SirSalomon
Aktives Mitglied
Thread Starter
- Dabei seit
- 26.10.2003
- Beiträge
- 4.837
- Reaktionspunkte
- 119
Da dachte ich, die Probleme seien mit der 4.9xxxx Version von Cisco behoben, aber nix ist.
Kurze Vorgeschichte. Innerhalb des Firmennetzes melde ich mich auf Dienstreisen mit meiner Windows-Möre via Einwahlverbindung und dem Cisco-Client an.
Das Profile kann ich ja auch in den Cisco-Client unter dem Macbook Pro importiren. Er muckt auch nicht, schreibt, dass der Import in Ordnung ist.
Nur Verbinden kann ich mich damit nicht.
Ich schreibe jetzt mal das Logfile hier rein, kürze aber die IP der Firma raus
Vielleicht kann mir jemand dabei helfen, dass ich endlich im Außendienst mit meinem Macbook glänzen kann:
So, unsere Admins sind beim Mac nicht die Besten, wobei sie sonst gute Arbeit leisten. Ich musste leider ein paar Zeilen kürzen...
Was passiert bei mir (nicht)? Unter der Windows-Maschine ist das Profil einwandfrei und läuft auch...
Kurze Vorgeschichte. Innerhalb des Firmennetzes melde ich mich auf Dienstreisen mit meiner Windows-Möre via Einwahlverbindung und dem Cisco-Client an.
Das Profile kann ich ja auch in den Cisco-Client unter dem Macbook Pro importiren. Er muckt auch nicht, schreibt, dass der Import in Ordnung ist.
Nur Verbinden kann ich mich damit nicht.
Ich schreibe jetzt mal das Logfile hier rein, kürze aber die IP der Firma raus
Vielleicht kann mir jemand dabei helfen, dass ich endlich im Außendienst mit meinem Macbook glänzen kann:
Cisco Logfile schrieb:---CUT---
6 01:46:28.319 10/17/2006 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with 80.xxx.xxx.xxx.
7 01:46:28.432 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 80.xxx.xxx.xxx
10 01:46:28.832 10/17/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = 80.xxx.xxx.xxx
11 01:46:28.832 10/17/2006 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from 80.xxx.xxx.xxx
12 01:46:28.832 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer is a Cisco-Unity compliant peer
13 01:46:28.832 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports XAUTH
14 01:46:28.832 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports DPD
15 01:46:28.832 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports IKE fragmentation payloads
16 01:46:28.832 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports DWR Code and DWR Text
17 01:46:28.946 10/17/2006 Sev=Info/6 IKE/0x43000001
IOS Vendor ID Contruction successful
18 01:46:28.946 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to 80.146.248.68
19 01:46:28.946 10/17/2006 Sev=Info/4 IKE/0x43000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
20 01:46:28.946 10/17/2006 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
21 01:46:28.946 10/17/2006 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
22 01:46:28.947 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.xxx.xxx.xxx
23 01:46:29.004 10/17/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = 80.xxx.xxx.xxx
24 01:46:29.005 10/17/2006 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:LOAD_BALANCE) from 80.xxx.xxx.xxx
25 01:46:29.005 10/17/2006 Sev=Info/4 CM/0x4310001B
Received alternative server address "80.xxx.xxx.xxx" from primary server
26 01:46:29.005 10/17/2006 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=72FA215CCE0F06DB R_Cookie=9B1F1542E8B07736) reason = DEL_REASON_LOAD_BALANCING
27 01:46:29.005 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 80.xxx.xxx.xxx
28 01:46:30.004 10/17/2006 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=72FA215CCE0F06DB R_Cookie=9B1F1542E8B07736) reason = DEL_REASON_LOAD_BALANCING
29 01:46:30.004 10/17/2006 Sev=Info/4 CM/0x4310000F
Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_LOAD_BALANCING". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
30 01:46:30.004 10/17/2006 Sev=Info/4 CM/0x43100010
Try alternative server "80.xxx.xxx.xxx" given by the primary server
34 01:46:30.005 10/17/2006 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with 80.xxx.xxx.xxx.
35 01:46:30.117 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 80.xxx.xxx.xxx
36 01:46:30.520 10/17/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = 80.xxx.xxx.xxx
37 01:46:30.520 10/17/2006 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from 80.xxx.xxx.xxx
38 01:46:30.520 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer is a Cisco-Unity compliant peer
39 01:46:30.520 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports XAUTH
40 01:46:30.520 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports DPD
41 01:46:30.520 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports IKE fragmentation payloads
42 01:46:30.520 10/17/2006 Sev=Info/5 IKE/0x43000001
Peer supports DWR Code and DWR Text
43 01:46:30.634 10/17/2006 Sev=Info/6 IKE/0x43000001
IOS Vendor ID Contruction successful
44 01:46:30.634 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to 80.xxx.xxx.xxx
45 01:46:30.635 10/17/2006 Sev=Info/4 IKE/0x43000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
46 01:46:30.635 10/17/2006 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
47 01:46:30.635 10/17/2006 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
48 01:46:30.636 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.xxx.xxx.xxx
49 01:46:30.703 10/17/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = 80.xxx.xxx.xxx
50 01:46:30.703 10/17/2006 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.xxx.xxx.xxx
51 01:46:30.703 10/17/2006 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.xxx.xxx.xxx
52 01:46:30.703 10/17/2006 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
53 01:46:30.703 10/17/2006 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000012
54 01:46:30.703 10/17/2006 Sev=Info/5 IKE/0x4300000F
SPLIT_NET #1
subnet = 30.xxx.xxx.xxx
mask = 255.255.255.255
protocol = 0
src port = 0
dest port=0
---CUT---
71 01:46:30.704 10/17/2006 Sev=Info/5 IKE/0x4300000F
SPLIT_NET #18
subnet = 30.xxx.xxx.xxx
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
72 01:46:30.704 10/17/2006 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
73 01:46:30.704 10/17/2006 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.7.L built by vmurphy on Apr 04 2006 15:01:24
74 01:46:30.706 10/17/2006 Sev=Info/4 CM/0x43100019
Mode Config data received
75 01:46:30.707 10/17/2006 Sev=Info/4 IKE/0x43000056
Received a key request from Driver: Local IP = 192.168.1.10, GW IP = 80.xxx.xxx.xxx, Remote IP = 0.0.0.0
76 01:46:30.707 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 80.xxx.xxx.xxx
77 01:46:30.790 10/17/2006 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = 80.xxx.xxx.xxx
78 01:46:30.790 10/17/2006 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DWR) from 80.xxx.xxx.xxx
79 01:46:30.790 10/17/2006 Sev=Info/4 IKE/0x43000081
Delete Reason Code: 11 --> PEER_DELETE-IKE_DELETE_FIREWALL_MISMATCH.
80 01:46:30.790 10/17/2006 Sev=Info/5 IKE/0x4300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=7454CDCD502BA129 R_Cookie=CE901E0906EDE101
81 01:46:30.790 10/17/2006 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 80.xxx.xxx.xxx
82 01:46:30.790 10/17/2006 Sev=Info/4 IKE/0x43000049
Discarding IPsec SA negotiation, MsgID=1F18E7E3
83 01:46:30.790 10/17/2006 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=7454CDCD502BA129 R_Cookie=CE901E0906EDE101) reason = PEER_DELETE-IKE_DELETE_FIREWALL_MISMATCH
84 01:46:31.504 10/17/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
85 01:46:31.505 10/17/2006 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=7454CDCD502BA129 R_Cookie=CE901E0906EDE101) reason = PEER_DELETE-IKE_DELETE_FIREWALL_MISMATCH
86 01:46:31.505 10/17/2006 Sev=Info/4 CM/0x43100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "PEER_DELETE-IKE_DELETE_FIREWALL_MISMATCH". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
87 01:46:31.505 10/17/2006 Sev=Info/4 CM/0x4310000C
All connection attempts with backup server failed
88 01:46:31.505 10/17/2006 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv
89 01:46:31.507 10/17/2006 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.
90 01:46:31.508 10/17/2006 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection
91 01:46:32.004 10/17/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
92 01:46:32.004 10/17/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
93 01:46:32.004 10/17/2006 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
94 01:46:32.004 10/17/2006 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
So, unsere Admins sind beim Mac nicht die Besten, wobei sie sonst gute Arbeit leisten. Ich musste leider ein paar Zeilen kürzen...
Was passiert bei mir (nicht)? Unter der Windows-Maschine ist das Profil einwandfrei und läuft auch...