Счас, после всех изминений и проб конфиг такой :!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 43200
crypto isakmp key 123456 address 53.15.120.134 no-xauth
crypto isakmp keepalive 30 10
crypto isakmp aggressive-mode disable
!
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set VPN_AES esp-aes esp-sha-hmac
mode transport
crypto ipsec fragmentation after-encryption
crypto ipsec df-bit clear
!
!
crypto ipsec profile VPN
set transform-set VPN_AES
!
!
!
!
!
!
interface Tunnel1
bandwidth 10000
ip address 10.0.222.5 255.255.255.252
ip mtu 1400
ip flow ingress
ip tcp adjust-mss 1360
load-interval 30
tunnel source 53.15.120.138
tunnel mode ipsec ipv4
tunnel destination 53.15.120.134
tunnel protection ipsec profile VPN
!
!
interface GigabitEthernet0/0
no ip address
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
!
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 53.15.120.138 255.255.255.252
!
--------------------------------------------------------------------
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 43200
crypto isakmp key 123456 address 53.15.120.138 no-xauth
crypto isakmp keepalive 30 10
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set TRANS-ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set VPN_AES esp-aes esp-sha-hmac
mode transport
crypto ipsec fragmentation after-encryption
crypto ipsec df-bit clear
!
!
crypto ipsec profile VPN
set transform-set VPN_AES
!
!
!
!
!
interface Tunnel1
bandwidth 10000
ip address 10.0.22.6 255.255.255.252
ip mtu 1400
ip flow ingress
ip tcp adjust-mss 1360
tunnel source 53.15.120.134
tunnel mode ipsec ipv4
tunnel destination 53.15.120.138
tunnel protection ipsec profile VPN
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
no cdp enable
!
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 53.15.120.134 255.255.255.252
!
-------------------------------
Дебаг
Jan 9 01:00:07.811: ISAKMP:(4711): retransmitting phase 2 CONF_XAUTH 1830283032 ...
Jan 9 01:00:07.811: ISAKMP (4711): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Jan 9 01:00:07.811: ISAKMP (4711): incrementing error counter on sa, attempt 1 of 5: retransmit phase 2
Jan 9 01:00:07.811: ISAKMP:(4711): retransmitting phase 2 1830283032 CONF_XAUTH
Jan 9 01:00:07.811: ISAKMP:(4711): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) CONF_XAUTH
Jan 9 01:00:07.811: ISAKMP:(4711):Sending an IKE IPv4 Packet.
Jan 9 01:00:07.831: ISAKMP (4711): received packet from 53.15.120.134 dport 500 sport 500 Global (R) CONF_XAUTH
Jan 9 01:00:07.831: ISAKMP: set new node 936682827 to CONF_XAUTH
Jan 9 01:00:07.831: ISAKMP:(4711): processing HASH payload. message ID = 936682827
Jan 9 01:00:07.831: ISAKMP:received payload type 18
Jan 9 01:00:07.831: ISAKMP:(4711):Processing delete with reason payload
Jan 9 01:00:07.831: ISAKMP:(4711):delete doi = 1
Jan 9 01:00:07.831: ISAKMP:(4711):delete protocol id = 1
Jan 9 01:00:07.831: ISAKMP:(4711):delete spi_size = 16
Jan 9 01:00:07.831: ISAKMP:(4711):delete num spis = 1
Jan 9 01:00:07.831: ISAKMP:(4711):delete_reason = 28
Jan 9 01:00:07.831: ISAKMP:(4711): processing DELETE_WITH_REASON payload, message ID = 936682827, reason: Unknown delete reason!
Jan 9 01:00:07.831: ISAKMP:(4711):peer does not do paranoid keepalives.
Jan 9 01:00:07.831: ISAKMP:(4711):peer does not do paranoid keepalives.
Jan 9 01:00:07.831: ISAKMP:(4711):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) CONF_XAUTH (peer 53.15.120.134)
Jan 9 01:00:07.831: ISAKMP:(4711):deleting node 936682827 error FALSE reason "Informational (in) state 1"
Jan 9 01:00:07.831: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jan 9 01:00:07.831: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jan 9 01:00:07.831: IPSEC(key_engine_delete_sas): delete all SAs shared with peer 53.15.120.134
Jan 9 01:00:07.835: ISAKMP: set new node 879882076 to CONF_XAUTH
Jan 9 01:00:07.835: ISAKMP:(4711): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) CONF_XAUTH
Jan 9 01:00:07.835: ISAKMP:(4711):Sending an IKE IPv4 Packet.
Jan 9 01:00:07.835: ISAKMP:(4711):purging node 879882076
Jan 9 01:00:07.835: ISAKMP:(4711):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 9 01:00:07.835: ISAKMP:(4711):Old State = IKE_XAUTH_REQ_SENT New State = IKE_DEST_SA
Jan 9 01:00:07.835: ISAKMP:(4711):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) CONF_XAUTH (peer 53.15.120.134)
Jan 9 01:00:07.835: ISAKMP: Unlocking peer struct 0x305438BC for isadb_mark_sa_deleted(), count 1
Jan 9 01:00:07.835: ISAKMP:(4711):deleting node 1830283032 error FALSE reason "IKE deleted"
Jan 9 01:00:07.835: ISAKMP:(4711):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:00:07.835: ISAKMP:(4711):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Jan 9 01:00:11.235: IPSEC(key_engine): request timer fired: count = 2,
(identity) local= 53.15.120.138:0, remote= 53.15.120.134:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jan 9 01:00:11.391: ISAKMP:(4708):purging SA., sa=288B1194, delme=288B1194
Jan 9 01:00:11.391: ISAKMP:(4708):purging node -1982597897
Jan 9 01:00:11.391: ISAKMP:(4708):purging node 1364189168
Jan 9 01:00:27.831: ISAKMP:(4709):purging node -1206203109
Jan 9 01:00:31.391: ISAKMP:(4710):purging node 214309471
Jan 9 01:00:37.835: ISAKMP:(4709):purging SA., sa=2889D518, delme=2889D518
Jan 9 01:00:37.835: ISAKMP:(4709):purging node -1345495204
Jan 9 01:00:41.391: ISAKMP:(4710):purging SA., sa=301EF7DC, delme=301EF7DC
Jan 9 01:00:41.391: ISAKMP:(4710):purging node 169975317
Jan 9 01:00:41.391: ISAKMP:(4710):purging node -1024689344
Jan 9 01:00:57.831: ISAKMP:(4711):purging node 936682827
office#1#
Jan 9 01:01:07.835: ISAKMP:(4711):purging SA., sa=29A126D8, delme=29A126D8
Jan 9 01:01:07.835: ISAKMP:(4711):purging node 1830283032
office#1#
Jan 9 01:01:11.235: %SEC-6-IPACCESSLOGP: list IPSEC permitted udp 53.15.120.134(500) (GigabitEthernet0/0.267 0023.3368.dbc0) -> 53.15.120.138(500), 53 packets
Jan 9 01:01:11.235: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 53.15.120.138:500, remote= 53.15.120.134:500,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 86400s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jan 9 01:01:11.235: ISAKMP:(0): SA request profile is (NULL)
Jan 9 01:01:11.235: ISAKMP: Found a peer struct for 53.15.120.134, peer port 500
Jan 9 01:01:11.235: ISAKMP: Locking peer struct 0x305438BC, refcount 2 for isakmp_initiator
Jan 9 01:01:11.235: ISAKMP: local port 500, remote port 500
Jan 9 01:01:11.235: ISAKMP: set new node 0 to CONF_XAUTH
Jan 9 01:01:11.235: ISAKMP:(0):insert sa successfully sa = 2889D518
Jan 9 01:01:11.235: %CRYPTO-5-IKMP_AG_MODE_DISABLED: Unable to initiate or respond to Aggressive Mode while disabled
Jan 9 01:01:11.235: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Jan 9 01:01:11.235: ISAKMP:(0):found peer pre-shared key matching 53.15.120.134
Jan 9 01:01:11.235: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Jan 9 01:01:11.235: ISAKMP:(0): constructed NAT-T vendor-07 ID
Jan 9 01:01:11.235: ISAKMP:(0): constructed NAT-T vendor-03 ID
Jan 9 01:01:11.235: ISAKMP:(0): constructed NAT-T vendor-02 ID
Jan 9 01:01:11.235: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Jan 9 01:01:11.235: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Jan 9 01:01:11.235: ISAKMP:(0): beginning Main Mode exchange
Jan 9 01:01:11.235: ISAKMP:(0): sending packet to 53.15.120.134 my_port 500 peer_port 500 (I) MM_NO_STATE
Jan 9 01:01:11.235: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jan 9 01:01:11.259: ISAKMP (0): received packet from 53.15.120.134 dport 500 sport 500 Global (I) MM_NO_STATE
Jan 9 01:01:11.259: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:11.259: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Jan 9 01:01:11.259: ISAKMP:(0): processing SA payload. message ID = 0
Jan 9 01:01:11.259: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:11.259: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jan 9 01:01:11.259: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jan 9 01:01:11.259: ISAKMP:(0):found peer pre-shared key matching 53.15.120.134
Jan 9 01:01:11.259: ISAKMP:(0): local preshared key found
Jan 9 01:01:11.259: ISAKMP:(0): Authentication by xauth preshared
Jan 9 01:01:11.259: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Jan 9 01:01:11.259: ISAKMP: encryption AES-CBC
Jan 9 01:01:11.259: ISAKMP: keylength of 128
Jan 9 01:01:11.259: ISAKMP: hash SHA
Jan 9 01:01:11.259: ISAKMP: default group 2
Jan 9 01:01:11.259: ISAKMP: auth pre-share
Jan 9 01:01:11.259: ISAKMP: life type in seconds
Jan 9 01:01:11.259: ISAKMP: life duration (basic) of 43200
Jan 9 01:01:11.259: ISAKMP:(0):atts are acceptable. Next payload is 0
Jan 9 01:01:11.259: ISAKMP:(0):Acceptable atts:actual life: 0
Jan 9 01:01:11.259: ISAKMP:(0):Acceptable atts:life: 0
Jan 9 01:01:11.259: ISAKMP:(0):Basic life_in_seconds:43200
Jan 9 01:01:11.259: ISAKMP:(0):Returning Actual lifetime: 43200
Jan 9 01:01:11.259: ISAKMP:(0)::Started lifetime timer: 43200.
Jan 9 01:01:11.259: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:11.259: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jan 9 01:01:11.259: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jan 9 01:01:11.259: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 9 01:01:11.259: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Jan 9 01:01:11.259: ISAKMP:(0): sending packet to 53.15.120.134 my_port 500 peer_port 500 (I) MM_SA_SETUP
Jan 9 01:01:11.259: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jan 9 01:01:11.259: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 9 01:01:11.259: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Jan 9 01:01:11.311: ISAKMP (0): received packet from 53.15.120.134 dport 500 sport 500 Global (I) MM_SA_SETUP
Jan 9 01:01:11.311: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:11.311: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Jan 9 01:01:11.311: ISAKMP:(0): processing KE payload. message ID = 0
Jan 9 01:01:11.343: ISAKMP:(0): processing NONCE payload. message ID = 0
Jan 9 01:01:11.343: ISAKMP:(0):found peer pre-shared key matching 53.15.120.134
Jan 9 01:01:11.343: ISAKMP:(4712): processing vendor id payload
Jan 9 01:01:11.343: ISAKMP:(4712): vendor ID is Unity
Jan 9 01:01:11.343: ISAKMP:(4712): processing vendor id payload
Jan 9 01:01:11.343: ISAKMP:(4712): vendor ID is DPD
Jan 9 01:01:11.343: ISAKMP:(4712): processing vendor id payload
Jan 9 01:01:11.343: ISAKMP:(4712): speaking to another IOS box!
Jan 9 01:01:11.343: ISAKMP:received payload type 20
Jan 9 01:01:11.343: ISAKMP (4712): His hash no match - this node outside NAT
Jan 9 01:01:11.343: ISAKMP:received payload type 20
Jan 9 01:01:11.343: ISAKMP (4712): No NAT Found for self or peer
Jan 9 01:01:11.343: ISAKMP:(4712):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 9 01:01:11.343: ISAKMP:(4712):Old State = IKE_I_MM4 New State = IKE_I_MM4
Jan 9 01:01:11.343: ISAKMP:(4712):Send initial contact
Jan 9 01:01:11.343: ISAKMP:(4712):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jan 9 01:01:11.343: ISAKMP (4712): ID payload
next-payload : 8
type : 1cle c
address : 53.15.120.138
protocol : 17
port : 500
length : 12
Jan 9 01:01:11.343: ISAKMP:(4712):Total payload length: 12
Jan 9 01:01:11.343: ISAKMP:(4712): sending packet to 53.15.120.134 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Jan 9 01:01:11.343: ISAKMP:(4712):Sending an IKE IPv4 Packet.
Jan 9 01:01:11.343: ISAKMP:(4712):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 9 01:01:11.343: ISAKMP:(4712):Old State = IKE_I_MM4 New State = IKE_I_MM5
Jan 9 01:01:11.367: ISAKMP (4712): received packet from 53.15.120.134 dport 500 sport 500 Global (I) MM_KEY_EXCH
Jan 9 01:01:11.367: ISAKMP:(4712): processing ID payload. message ID = 0
Jan 9 01:01:11.367: ISAKMP (4712): ID payload
next-payload : 8
type : 1
address : 53.15.120.134
protocol : 17
port : 500
length : 12
Jan 9 01:01:11.367: ISAKMP:(0):: peer matches *none* of the profiles
Jan 9 01:01:11.367: ISAKMP:(4712): processing HASH payload. message ID = 0
Jan 9 01:01:11.367: ISAKMP:(4712):SA authentication status:
authenticated
Jan 9 01:01:11.367: ISAKMP:(4712):SA has been authenticated with 53.15.120.134
Jan 9 01:01:11.367: ISAKMP:(4712):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:11.367: ISAKMP:(4712):Old State = IKE_I_MM5 New State = IKE_I_MM6
Jan 9 01:01:11.367: ISAKMP:(4712):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 9 01:01:11.367: ISAKMP:(4712):Old State = IKE_I_MM6 New State = IKE_I_MM6
Jan 9 01:01:11.367: ISAKMP:(4712):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 9 01:01:11.367: ISAKMP:(4712):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
Jan 9 01:01:11.367: ISAKMP:(4712):Need XAUTH
Jan 9 01:01:11.367: ISAKMP: set new node 734794627 to CONF_XAUTH
Jan 9 01:01:11.367: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
Jan 9 01:01:11.367: ISAKMP/xauth: request attribute XAUTH_REQ_NUMBER
Jan 9 01:01:11.367: ISAKMP:(4712): initiating peer config to 53.15.120.134. ID = 734794627
Jan 9 01:01:11.367: ISAKMP:(4712): sending packet to 53.15.120.134 my_port 500 peer_port 500 (I) CONF_XAUTH
Jan 9 01:01:11.367: ISAKMP:(4712):Sending an IKE IPv4 Packet.
Jan 9 01:01:11.367: ISAKMP:(4712):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jan 9 01:01:11.367: ISAKMP:(4712):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REQ_SENT
Jan 9 01:01:11.391: ISAKMP (4712): received packet from 53.15.120.134 dport 500 sport 500 Global (I) CONF_XAUTH
Jan 9 01:01:11.391: ISAKMP: set new node 36450315 to CONF_XAUTH
Jan 9 01:01:11.391: ISAKMP:(4712): processing HASH payload. message ID = 36450315
Jan 9 01:01:11.391: ISAKMP:received payload type 18
Jan 9 01:01:11.391: ISAKMP:(4712):Processing delete with reason payload
Jan 9 01:01:11.391: ISAKMP:(4712):delete doi = 1
Jan 9 01:01:11.391: ISAKMP:(4712):delete protocol id = 1
Jan 9 01:01:11.391: ISAKMP:(4712):delete spi_size = 16
Jan 9 01:01:11.391: ISAKMP:(4712):delete num spis = 1
Jan 9 01:01:11.391: ISAKMP:(4712):delete_reason = 28
Jan 9 01:01:11.391: ISAKMP:(4712): processing DELETE_WITH_REASON payload, message ID = 36450315, reason: Unknown delete reason!
Jan 9 01:01:11.391: ISAKMP:(4712):peer does not do paranoid keepalives.
Jan 9 01:01:11.391: ISAKMP:(4712):peer does not do paranoid keepalives.
Jan 9 01:01:11.391: ISAKMP:(4712):deleting SA reason "IKMP_ERR_NO_RETRANS" state (I) CONF_XAUTH (peer 53.15.120.134)
Jan 9 01:01:11.391: ISAKMP:(4712):deleting node 36450315 error FALSE reason "Informational (in) state 1"
Jan 9 01:01:11.391: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jan 9 01:01:11.391: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jan 9 01:01:11.391: IPSEC(key_engine_delete_sas): delete all SAs shared with peer 53.15.120.134
Jan 9 01:01:11.391: ISAKMP: set new node -391262669 to CONF_XAUTH
Jan 9 01:01:11.391: ISAKMP:(4712): sending packet to 53.15.120.134 my_port 500 peer_port 500 (I) CONF_XAUTH
Jan 9 01:01:11.391: ISAKMP:(4712):Sending an IKE IPv4 Packet.
Jan 9 01:01:11.391: ISAKMP:(4712):purging node -391262669
Jan 9 01:01:11.391: ISAKMP:(4712):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 9 01:01:11.391: ISAKMP:(4712):Old State = IKE_XAUTH_REQ_SENT New State = IKE_DEST_SA
Jan 9 01:01:11.391: ISAKMP:(4712):deleting SA reason "IKMP_ERR_NO_RETRANS" state (I) CONF_XAUTH (peer 53.15.120.134) ry sa
Jan 9 01:01:11.391: ISAKMP: Unlocking peer struct 0x305438BC for isadb_mark_sa_deleted(), count 1
Jan 9 01:01:11.391: ISAKMP:(4712):deleting node 402029958 error FALSE reason "IKE deleted"
Jan 9 01:01:11.391: ISAKMP:(4712):deleting node 734794627 error FALSE reason "IKE deleted"
Jan 9 01:01:11.391: ISAKMP:(4712):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:11.391: ISAKMP:(4712):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Jan 9 01:01:22.699: ISAKMP (0): received packet from 53.15.120.134 dport 500 sport 500 Global (N) NEW SA
Jan 9 01:01:22.699: ISAKMP: Found a peer struct for 53.15.120.134, peer port 500
Jan 9 01:01:22.699: ISAKMP: Locking peer struct 0x305438BC, refcount 2 for crypto_isakmp_process_block
Jan 9 01:01:22.699: ISAKMP: local port 500, remote port 500
Jan 9 01:01:22.699: ISAKMP:(0):insert sa successfully sa = 31A02CAC
Jan 9 01:01:22.699: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:22.699: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_MM1
Jan 9 01:01:22.699: ISAKMP:(0): processing SA payload. message ID = 0
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jan 9 01:01:22.699: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
Jan 9 01:01:22.699: ISAKMP (0): vendor ID is NAT-T v7
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID is NAT-T v3
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID is NAT-T v2
Jan 9 01:01:22.699: ISAKMP:(0):found peer pre-shared key matching 53.15.120.134
Jan 9 01:01:22.699: ISAKMP:(0): local preshared key found
Jan 9 01:01:22.699: ISAKMP:(0): Authentication by xauth preshared
Jan 9 01:01:22.699: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Jan 9 01:01:22.699: ISAKMP: encryption AES-CBC
Jan 9 01:01:22.699: ISAKMP: keylength of 128
Jan 9 01:01:22.699: ISAKMP: hash SHA
Jan 9 01:01:22.699: ISAKMP: default group 2
Jan 9 01:01:22.699: ISAKMP: auth pre-share
Jan 9 01:01:22.699: ISAKMP: life type in seconds
Jan 9 01:01:22.699: ISAKMP: life duration (basic) of 43200
Jan 9 01:01:22.699: ISAKMP:(0):atts are acceptable. Next payload is 0
Jan 9 01:01:22.699: ISAKMP:(0):Acceptable atts:actual life: 0
Jan 9 01:01:22.699: ISAKMP:(0):Acceptable atts:life: 0
Jan 9 01:01:22.699: ISAKMP:(0):Basic life_in_seconds:43200
Jan 9 01:01:22.699: ISAKMP:(0):Returning Actual lifetime: 43200
Jan 9 01:01:22.699: ISAKMP:(0)::Started lifetime timer: 43200.
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jan 9 01:01:22.699: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
Jan 9 01:01:22.699: ISAKMP (0): vendor ID is NAT-T v7
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID is NAT-T v3
Jan 9 01:01:22.699: ISAKMP:(0): processing vendor id payload
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Jan 9 01:01:22.699: ISAKMP:(0): vendor ID is NAT-T v2
Jan 9 01:01:22.699: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 9 01:01:22.699: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Jan 9 01:01:22.703: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Jan 9 01:01:22.703: ISAKMP:(0): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) MM_SA_SETUP
Jan 9 01:01:22.703: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jan 9 01:01:22.703: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 9 01:01:22.703: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM2
Jan 9 01:01:22.723: ISAKMP (0): received packet from 53.15.120.134 dport 500 sport 500 Global (R) MM_SA_SETUP
Jan 9 01:01:22.723: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:22.723: ISAKMP:(0):Old State = IKE_R_MM2 New State = IKE_R_MM3
Jan 9 01:01:22.723: ISAKMP:(0): processing KE payload. message ID = 0
Jan 9 01:01:22.755: ISAKMP:(0): processing NONCE payload. message ID = 0
Jan 9 01:01:22.755: ISAKMP:(0):found peer pre-shared key matching 53.15.120.134
Jan 9 01:01:22.755: ISAKMP:(4713): processing vendor id payload
Jan 9 01:01:22.755: ISAKMP:(4713): vendor ID is DPD
Jan 9 01:01:22.755: ISAKMP:(4713): processing vendor id payload
Jan 9 01:01:22.755: ISAKMP:(4713): speaking to another IOS box!
Jan 9 01:01:22.755: ISAKMP:(4713): processing vendor id payload
Jan 9 01:01:22.755: ISAKMP:(4713): vendor ID seems Unity/DPD but major 172 mismatch
Jan 9 01:01:22.755: ISAKMP:(4713): vendor ID is XAUTH
Jan 9 01:01:22.755: ISAKMP:received payload type 20
Jan 9 01:01:22.755: ISAKMP (4713): His hash no match - this node outside NAT
Jan 9 01:01:22.755: ISAKMP:received payload type 20
Jan 9 01:01:22.755: ISAKMP (4713): No NAT Found for self or peer
Jan 9 01:01:22.755: ISAKMP:(4713):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 9 01:01:22.755: ISAKMP:(4713):Old State = IKE_R_MM3 New State = IKE_R_MM3
Jan 9 01:01:22.755: ISAKMP:(4713): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) MM_KEY_EXCH
Jan 9 01:01:22.755: ISAKMP:(4713):Sending an IKE IPv4 Packet.
Jan 9 01:01:22.755: ISAKMP:(4713):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 9 01:01:22.755: ISAKMP:(4713):Old State = IKE_R_MM3 New State = IKE_R_MM4
Jan 9 01:01:22.807: ISAKMP (4713): received packet from 53.15.120.134 dport 500 sport 500 Global (R) MM_KEY_EXCH
Jan 9 01:01:22.807: ISAKMP:(4713):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:22.807: ISAKMP:(4713):Old State = IKE_R_MM4 New State = IKE_R_MM5
Jan 9 01:01:22.807: ISAKMP:(4713): processing ID payload. message ID = 0
Jan 9 01:01:22.807: ISAKMP (4713): ID payload
next-payload : 8
type : 1
address : 53.15.120.134
protocol : 17
port : 500
length : 12
Jan 9 01:01:22.807: ISAKMP:(0):: peer matches *none* of the profiles
Jan 9 01:01:22.807: ISAKMP:(4713): processing HASH payload. message ID = 0
Jan 9 01:01:22.807: ISAKMP:received payload type 17
Jan 9 01:01:22.807: ISAKMP:(4713): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 0x31A02CAC
Jan 9 01:01:22.807: ISAKMP:(4713):SA authentication status:
authenticated
Jan 9 01:01:22.807: ISAKMP:(4713):SA has been authenticated with 53.15.120.134
Jan 9 01:01:22.807: ISAKMP:(4713):SA authentication status:
authenticated
Jan 9 01:01:22.807: ISAKMP:(4713): Process initial contact,
bring down existing phase 1 and 2 SA's with local 53.15.120.138 remote 53.15.120.134 remote port 500
Jan 9 01:01:22.807: ISAKMP:(4713):returning IP addr to the address pool
Jan 9 01:01:22.811: ISAKMP:(4713):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 9 01:01:22.811: ISAKMP:(4713):Old State = IKE_R_MM5 New State = IKE_R_MM5
Jan 9 01:01:22.811: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jan 9 01:01:22.811: ISAKMP:(4713):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jan 9 01:01:22.811: ISAKMP (4713): ID payload
next-payload : 8
type : 1
address : 53.15.120.138
protocol : 17
port : 500
length : 12
Jan 9 01:01:22.811: ISAKMP:(4713):Total payload length: 12
Jan 9 01:01:22.811: ISAKMP:(4713): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) MM_KEY_EXCH
Jan 9 01:01:22.811: ISAKMP:(4713):Sending an IKE IPv4 Packet.
Jan 9 01:01:22.811: ISAKMP:(4713):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 9 01:01:22.811: ISAKMP:(4713):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE
Jan 9 01:01:22.811: ISAKMP:(4713):Need XAUTH
Jan 9 01:01:22.811: ISAKMP: set new node 517376506 to CONF_XAUTH
Jan 9 01:01:22.811: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
Jan 9 01:01:22.811: ISAKMP/xauth: request attribute XAUTH_REQ_NUMBER
Jan 9 01:01:22.815: ISAKMP:(4713): initiating peer config to 53.15.120.134. ID = 517376506
Jan 9 01:01:22.815: ISAKMP:(4713): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) CONF_XAUTH
Jan 9 01:01:22.815: ISAKMP:(4713):Sending an IKE IPv4 Packet.
Jan 9 01:01:22.815: ISAKMP:(4713):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jan 9 01:01:22.815: ISAKMP:(4713):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REQ_SENT
.
Jan 9 01:01:22.835: ISAKMP (4713): received packet from 53.15.120.134 dport 500 sport 500 Global (R) CONF_XAUTH ....
Success rate is 0 percent (0/5)
Jan 9 01:01:32.831: ISAKMP (4713): received packet from 53.15.120.134 dport 500 sport 500 Global (R) CONF_XAUTH 5
.
Jan 9 01:01:37.815: ISAKMP:(4713): retransmitting phase 2 CONF_XAUTH 517376506 ...
Jan 9 01:01:37.815: ISAKMP (4713): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Jan 9 01:01:37.815: ISAKMP (4713): incrementing error counter on sa, attempt 1 of 5: retransmit phase 2
Jan 9 01:01:37.815: ISAKMP:(4713): retransmitting phase 2 517376506 CONF_XAUTH
Jan 9 01:01:37.815: ISAKMP:(4713): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) CONF_XAUTH
Jan 9 01:01:37.815: ISAKMP:(4713):Sending an IKE IPv4 Packet.
Jan 9 01:01:37.835: ISAKMP (4713): received packet from 53.15.120.134 dport 500 sport 500 Global (R) CONF_XAUTH
Jan 9 01:01:37.835: ISAKMP: set new node -144563344 to CONF_XAUTH
Jan 9 01:01:37.835: ISAKMP:(4713): processing HASH payload. message ID = -144563344
Jan 9 01:01:37.835: ISAKMP:received payload type 18
Jan 9 01:01:37.835: ISAKMP:(4713):Processing delete with reason payload
Jan 9 01:01:37.835: ISAKMP:(4713):delete doi = 1
Jan 9 01:01:37.835: ISAKMP:(4713):delete protocol id = 1
Jan 9 01:01:37.835: ISAKMP:(4713):delete spi_size = 16
Jan 9 01:01:37.835: ISAKMP:(4713):delete num spis = 1
Jan 9 01:01:37.835: ISAKMP:(4713):delete_reason = 28
Jan 9 01:01:37.835: ISAKMP:(4713): processing DELETE_WITH_REASON payload, message ID = -144563344, reason: Unknown delete reason!
Jan 9 01:01:37.835: ISAKMP:(4713):peer does not do paranoid keepalives.
Jan 9 01:01:37.835: ISAKMP:(4713):peer does not do paranoid keepalives.
Jan 9 01:01:37.835: ISAKMP:(4713):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) CONF_XAUTH (peer 53.15.120.134)
Jan 9 01:01:37.835: ISAKMP:(4713):deleting node -144563344 error FALSE reason "Informational (in) state 1"
Jan 9 01:01:37.835: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jan 9 01:01:37.835: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jan 9 01:01:37.835: IPSEC(key_engine_delete_sas): delete all SAs shared with peer 53.15.120.134
Jan 9 01:01:37.835: ISAKMP: set new node -615650979 to CONF_XAUTH
Jan 9 01:01:37.835: ISAKMP:(4713): sending packet to 53.15.120.134 my_port 500 peer_port 500 (R) CONF_XAUTH
Jan 9 01:01:37.839: ISAKMP:(4713):Sending an IKE IPv4 Packet.
Jan 9 01:01:37.839: ISAKMP:(4713):purging node -615650979
Jan 9 01:01:37.839: ISAKMP:(4713):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 9 01:01:37.839: ISAKMP:(4713):Old State = IKE_XAUTH_REQ_SENT New State = IKE_DEST_SA
.
Jan 9 01:01:37.839: ISAKMP:(4713):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) CONF_XAUTH (peer 53.15.120.134)
Jan 9 01:01:37.839: ISAKMP: Unlocking peer struct 0x305438BC for isadb_mark_sa_deleted(), count 1
Jan 9 01:01:37.839: ISAKMP:(4713):deleting node 517376506 error FALSE reason "IKE deleted"
Jan 9 01:01:37.839: ISAKMP:(4713):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 9 01:01:37.839: ISAKMP:(4713):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Если ставлю tunnel mode ipsec ipv4, то туннели в down. Если без, то в up, но правда все равно ipsec не ставиться.
Вариант для распечатки
