS держит CISCO Easy VPN Server
>А где надыбать его и CISCO VPN Client ненаю