Оки...долго мучался и всетаки допер
crypto isakmp client configuration group CLIENT
key KEY
dns 192.168.1.3
domain cisco.com
pool my-pool
acl 170
ip local pool my-pool 192.168.2.1 192.168.2.254
access-list 170 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 170 permit udp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
вот так должно быть......причем он этот access-list подгружает на клиента
и использует как route-map
Но у меня ща используется CISCO VPN Client 4.0.3 (D)
и возникает следующая проблема....после некоторой работы минут 2-3
Он обрывает канал ...причем на клиенте пишет следующее сообщение в лог
Cisco Systems VPN Client Version 4.0.3 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.2195
1 15:06:56.556 02/02/04 Sev=Info/4 CM/0x63100002
Begin connection process
2 15:06:56.576 02/02/04 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully
3 15:06:56.576 02/02/04 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
4 15:06:56.576 02/02/04 Sev=Info/4 CM/0x63100024
Attempt connection with server "80.80.80.80"
5 15:06:57.597 02/02/04 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 80.80.80.80.
6 15:06:57.617 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 80.80.80.80
7 15:06:57.657 02/02/04 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
8 15:06:57.657 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
9 15:06:57.657 02/02/04 Sev=Info/6 IPSEC/0x6370002B
Sent 208 packets, 0 were fragmented.
10 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
11 15:06:58.388 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 80.80.80.80
12 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
13 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DPD
14 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code Only
15 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
16 15:06:58.388 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
17 15:06:58.408 02/02/04 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
18 15:06:58.408 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 80.80.80.80
19 15:06:58.408 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA
20 15:06:58.408 02/02/04 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
21 15:06:58.408 02/02/04 Sev=Info/5 IKE/0x63000071
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
22 15:06:58.408 02/02/04 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
23 15:06:58.479 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
24 15:06:58.479 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80
25 15:06:58.479 02/02/04 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds
26 15:06:58.479 02/02/04 Sev=Info/5 IKE/0x63000046
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
27 15:06:58.489 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
28 15:06:58.489 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
29 15:06:58.489 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application
30 15:07:03.486 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
31 15:07:03.486 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80
32 15:07:06.120 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned
33 15:07:06.120 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
34 15:07:06.180 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
35 15:07:06.180 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
36 15:07:06.180 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application
37 15:07:08.853 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA
38 15:07:10.406 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned
39 15:07:10.406 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
40 15:07:10.466 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
41 15:07:10.476 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
42 15:07:10.476 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application
43 15:07:13.670 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned
44 15:07:13.670 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
45 15:07:13.720 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
46 15:07:13.720 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
47 15:07:13.720 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
48 15:07:13.731 02/02/04 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=FC84D33BAEC8DFD4 R_Cookie=9C55C2EE59169DBC) reason = DEL_REASON_WE_FAILED_AUTH
49 15:07:13.731 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 80.80.80.80
50 15:07:14.371 02/02/04 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=FC84D33BAEC8DFD4 R_Cookie=9C55C2EE59169DBC) reason = DEL_REASON_WE_FAILED_AUTH
51 15:07:14.371 02/02/04 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "80.80.80.80" because of "DEL_REASON_WE_FAILED_AUTH"
52 15:07:14.371 02/02/04 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
53 15:07:14.421 02/02/04 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
54 15:07:14.462 02/02/04 Sev=Info/4 IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully
55 15:07:14.462 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
56 15:07:14.462 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
57 15:07:14.472 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
58 15:07:14.472 02/02/04 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
59 15:07:26.980 02/02/04 Sev=Info/4 CM/0x63100002
Begin connection process
60 15:07:26.990 02/02/04 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully
61 15:07:26.990 02/02/04 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
62 15:07:26.990 02/02/04 Sev=Info/4 CM/0x63100024
Attempt connection with server "80.80.80.80"
63 15:07:28.011 02/02/04 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 80.80.80.80.
64 15:07:28.031 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 80.80.80.80
65 15:07:28.071 02/02/04 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
66 15:07:28.071 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
67 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
68 15:07:28.782 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 80.80.80.80
69 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
70 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DPD
71 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code Only
72 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
73 15:07:28.782 02/02/04 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
74 15:07:28.802 02/02/04 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
75 15:07:28.802 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 80.80.80.80
76 15:07:28.802 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA
77 15:07:28.802 02/02/04 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
78 15:07:28.802 02/02/04 Sev=Info/5 IKE/0x63000071
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
79 15:07:28.802 02/02/04 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
80 15:07:28.862 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
81 15:07:28.862 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80
82 15:07:28.862 02/02/04 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds
83 15:07:28.862 02/02/04 Sev=Info/5 IKE/0x63000046
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now
84 15:07:28.872 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
85 15:07:28.872 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
86 15:07:28.872 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application
87 15:07:33.879 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
88 15:07:33.879 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80
89 15:07:35.051 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned
90 15:07:35.051 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
91 15:07:35.101 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
92 15:07:35.111 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
93 15:07:35.111 02/02/04 Sev=Info/4 CM/0x63100015
Launch xAuth application
94 15:07:38.897 02/02/04 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA
95 15:07:40.098 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
96 15:07:40.098 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80
97 15:07:45.106 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
98 15:07:45.106 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.80.80.80
99 15:07:46.548 02/02/04 Sev=Info/4 CM/0x63100017
xAuth application returned
100 15:07:46.548 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
101 15:07:46.608 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
102 15:07:46.608 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
103 15:07:46.608 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
104 15:07:46.608 02/02/04 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
105 15:07:46.638 02/02/04 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator
106 15:07:46.638 02/02/04 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).
107 15:07:46.648 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.80.80.80
108 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
109 15:07:46.758 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.80.80.80
110 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.35
111 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.3
112 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 192.168.1.3
113 15:07:46.758 02/02/04 Sev=Info/5 IKE/0xA3000017
MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-1062731517) is not supported
114 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = sevbank.local
115 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000006
116 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 17
src port = 0
dest port=0
117 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #2
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
118 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #3
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 1
src port = 0
dest port=0
119 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #4
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 6
src port = 0
dest port=0
120 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #5
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
121 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #6
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 17
src port = 0
dest port=0
122 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.2(15)T9, RELEASE SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 01-Nov-03 04:42 by ccai
123 15:07:46.758 02/02/04 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
124 15:07:46.758 02/02/04 Sev=Info/4 CM/0x63100019
Mode Config data received
125 15:07:46.778 02/02/04 Sev=Info/4 IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.2.35, GW IP = 80.80.80.80, Remote IP = 0.0.0.0
126 15:07:46.778 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 80.80.80.80
127 15:07:46.948 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
128 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
129 15:07:47.189 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 80.80.80.80
130 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 28800 seconds
131 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 4608000 kb
132 15:07:47.189 02/02/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 80.80.80.80
133 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000058
Loading IPsec SA (MsgID=8D3C866F OUTBOUND SPI = 0xAA3CFAA5 INBOUND SPI = 0x34179701)
134 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xAA3CFAA5
135 15:07:47.189 02/02/04 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x34179701
136 15:07:47.509 02/02/04 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.2.35/255.255.255.0
DNS=192.168.1.3,0.0.0.0
WINS=192.168.1.3,0.0.0.0
Domain=sevbank.local
Split DNS Names=
137 15:07:47.559 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.35 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
138 15:07:47.589 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
80.80.80.80 80.80.80.80 80.80.80.80 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.1.0 192.168.1.0 192.168.1.0 192.168.2.35 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.35 1
192.168.2.1 192.168.2.1 192.168.2.1 192.168.2.3 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
139 15:07:47.589 02/02/04 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
140 15:07:47.609 02/02/04 Sev=Info/4 CM/0x6310001A
One secure connection established
141 15:07:47.619 02/02/04 Sev=Info/4 CM/0x63100038
Address watch added for 192.168.2.3. Current address(es): 192.168.2.35, 192.168.2.3.
142 15:07:47.629 02/02/04 Sev=Info/4 CM/0x63100038
Address watch added for 192.168.2.35. Current address(es): 192.168.2.35, 192.168.2.3.
143 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
144 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xa5fa3caa into key list
145 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
146 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x01971734 into key list
147 15:07:48.070 02/02/04 Sev=Info/4 IPSEC/0x6370002E
Assigned VA private interface addr 192.168.2.35
Cisco Systems VPN Client Version 4.0.3 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.2195
1 15:08:09.060 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
2 15:08:09.070 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.80
3 15:08:09.070 02/02/04 Sev=Warning/3 IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)
4 15:08:09.070 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)
5 15:08:09.070 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)
6 15:08:09.070 02/02/04 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)
7 15:08:09.070 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=2BDD0FE2
8 15:08:19.044 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
9 15:08:19.044 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.80
10 15:08:19.044 02/02/04 Sev=Warning/3 IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)
11 15:08:19.044 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)
12 15:08:19.044 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)
13 15:08:19.044 02/02/04 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)
14 15:08:19.044 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=3D107156
15 15:08:19.054 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
16 15:08:19.054 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID) from 80.80.80.80
17 15:08:19.054 02/02/04 Sev=Warning/3 IKE/0xE30000A7
Invalid Proxies for requested QM negotiation: LocalProxy : ID=192.168.2.34 Protocol=0 port=0, RemoteProxy : ID=0.0.0.0/0.0.0.0 Protocol=0 port=0 :(PLMgrID:367)
18 15:08:19.054 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process ID payload (MsgHandler:681)
19 15:08:19.054 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to process QM Msg 1 (NavigatorQM:386)
20 15:08:19.054 02/02/04 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2199)
21 15:08:19.054 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=2BDD0FE2
22 15:08:29.039 02/02/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 80.80.80.80
23 15:08:29.039 02/02/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from 80.80.80.80
24 15:08:29.039 02/02/04 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579
25 15:08:29.039 02/02/04 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = AA3CFAA5 INBOUND SPI = 34179701)
26 15:08:29.039 02/02/04 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=8D3C866F
27 15:08:29.039 02/02/04 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED
28 15:08:29.149 02/02/04 Sev=Info/4 IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.2.35, GW IP = 0.0.0.0, Remote IP = 192.168.1.3
29 15:08:29.149 02/02/04 Sev=Warning/3 IKE/0xE3000065
Could not find an IKE SA for 192.168.1.3. KEY_REQ aborted.
30 15:08:29.149 02/02/04 Sev=Warning/2 IKE/0xE3000099
Failed to initiate P2 rekey: Error dectected (Initiate:176)
31 15:08:29.149 02/02/04 Sev=Warning/2 IKE/0xE3000099
Unable to initiate QM (IKE_MAIN:458)
32 15:08:29.780 02/02/04 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=35E5E34D6AF07E8E R_Cookie=9C55C2EE69EA4579) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED
33 15:08:29.780 02/02/04 Sev=Info/4 CM/0x63100013
Phase 1 SA deleted cause by PEER_DELETE-IKE_DELETE_UNSPECIFIED. 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
34 15:08:29.780 02/02/04 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
35 15:08:29.880 02/02/04 Sev=Info/6 CM/0x63100031
Tunnel to headend device 80.80.80.80 disconnected: duration: 0 days 0:0:42
36 15:08:29.940 02/02/04 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
37 15:08:30.010 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
80.80.80.80 80.80.80.80 80.80.80.80 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.1.0 192.168.1.0 192.168.1.0 192.168.2.35 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.35 1
192.168.2.1 192.168.2.1 192.168.2.1 192.168.2.3 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
38 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87
39 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87
40 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87
41 15:08:30.020 02/02/04 Sev=Warning/2 CVPND/0xA3400012
Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87
42 15:08:30.030 02/02/04 Sev=Info/5 CVPND/0x63400016
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 192.168.2.3 1
127.0.0.0 127.0.0.0 127.0.0.0 127.0.0.1 1
192.168.2.0 192.168.2.0 192.168.2.0 192.168.2.3 1
192.168.2.3 192.168.2.3 192.168.2.3 127.0.0.1 1
192.168.2.35 192.168.2.35 192.168.2.35 127.0.0.1 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.3 1
192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.35 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.3 1
224.0.0.0 224.0.0.0 224.0.0.0 192.168.2.35 1
255.255.255.255 255.255.255.255 255.255.255.255 192.168.2.3 1
43 15:08:30.030 02/02/04 Sev=Info/6 CM/0x63100037
The routing table was returned to orginal state prior to Virtual Adapter
44 15:08:31.182 02/02/04 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
45 15:08:31.192 02/02/04 Sev=Info/4 IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully
46 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x01971734
47 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x01971734
48 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0xa5fa3caa
49 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0xa5fa3caa
50 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
51 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x00000000
52 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
53 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
54 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x00000000
55 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
56 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
57 15:08:31.202 02/02/04 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
58 15:08:31.202 02/02/04 Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:507)
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
on
15-Янв-04, 18:57 (MSK)
