Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 1696 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iPhone Cisco Client

gnomme
I am unable to remotly connect to my asg 7501 from my Iphone.

here is the log:

2009:12:04-08:52:54 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
2009:12:04-08:52:54 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] 
2009:12:04-08:52:54 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
2009:12:04-08:52:54 firewall pluto[3954]: packet from 81.193.124.59:885: received Vendor ID payload [XAUTH] 
2009:12:04-08:52:54 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [Cisco-Unity] 
2009:12:04-08:52:54 firewall pluto[3954]: packet from 81.193.124.59:885: received Vendor ID payload [Dead Peer Detection] 
2009:12:04-08:52:54 firewall pluto[3954]: "D_REF_omEyNoUwqL"[6] 81.193.124.59:885 #6: responding to Main Mode from unknown peer 81.193.124.59:885 
2009:12:04-08:52:54 firewall pluto[3954]: "D_REF_omEyNoUwqL"[6] 81.193.124.59:885 #6: NAT-Traversal: Result using RFC 3947: both are NATed 
2009:12:04-08:54:04 firewall pluto[3954]: "D_REF_omEyNoUwqL"[6] 81.193.124.59:885 #6: max number of retransmissions (2) reached STATE_MAIN_R2 
2009:12:04-08:54:04 firewall pluto[3954]: "D_REF_omEyNoUwqL"[6] 81.193.124.59:885: deleting connection "D_REF_omEyNoUwqL" instance with peer 81.193.124.59 {isakmp=#0/ipsec=#0} 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: received Vendor ID payload [RFC 3947] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: received Vendor ID payload [XAUTH] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: ignoring Vendor ID payload [Cisco-Unity] 
2009:12:04-08:54:42 firewall pluto[3954]: packet from 81.193.124.59:885: received Vendor ID payload [Dead Peer Detection] 
2009:12:04-08:54:42 firewall pluto[3954]: "D_REF_omEyNoUwqL"[7] 81.193.124.59:885 #7: responding to Main Mode from unknown peer 81.193.124.59:885 
2009:12:04-08:54:43 firewall pluto[3954]: "D_REF_omEyNoUwqL"[7] 81.193.124.59:885 #7: NAT-Traversal: Result using RFC 3947: both are NATed 
2009:12:04-08:55:53 firewall pluto[3954]: "D_REF_omEyNoUwqL"[7] 81.193.124.59:885 #7: max number of retransmissions (2) reached STATE_MAIN_R2 
2009:12:04-08:55:53 firewall pluto[3954]: "D_REF_omEyNoUwqL"[7] 81.193.124.59:885: deleting connection "D_REF_omEyNoUwqL" instance with peer 81.193.124.59 {isakmp=#0/ipsec=#0} 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: received Vendor ID payload [RFC 3947] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: received Vendor ID payload [XAUTH] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: ignoring Vendor ID payload [Cisco-Unity] 
2009:12:04-08:56:22 firewall pluto[3954]: packet from 85.243.220.152:500: received Vendor ID payload [Dead Peer Detection] 
2009:12:04-08:56:22 firewall pluto[3954]: "D_REF_omEyNoUwqL"[8] 85.243.220.152 #8: responding to Main Mode from unknown peer 85.243.220.152 
2009:12:04-08:56:23 firewall pluto[3954]: "D_REF_omEyNoUwqL"[8] 85.243.220.152 #8: NAT-Traversal: Result using RFC 3947: both are NATed 



Any ideas?

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Is your Astaro's external IP being masqueraded to the internet by another firewall?  Instead of that, could you establish another IP on the intervening firewall and DNAT all traffic to it to your Astaro?  I don't know that that will work, but I think the double NATting may be breaking IPsec.

    I'm assuming that you've connected to the Astaro with an IPsec client before, and that your ISP isn't blocking anything IPsec needs.

    Cheers - Bob
Reply
  • 0
    Is your Astaro's external IP being masqueraded to the internet by another firewall?  Instead of that, could you establish another IP on the intervening firewall and DNAT all traffic to it to your Astaro?  I don't know that that will work, but I think the double NATting may be breaking IPsec.

    I'm assuming that you've connected to the Astaro with an IPsec client before, and that your ISP isn't blocking anything IPsec needs.

    Cheers - Bob
Children
  • 0 in reply to BAlfson
    Is your Astaro's external IP being masqueraded to the internet by another firewall?  Instead of that, could you establish another IP on the intervening firewall and DNAT all traffic to it to your Astaro?  I don't know that that will work, but I think the double NATting may be breaking IPsec.

    I'm assuming that you've connected to the Astaro with an IPsec client before, and that your ISP isn't blocking anything IPsec needs.

    Cheers - Bob


    hi BOB!

    I have one router, a D-Link, and a rule in its "virtual server" that send all the trafic from ipsec port (500) to the astaro.
    This router have vpn pass trough...
    Curious is that with annother router, a Linksys, the VPN works fine...