Hi all,
dunno if anyone had this strange behaviour before. We´re using L2TP/IPSec for RA to our datacenter and this works great with our Mac Clients using OS X internal L2TP Functionalities.
But while we need Windows too (for using vSphere Client) we wanna setup this on some XP SP3 (all updates) and Win 7 clients.
Here we have a strange behaviour on ALL Systems.
At moment there are 2 distinct users configured, call them "Auser" and "Buser" so "Auser" is on place 1 in the List of the ASGs Allowed Users (normally sort from a to z)
while connecting with a Windows Client the ASG tries to use the first user, even if the second user is selected to be used in the win client.
The Log says: (when i connect with "Buser" and its password!!!)
Does anyone has any clue??
Using ASG 8.301
dunno if anyone had this strange behaviour before. We´re using L2TP/IPSec for RA to our datacenter and this works great with our Mac Clients using OS X internal L2TP Functionalities.
But while we need Windows too (for using vSphere Client) we wanna setup this on some XP SP3 (all updates) and Win 7 clients.
Here we have a strange behaviour on ALL Systems.
At moment there are 2 distinct users configured, call them "Auser" and "Buser" so "Auser" is on place 1 in the List of the ASGs Allowed Users (normally sort from a to z)
while connecting with a Windows Client the ASG tries to use the first user, even if the second user is selected to be used in the win client.
The Log says: (when i connect with "Buser" and its password!!!)
Quote:
|
2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] 2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: ignoring Vendor ID payload [FRAGMENTATION] 2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: ignoring Vendor ID payload [Vid-Initial-Contact] 2012:04:16-16:35:07 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:4500 #219: responding to Main Mode from unknown peer 160.xx.xx.xx:4500 2012:04:16-16:35:07 seth-2 pluto[7632]: | NAT-T: new mapping 160.xx.xx.xx:4500/51) 2012:04:16-16:35:07 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #218: ERROR: netlink response for Add SA esp.c6be7c76@46.xx.xx.xx included errno 22: Invalid argument 2012:04:16-16:35:07 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #219: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 2012:04:16-16:35:08 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #219: byte 2 of ISAKMP Identification Payload must be zero, but is not 2012:04:16-16:35:08 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #219: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?) |
Using ASG 8.301