Hi all,
I have a weird problem going on. I have a IPSEC Site2Site VPN from my Astaro 220 to a Cisco 3000 Concentrator. Everything was going fine until a couple days ago. The remote end made some routing changes and now weird things are happening.
We got it going today once they fixed their routes but the error message I'm seeing continues and now the tunnel is down again. Here is an excerpt of the log file.
You see in the middle section it finally reconnected and the local user was able to send over the tunnel but I still see the NO_PROPOSAL_CHOSEN error. The guy on the other side saw error messages on his concentrator as well but the tunnel was working so we left if for now as we both had other things going on.
Policy Settings
IKE: AES-256/MD5/7800/DH Group 5
IPSEC:AES-256/MD5/3600/None
Not Strict & No Compression
DPD:On
I decided to check on it this afternoon and now it's down again. Any ideas?
I have a weird problem going on. I have a IPSEC Site2Site VPN from my Astaro 220 to a Cisco 3000 Concentrator. Everything was going fine until a couple days ago. The remote end made some routing changes and now weird things are happening.
We got it going today once they fixed their routes but the error message I'm seeing continues and now the tunnel is down again. Here is an excerpt of the log file.
Quote:
|
2012:07:25-11:29:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:29:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:29:39 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 2012:07:25-11:29:39 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 2012:07:25-11:29:39 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring Vendor ID payload [RFC 3947] 2012:07:25-11:29:39 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring Vendor ID payload [FRAGMENTATION c0000000] 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: responding to Main Mode 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: ignoring Vendor ID payload [Cisco-Unity] 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: received Vendor ID payload [XAUTH] 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: ignoring Vendor ID payload [8a1bb0d689754169ea4d8e671ba62f9a] 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: ignoring Vendor ID payload [Cisco VPN 3000 Series] 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: received Vendor ID payload [Dead Peer Detection] 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: Peer ID is ID_IPV4_ADDR: '216.170.52.58' 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: sent MR3, ISAKMP SA established 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2222: ignoring informational payload, type IPSEC_INITIAL_CONTACT 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2223: responding to Quick Mode 2012:07:25-11:29:39 AASG1 pluto[7073]: "S_NHI" #2223: IPsec SA established {ESP=>0x12b6e029 <0xb850cfee DPD} 2012:07:25-11:30:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:30:55 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:31:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:32:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:32:55 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:33:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:34:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:34:55 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:35:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:36:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:36:55 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:37:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:38:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:38:55 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:39:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:40:15 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:40:56 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:41:35 AASG1 pluto[7073]: packet from 216.170.52.58:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2012:07:25-11:42:15 AASG1 pluto[7073]: "S_NHI" #2221: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message 2012:07:25-11:42:15 AASG1 pluto[7073]: "S_NHI" #2221: starting keying attempt 2 of an unlimited number 2012:07:25-11:42:15 AASG1 pluto[7073]: "S_NHI" #2224: initiating Main Mode to replace #2221 |
Policy Settings
IKE: AES-256/MD5/7800/DH Group 5
IPSEC:AES-256/MD5/3600/None
Not Strict & No Compression
DPD:On
I decided to check on it this afternoon and now it's down again. Any ideas?