Cisco 837 to Draytek
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Cisco 837 to Draytek

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco
Author Message
Rob
Guest
Posted: Tue Dec 14, 2004 5:18 pm    Post subject: Cisco 837 to Draytek Reply with quote
Hi All!

SOS!

I am in the process of setting up a on demand vpn between our branch
offices with a Cisco 837 ADSL router to Draytek.

-I do not have access to the Draytek as it is maintained by other
people however we have agreed on preshared keys and encryption etc.

-The Draytek is on a leased line so it not permanently on is there any
extra configuration on my side to only connect once data is sent
across??

-My access list is as follows
access-list 116 permit ip [LOCAL_NET] 0.0.0.255 [REMOTE_IP] 0.0.0.255

-I dont seem to be establishing an SA so I have posted parts of the
debug as I am at a loss!

PLease help and thanks in advance!!!

Rob
---------------------start_debug------------------------------------------
Mar 1 00:46:31.503: ISAKMP: received ke message (3/1)
*Mar 1 00:46:31.503: ISAKMP: ignoring request to send delete notify
(no ISAKMP sa) src LOCAL_IP dst REMOTE_IP for SPI 0x0
*Mar 1 00:46:42.843: ISAKMP: received ke message (1/1)
*Mar 1 00:46:42.847: ISAKMP (0:0): no idb in request
*Mar 1 00:46:42.847: ISAKMP: local port 500, remote port 500
*Mar 1 00:46:42.847: ISAKMP: set new node 0 to QM_IDLE
*Mar 1 00:46:42.847: ISAKMP (0:4): constructed NAT-T vendor ID
*Mar 1 00:46:42.847: ISAKMP (0:4): Input = IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
*Mar 1 00:46:42.847: ISAKMP (0:4): Old State = IKE_READY New State =
IKE_I_MM1

*Mar 1 00:46:42.851: ISAKMP (0:4): beginning Main Mode exchange
*Mar 1 00:46:42.851: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_NO_STATE
*Mar 1 00:46:42.883: ISAKMP (0:4): received packet from REMOTE_IP
dport 500 sport 500 (I) MM_NO_STATE
*Mar 1 00:46:42.887: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
*Mar 1 00:46:42.887: ISAKMP (0:4): Old State = IKE_I_MM1 New State =
IKE_I_MM2

*Mar 1 00:46:42.887: ISAKMP (0:4): processing SA payload. message ID =
0
*Mar 1 00:46:42.887: ISAKMP (0:4): found peer pre-shared key matching
REMOTE_IP
*Mar 1 00:46:42.887: ISAKMP (0:4) local preshared key found
*Mar 1 00:46:42.891: ISAKMP (0:4): Checking ISAKMP transform 1 against
priority 5 policy
*Mar 1 00:46:42.891: ISAKMP: encryption 3DES-CBC
*Mar 1 00:46:42.891: ISAKMP: hash MD5
*Mar 1 00:46:42.891: ISAKMP: default group 1
*Mar 1 00:46:42.891: ISAKMP: auth pre-share
*Mar 1 00:46:42.891: ISAKMP: life type in seconds
*Mar 1 00:46:42.891: ISAKMP: life duration (basic) of 3600
*Mar 1 00:46:42.891: ISAKMP (0:4): atts are acceptable. Next payload
is 0
*Mar 1 00:46:43.027: ISAKMP (0:4): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
*Mar 1 00:46:43.031: ISAKMP (0:4): Old State = IKE_I_MM2 New State =
IKE_I_MM2

*Mar 1 00:46:43.031: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_SA_SETUP
*Mar 1 00:46:43.035: ISAKMP (0:4): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
*Mar 1 00:46:43.035: ISAKMP (0:4): Old State = IKE_I_MM2 New State =
IKE_I_MM3

*Mar 1 00:46:43.955: ISAKMP (0:4): received packet from REMOTE_IP
dport 500 sport 500 (I) MM_SA_SETUP
*Mar 1 00:46:43.955: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
*Mar 1 00:46:43.955: ISAKMP (0:4): Old State = IKE_I_MM3 New State =
IKE_I_MM4

*Mar 1 00:46:43.955: ISAKMP (0:4): processing KE payload. message ID =
0
*Mar 1 00:46:44.119: ISAKMP (0:4): processing NONCE payload. message
ID = 0
*Mar 1 00:46:44.119: ISAKMP (0:4): found peer pre-shared key matching
REMOTE_IP
*Mar 1 00:46:44.119: ISAKMP (0:4): SKEYID state generated
*Mar 1 00:46:44.123: ISAKMP (0:4): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
*Mar 1 00:46:44.123: ISAKMP (0:4): Old State = IKE_I_MM4 New State =
IKE_I_MM4

*Mar 1 00:46:44.231: ISAKMP (0:4): Send initial contact
*Mar 1 00:46:44.231: ISAKMP (0:4): SA is doing pre-shared key
authentication using id type ID_IPV4_ADDR
*Mar 1 00:46:44.231: ISAKMP (4): ID payload
next-payload : 8
type : 1
addr : LOCAL_IP
protocol : 17
port : 0
length : 8
*Mar 1 00:46:44.231: ISAKMP (4): Total payload length: 12
*Mar 1 00:46:44.239: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 00:46:44.239: ISAKMP (0:4): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
*Mar 1 00:46:44.239: ISAKMP (0:4): Old State = IKE_I_MM4 New State =
IKE_I_MM5

*Mar 1 00:46:46.719: ISAKMP (0:4): received packet from REMOTE_IP
dport 500 sport 500 (I) MM_KEY_EXCH
*Mar 1 00:46:46.719: ISAKMP (0:4): phase 1 packet is a duplicate of a
previous packet.
*Mar 1 00:46:46.719: ISAKMP (0:4): retransmitting due to retransmit
phase 1
*Mar 1 00:46:46.719: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:46:47.219: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:46:47.219: ISAKMP (0:4): incrementing error counter on sa:
retransmit phase 1
*Mar 1 00:46:47.219: ISAKMP (0:4): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 00:46:47.219: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 00:46:52.647: ISAKMP (0:4): received packet from REMOTE_IP
dport 500 sport 500 (I) MM_KEY_EXCH
*Mar 1 00:46:52.647: ISAKMP (0:4): phase 1 packet is a duplicate of a
previous packet.
*Mar 1 00:46:52.647: ISAKMP (0:4): retransmitting due to retransmit
phase 1
*Mar 1 00:46:52.647: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:46:53.147: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:46:53.147: ISAKMP (0:4): incrementing error counter on sa:
retransmit phase 1
*Mar 1 00:46:53.147: ISAKMP (0:4): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 00:46:53.147: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 00:47:03.147: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:47:03.147: ISAKMP (0:4): incrementing error counter on sa:
retransmit phase 1
*Mar 1 00:47:03.147: ISAKMP (0:4): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 00:47:03.147: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 00:47:12.267: ISAKMP (0:3): purging node 496325154
*Mar 1 00:47:12.271: ISAKMP (0:3): purging node -777041986
*Mar 1 00:47:12.843: ISAKMP: received ke message (1/1)
*Mar 1 00:47:12.843: ISAKMP: set new node 0 to QM_IDLE
*Mar 1 00:47:12.843: ISAKMP (0:4): SA is still budding. Attached new
ipsec request to it.
*Mar 1 00:47:13.147: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:47:13.147: ISAKMP (0:4): incrementing error counter on sa:
retransmit phase 1
*Mar 1 00:47:13.147: ISAKMP (0:4): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 00:47:13.147: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 00:47:22.271: ISAKMP (0:3): purging SA., sa=813ED708,
delme=813ED708
*Mar 1 00:47:23.147: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:47:23.147: ISAKMP (0:4): incrementing error counter on sa:
retransmit phase 1
*Mar 1 00:47:23.147: ISAKMP (0:4): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 00:47:23.147: ISAKMP (0:4): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 00:47:33.147: ISAKMP (0:4): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 00:47:33.147: ISAKMP (0:4): peer does not do paranoid
keepalives.

*Mar 1 00:47:33.147: ISAKMP (0:4): deleting SA reason "death by
retransmission P1" state (I) MM_KEY_EXCH (peer REMOTE_IP) input queue 0
*Mar 1 00:47:33.147: ISAKMP (0:4): deleting SA reason "death by
retransmission P1" state (I) MM_KEY_EXCH (peer REMOTE_IP) input queue 0
-------------------end_debug------------------------------------
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB