>
>aaa authorization network default local
>aaa authentication login default local
>
>А на дебаги можно посмотреть?Конечно можно
*Mar 20 13:52:38.502: ISAKMP (0:0): received packet from 172.16.2.99 dport 500 sport 500 Global (N) NEW SA
*Mar 20 13:52:38.502: ISAKMP: Created a peer struct for 172.16.2.99, peer port 500
*Mar 20 13:52:38.502: ISAKMP: New peer created peer = 0x63E8BAC0 peer_handle = 0x80000016
*Mar 20 13:52:38.502: ISAKMP: Locking peer struct 0x63E8BAC0, IKE refcount 1 for crypto_isakmp_process_block
*Mar 20 13:52:38.502: ISAKMP:(0:0:N/A:0):Setting client config settings 63E8FCF0
*Mar 20 13:52:38.502: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth list and state
*Mar 20 13:52:38.502: ISAKMP/xauth: initializing AAA request
*Mar 20 13:52:38.502: ISAKMP: local port 500, remote port 500
*Mar 20 13:52:38.502: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 63192708
*Mar 20 13:52:38.502: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Mar 20 13:52:38.502: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*Mar 20 13:52:38.502: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : cisco
protocol : 17
port : 500
length : 13
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):: peer matches *none* of the profiles
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 6 policy
*Mar 20 13:52:38.506: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.506: ISAKMP: hash SHA
*Mar 20 13:52:38.506: ISAKMP: default group 2
*Mar 20 13:52:38.506: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.506: ISAKMP: life type in seconds
*Mar 20 13:52:38.506: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.506: ISAKMP: keylength of 256
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 6 policy
*Mar 20 13:52:38.506: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.506: ISAKMP: hash MD5
*Mar 20 13:52:38.506: ISAKMP: default group 2
*Mar 20 13:52:38.506: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.506: ISAKMP: life type in seconds
*Mar 20 13:52:38.506: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.506: ISAKMP: keylength of 256
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 6 policy
*Mar 20 13:52:38.506: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.506: ISAKMP: hash SHA
*Mar 20 13:52:38.506: ISAKMP: default group 2
*Mar 20 13:52:38.506: ISAKMP: auth pre-share
*Mar 20 13:52:38.506: ISAKMP: life type in seconds
*Mar 20 13:52:38.506: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.506: ISAKMP: keylength of 256
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.506: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 6 policy
*Mar 20 13:52:38.510: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.510: ISAKMP: hash MD5
*Mar 20 13:52:38.510: ISAKMP: default group 2
*Mar 20 13:52:38.510: ISAKMP: auth pre-share
*Mar 20 13:52:38.510: ISAKMP: life type in seconds
*Mar 20 13:52:38.510: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.510: ISAKMP: keylength of 256
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 6 policy
*Mar 20 13:52:38.510: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.510: ISAKMP: hash SHA
*Mar 20 13:52:38.510: ISAKMP: default group 2
*Mar 20 13:52:38.510: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.510: ISAKMP: life type in seconds
*Mar 20 13:52:38.510: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.510: ISAKMP: keylength of 128
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 6 policy
*Mar 20 13:52:38.510: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.510: ISAKMP: hash MD5
*Mar 20 13:52:38.510: ISAKMP: default group 2
*Mar 20 13:52:38.510: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.510: ISAKMP: life type in seconds
*Mar 20 13:52:38.510: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.510: ISAKMP: keylength of 128
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 6 policy
*Mar 20 13:52:38.510: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.510: ISAKMP: hash SHA
*Mar 20 13:52:38.510: ISAKMP: default group 2
*Mar 20 13:52:38.510: ISAKMP: auth pre-share
*Mar 20 13:52:38.510: ISAKMP: life type in seconds
*Mar 20 13:52:38.510: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.510: ISAKMP: keylength of 128
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 6 policy
*Mar 20 13:52:38.510: ISAKMP: encryption AES-CBC
*Mar 20 13:52:38.510: ISAKMP: hash MD5
*Mar 20 13:52:38.510: ISAKMP: default group 2
*Mar 20 13:52:38.510: ISAKMP: auth pre-share
*Mar 20 13:52:38.510: ISAKMP: life type in seconds
*Mar 20 13:52:38.510: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.510: ISAKMP: keylength of 128
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.510: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 6 policy
*Mar 20 13:52:38.514: ISAKMP: encryption 3DES-CBC
*Mar 20 13:52:38.514: ISAKMP: hash SHA
*Mar 20 13:52:38.514: ISAKMP: default group 2
*Mar 20 13:52:38.514: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.514: ISAKMP: life type in seconds
*Mar 20 13:52:38.514: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 6 policy
*Mar 20 13:52:38.514: ISAKMP: encryption 3DES-CBC
*Mar 20 13:52:38.514: ISAKMP: hash MD5
*Mar 20 13:52:38.514: ISAKMP: default group 2
*Mar 20 13:52:38.514: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.514: ISAKMP: life type in seconds
*Mar 20 13:52:38.514: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 6 policy
*Mar 20 13:52:38.514: ISAKMP: encryption 3DES-CBC
*Mar 20 13:52:38.514: ISAKMP: hash SHA
*Mar 20 13:52:38.514: ISAKMP: default group 2
*Mar 20 13:52:38.514: ISAKMP: auth pre-share
*Mar 20 13:52:38.514: ISAKMP: life type in seconds
*Mar 20 13:52:38.514: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 6 policy
*Mar 20 13:52:38.514: ISAKMP: encryption 3DES-CBC
*Mar 20 13:52:38.514: ISAKMP: hash MD5
*Mar 20 13:52:38.514: ISAKMP: default group 2
*Mar 20 13:52:38.514: ISAKMP: auth pre-share
*Mar 20 13:52:38.514: ISAKMP: life type in seconds
*Mar 20 13:52:38.514: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 6 policy
*Mar 20 13:52:38.514: ISAKMP: encryption DES-CBC
*Mar 20 13:52:38.514: ISAKMP: hash MD5
*Mar 20 13:52:38.514: ISAKMP: default group 2
*Mar 20 13:52:38.514: ISAKMP: auth XAUTHInitPreShared
*Mar 20 13:52:38.514: ISAKMP: life type in seconds
*Mar 20 13:52:38.514: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 20 13:52:38.514: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
*Mar 20 13:52:38.570: ISAKMP:(0:15:SW:1): processing KE payload. message ID = 0
*Mar 20 13:52:38.634: ISAKMP:(0:15:SW:1): processing NONCE payload. message ID = 0
*Mar 20 13:52:38.638: ISAKMP (0:134217743): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
*Mar 20 13:52:38.638: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Mar 20 13:52:38.638: ISAKMP:(0:15:SW:1):Old State = IKE_READY New State = IKE_READY
*Mar 20 13:52:38.638: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 172.16.2.99
*Mar 20 13:52:44.022: ISAKMP (0:134217743): received packet from 172.16.2.99 dport 500 sport 500 Global (R) AG_NO_STATE
*Mar 20 13:52:44.022: ISAKMP:(0:15:SW:1): processing SA payload. message ID = 0
*Mar 20 13:52:44.022: ISAKMP:(0:15:SW:1): already processed SA payload!
*Mar 20 13:52:44.022: ISAKMP (0:134217743): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
*Mar 20 13:52:44.022: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Mar 20 13:52:44.022: ISAKMP:(0:15:SW:1):Old State = IKE_READY New State = IKE_READY
*Mar 20 13:52:48.590: ISAKMP (0:134217743): received packet from 172.16.2.99 dport 500 sport 500 Global (R) AG_NO_STATE
*Mar 20 13:52:48.590: ISAKMP:(0:15:SW:1): processing SA payload. message ID = 0
*Mar 20 13:52:48.590: ISAKMP:(0:15:SW:1): already processed SA payload!
*Mar 20 13:52:48.590: ISAKMP (0:134217743): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
*Mar 20 13:52:48.590: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Mar 20 13:52:48.590: ISAKMP:(0:15:SW:1):Old State = IKE_READY New State = IKE_READY
*Mar 20 13:52:53.978: ISAKMP (0:134217743): received packet from 172.16.2.99 dport 500 sport 500 Global (R) AG_NO_STATE
*Mar 20 13:52:53.978: ISAKMP:(0:15:SW:1): processing SA payload. message ID = 0
*Mar 20 13:52:53.978: ISAKMP:(0:15:SW:1): already processed SA payload!
*Mar 20 13:52:53.978: ISAKMP (0:134217743): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
*Mar 20 13:52:53.978: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Mar 20 13:52:53.978: ISAKMP:(0:15:SW:1):Old State = IKE_READY New State = IKE_READY
Вариант для распечатки
(??) on 21-Мрт-06, 15:17 
