Hallo,
Ik heb een PIX en een Linksys router (WRV54G)
De Linksys moet een VPN-tunnel opzetten naar mijn PIX, ik ben nu al meer dan een week aan het tobben en lukt me gewoon niet.
Ik heb het e.e.a. als debug gedaait wat hieronder te zien is , incl de config van de twee apparaten.
Hopelijk heeft iemand een tip en/of wat hulp. (heb de Linksys hier speciaal voor aangeschaft)
Groet,
Dennis
De configuratie
Locatie A:
PIX
Public IP: <public_ip_pix>
Local IP: 172.16.23.0/24
access-list inside_outbound_nat0_acl permit ip 172.16.23.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list linksys permit ip 172.16.23.0 255.255.255.0 192.168.1.0 255.255.255.0
isakmp enable outside
isakmp key 11111 address <public_ip_linksys> netmask 255.255.255.255
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
Locatie B:
Linksys
Public IP: <public_ip_linksys>
Local IP: 192.168.1.0/24
Ecncryption: 3DES
Authentication: MD5
Key Exchange Method: AUTO(key)
PFS: Enabled
Pre-Shared Key: 11111
Key Lifetime 86400
Phase 1:
Encryption: 3DES
Authentication: MD5
Group: 1024
Key Life Time: 3600
Phase 2
Encryption: 3DES
Authentication: MD5
Group: 1024
Key Life Time: 86400
Debug crypto isakmp
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing ID payload. message ID = 0
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): SA has been authenticated
ISAKMP: Created a peer struct for <public_ip_linksys>, peer port 62465
ISAKMP (0): ID payload
next-payload : 8
type : 2
protocol : 17
port : 500
length : 22
ISAKMP (0): Total payload length: 26
return status is IKMP_NO_ERROR
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending NOTIFY message 24578 protocol 1
VPN Peer: ISAKMP: Added new peer: ip:<public_ip_linksys>/500 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:<public_ip_linksys>/500 Ref cnt incremented to:1 Total VPN Peers:1
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response
Ik heb een PIX en een Linksys router (WRV54G)
De Linksys moet een VPN-tunnel opzetten naar mijn PIX, ik ben nu al meer dan een week aan het tobben en lukt me gewoon niet.
Ik heb het e.e.a. als debug gedaait wat hieronder te zien is , incl de config van de twee apparaten.
Hopelijk heeft iemand een tip en/of wat hulp. (heb de Linksys hier speciaal voor aangeschaft)
Groet,
Dennis
De configuratie
Locatie A:
PIX
Public IP: <public_ip_pix>
Local IP: 172.16.23.0/24
access-list inside_outbound_nat0_acl permit ip 172.16.23.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list linksys permit ip 172.16.23.0 255.255.255.0 192.168.1.0 255.255.255.0
isakmp enable outside
isakmp key 11111 address <public_ip_linksys> netmask 255.255.255.255
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
Locatie B:
Linksys
Public IP: <public_ip_linksys>
Local IP: 192.168.1.0/24
Ecncryption: 3DES
Authentication: MD5
Key Exchange Method: AUTO(key)
PFS: Enabled
Pre-Shared Key: 11111
Key Lifetime 86400
Phase 1:
Encryption: 3DES
Authentication: MD5
Group: 1024
Key Life Time: 3600
Phase 2
Encryption: 3DES
Authentication: MD5
Group: 1024
Key Life Time: 86400
Debug crypto isakmp
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing ID payload. message ID = 0
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): SA has been authenticated
ISAKMP: Created a peer struct for <public_ip_linksys>, peer port 62465
ISAKMP (0): ID payload
next-payload : 8
type : 2
protocol : 17
port : 500
length : 22
ISAKMP (0): Total payload length: 26
return status is IKMP_NO_ERROR
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending NOTIFY message 24578 protocol 1
VPN Peer: ISAKMP: Added new peer: ip:<public_ip_linksys>/500 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:<public_ip_linksys>/500 Ref cnt incremented to:1 Total VPN Peers:1
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response
crypto_isakmp_process_block:src:<public_ip_linksys>, dest:<public_ip_pix> spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response