Cisco (IPSec) vpn

woensdag 17 mei 2017 13:35

Acties:

0 Henk 'm!

Topicstarter

Hallo,

Ik probeer bij mij thuis een ipsec verbinding op te zetten op mijn router via IPSec.
Alleen het probleem is dat ik niet kan verbinden via IPSec.
Als ik probeer te verbind via mijn Macbook blijft het inlog scherm telkens te voorschijn komen, dit tevens ook op mijn telefoon.

Dit is mijn IPSec config + Log file

Kan iemand mij hier meer helpen?

code:

Current configuration : 14208 bytes
!
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local 
!
!
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
!
crypto isakmp client configuration group vpnclient
 key ***********
 dns 8.8.8.8
 pool ippool
 acl 105
 netmask 255.255.255.0
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac 
 mode tunnel
!
crypto dynamic-map dynmap 10
 set transform-set myset 
 reverse-route
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap 
!
!
!
interface GigabitEthernet0/0
 description ** WAN **
 ip address dhcp
 ip access-group 101 in
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly in
 duplex auto
 speed auto
 ipv6 address dhcp
 crypto map clientmap
!
ip local pool ippool 192.168.11.1 192.168.11.5
ip nat inside source list 100 interface GigabitEthernet0/0 overload
!
access-list 100 remark ** NAT ACL **
access-list 100 deny   ip any 192.168.11.0 0.0.0.255
access-list 100 permit ip any any
access-list 105 remark ** VPN **
access-list 105 permit ip any any
!
!
!
End

code:

--------------------------- LOG --------------------------- 
14:42:01: ISAKMP: (0):processing NONCE payload. message ID = 0
14:42:01: ISAKMP: (0):vendor ID is NAT-T RFC 3947
14:42:01: ISAKMP: (0):vendor ID is NAT-T v7
14:42:01: ISAKMP: (0):vendor ID is NAT-T v3
14:42:01: ISAKMP: (0):vendor ID is NAT-T v2
14:42:01: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
14:42:01: ISAKMP: (0):Old State = IKE_READY  New State = IKE_R_AM_AAA_AWAIT 

14:42:01: ISAKMP: (1034):constructed NAT-T vendor-rfc3947 ID
14:42:01: ISAKMP: (1034):SA is doing 
14:42:01: ISAKMP: (1034):pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR
14:42:01: ISAKMP: (1034):ID payload 
    next-payload : 10
    type         : 1
14:42:01: ISAKMP: (1034):   address      : 192.168.2.1
14:42:01: ISAKMP: (1034):   protocol     : 0 
    port         : 0 
    length       : 12
14:42:01: ISAKMP: (1034):Total payload length: 12
14:42:01: ISAKMP-PAK: (1034):sending packet to x.x.x.x my_port 500 peer_port 76 (R) AG_INIT_EXCH
14:42:01: ISAKMP: (1034):Sending an IKE IPv4 Packet.
14:42:01: ISAKMP: (1034):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
14:42:01: ISAKMP: (1034):Old State = IKE_R_AM_AAA_AWAIT  New State = IKE_R_AM2 

14:42:01: ISAKMP-PAK: (1034):received packet from x.x.x.x dport 4500 sport 49092 Global (R) AG_INIT_EXCH
14:42:01: ISAKMP: (1034):processing HASH payload. message ID = 0
14:42:01: ISAKMP: (1034):received payload type 20
14:42:01: ISAKMP: (1034):NAT found, both nodes inside NAT
14:42:01: ISAKMP: (1034):received payload type 20
14:42:01: ISAKMP: (1034):NAT found, both nodes inside NAT
14:42:01: ISAKMP: (1034):processing NOTIFY INITIAL_CONTACT protocol 1
    spi 0, message ID = 0, sa = 0x35B57D94
14:42:01: ISAKMP: (1034):SA authentication status:
    authenticated
14:42:01: ISAKMP: (1034):SA has been authenticated with x.x.x.x
14:42:01: ISAKMP: (1034):Detected port,floating to port = 49092
14:42:01: ISAKMP: (1034):Trying to find existing peer 192.168.2.1/x.x.x.x/49092/
14:42:01: ISAKMP: (1034):SA authentication status:
    authenticated
14:42:01: ISAKMP: (1034):Process initial contact,
bring down existing phase 1 and 2 SA's with local 192.168.2.1 remote x.x.x.x remote port 49092
14:42:01: ISAKMP: (1034):returning IP addr to the address pool
14:42:01: ISAKMP: (0):Trying to insert a peer 192.168.2.1/x.x.x.x/49092/, 
14:42:01: ISAKMP: (0): and inserted successfully 36F424A4.
14:42:01: ISAKMP: (1034):Setting UDP ENC peer struct 0x36194D00 sa= 0x35B57D94
14:42:01: ISAKMP: (1034):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
14:42:01: ISAKMP: (1034):Old State = IKE_R_AM2  New State = IKE_P1_COMPLETE 

14:42:01: ISAKMP: (1034):Need XAUTH
14:42:01: ISAKMP: (1034):set new node 1292392820 to CONF_XAUTH   
14:42:01: ISAKMP: (1034):xauth- request attribute XAUTH_USER_NAME_V2
14:42:01: ISAKMP: (1034):xauth- request attribute XAUTH_USER_PASSWORD_V2
14:42:01: ISAKMP: (1034):initiating peer config to x.x.x.x. ID = 1292392820
14:42:01: ISAKMP-PAK: (1034):sending packet to x.x.x.x my_port 4500 peer_port 49092 (R) CONF_XAUTH   
14:42:01: ISAKMP: (1034):Sending an IKE IPv4 Packet.
14:42:01: ISAKMP: (1034):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
14:42:01: ISAKMP: (1034):Old State = IKE_P1_COMPLETE  New State = IKE_XAUTH_REQ_SENT 

14:42:04: ISAKMP-PAK: (1034):received packet from x.x.x.x dport 4500 sport 49092 Global (R) CONF_XAUTH   
14:42:04: ISAKMP: (1034):processing transaction payload from x.x.x.x. message ID = 1292392820
14:42:04: ISAKMP: (1034):Config payload REPLY
14:42:04: ISAKMP: (1034):xauth-reply attribute XAUTH_USER_NAME_V2
14:42:04: ISAKMP: (1034):xauth-reply attribute XAUTH_USER_PASSWORD_V2
14:42:04: ISAKMP: (1034):deleting node 1292392820 error FALSE reason "Done with xauth request/reply exchange"
14:42:04: ISAKMP: (1034):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
14:42:04: ISAKMP: (1034):Old State = IKE_XAUTH_REQ_SENT  New State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT 

14:42:04: ISAKMP: (1034):set new node 1345743031 to CONF_XAUTH   
14:42:04: ISAKMP: (1034):initiating peer config to x.x.x.x. ID = 1345743031
14:42:04: ISAKMP-PAK: (1034):sending packet to x.x.x.x my_port 4500 peer_port 49092 (R) CONF_XAUTH   
14:42:04: ISAKMP: (1034):Sending an IKE IPv4 Packet.
14:42:04: ISAKMP: (1034):Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN
14:42:04: ISAKMP: (1034):Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT  New State = IKE_XAUTH_SET_SENT 
          
14:42:04: ISAKMP-PAK: (1034):received packet from x.x.x.x dport 4500 sport 49092 Global (R) CONF_XAUTH   
14:42:04: ISAKMP: (1034):processing transaction payload from x.x.x.x. message ID = 1345743031
14:42:04: ISAKMP: (1034):Config payload ACK
14:42:04: ISAKMP: (1034):       XAUTH ACK Processed
14:42:04: ISAKMP: (1034):deleting node 1345743031 error FALSE reason "Transaction mode done"
14:42:04: ISAKMP: (1034):Talking to a Unity Client
14:42:04: ISAKMP: (1034):Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
14:42:04: ISAKMP: (1034):Old State = IKE_XAUTH_SET_SENT  New State = IKE_P1_COMPLETE 

14:42:04: ISAKMP-PAK: (1034):received packet from x.x.x.x dport 4500 sport 49092 Global (R) QM_IDLE      
14:42:04: ISAKMP: (1034):set new node -373225365 to QM_IDLE      
14:42:04: ISAKMP: (1034):processing transaction payload from x.x.x.x. message ID = -373225365
14:42:04: ISAKMP: (1034):Config payload REQUEST
14:42:04: ISAKMP: (1034):checking request:
14:42:04: ISAKMP: (1034):    IP4_ADDRESS
14:42:04: ISAKMP: (1034):    IP4_NETMASK
14:42:04: ISAKMP: (1034):    IP4_DNS
14:42:04: ISAKMP: (1034):    IP4_NBNS
14:42:04: ISAKMP: (1034):    ADDRESS_EXPIRY
14:42:04: ISAKMP: (1034):    APPLICATION_VERSION
14:42:04: ISAKMP: (1034):Client Version is : Cisco Systems VPN Client 10.12.4:Mac OS Xp
14:42:04: ISAKMP: (1034):    MODECFG_BANNER
14:42:04: ISAKMP: (1034):    DEFAULT_DOMAIN
14:42:04: ISAKMP: (1034):    SPLIT_DNS
14:42:04: ISAKMP: (1034):    SPLIT_INCLUDE
14:42:04: ISAKMP: (1034):    INCLUDE_LOCAL_LAN
14:42:04: ISAKMP: (1034):    PFS
14:42:04: ISAKMP: (1034):    MODECFG_SAVEPWD
14:42:04: ISAKMP: (1034):    FW_RECORD
14:42:04: ISAKMP: (1034):    BACKUP_SERVER
14:42:04: ISAKMP: (1034):    MODECFG_BROWSER_PROXY
14:42:04: ISAKMP-AAA: (1034):Author request for group vpnclientsuccessfully sent to AAA
14:42:04: ISAKMP: (1034):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
14:42:04: ISAKMP: (1034):Old State = IKE_P1_COMPLETE  New State = IKE_CONFIG_AUTHOR_AAA_AWAIT 

14:42:04: ISAKMP: (1034):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
14:42:04: ISAKMP: (1034):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT  New State = IKE_CONFIG_AUTHOR_AAA_AWAIT 

14:42:04: ISAKMP-AAA-ERROR: (1034):No Class attributes
14:42:04: ISAKMP: (1034):attributes sent in message:
14:42:04: ISAKMP: (1034):        Address: 0.2.0.0
14:42:04: ISAKMP: (1034):allocating address 192.168.11.5
14:42:04: ISAKMP: (1034):Sending private address: 192.168.11.5
14:42:04: ISAKMP: (1034):Sending subnet mask: 255.255.255.0
14:42:04: ISAKMP: (1034):Sending IP4_DNS server address: 10.0.0.1
14:42:04: ISAKMP: (1034):Sending ADDRESS_EXPIRY seconds left to use the address: 3596
14:42:04: ISAKMP: (1034):Sending APPLICATION_VERSION string: Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.6(3)M2, RELEASE SOFTWARE (fc2)
Technical Sup
14:42:04: ISAKMP: (1034):Sending split include name 105 network 0.0.0.0 mask 0.0.0.0 protocol 0, src port 0, dst port 0

14:42:04: ISAKMP: (1034):Sending save password reply value 0
14:42:04: ISAKMP: (1034):responding to peer config from x.x.x.x. ID = 3921741931
14:42:04: ISAKMP: (1034):Marking node 3921741931 for late deletion
14:42:04: ISAKMP-PAK: (1034):sending packet to x.x.x.x my_port 4500 peer_port 49092 (R) CONF_ADDR    
14:42:04: ISAKMP: (1034):Sending an IKE IPv4 Packet.
14:42:04: ISAKMP: (1034):Talking to a Unity Client
14:42:04: ISAKMP: (1034):Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
14:42:04: ISAKMP: (1034):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT  New State = IKE_P1_COMPLETE 

14:42:04: ISAKMP-AAA-ERROR: (1034):FSM error - Message from AAA grp/user.
--------------------------- EINDE LOG ---------------------------

[ Voor 0% gewijzigd door Equator op 17-05-2017 20:59 ]

woensdag 17 mei 2017 20:57

Acties:

0 Henk 'm!

Equator

Crew Council

#whisky #barista

Tja een groot log bestand en de configuratie dumpen is niet echt wat we graag zien. Sowieso kan je deze beter in een code blok steken, dan is het wat beter leesbaar.

Ik ga je topic naar NT verplaatsen. Maar ik verwacht wel wat je zelf al geprobeerd hebt. Op basis van welke tutorial heb je de configuratie opgesteld?

Reageer

Onderwerpen