It was because the network I was one was on the same subnet as the remote network I was connecting to behind a NAT.
192.168.1.x ----NAT|203.12.xx.xx-----WWW-----203.0.xx.xx|NAT----192.168.1.x
Not sure if I can do anything about that.....
Hi All,
Has anyone else experience their Cisco VPN breaking once they moved to version 8. Mine was working fine in System Version : Astaro Security Gateway Software 7.921. Then I upgraded and it looks like pluto forgets the connection or something. Any ideas?
Log below
2010:07:02-23:06:12 bfg pluto[5221]: loaded private key from 'Local X509 Cert.pem'
2010:07:02-23:06:12 bfg pluto[5221]: forgetting secrets
2010:07:02-23:06:12 bfg pluto[5221]: loading secrets from "/etc/ipsec.secrets"
2010:07:02-23:06:12 bfg pluto[5221]: loaded private key from 'Local X509 Cert.pem'
2010:07:02-23:06:12 bfg pluto[5221]: loading ca certificates from '/etc/ipsec.d/cacerts'
2010:07:02-23:06:12 bfg pluto[5221]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2010:07:02-23:06:12 bfg pluto[5221]: loading aa certificates from '/etc/ipsec.d/aacerts'
2010:07:02-23:06:12 bfg pluto[5221]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2010:07:02-23:06:12 bfg pluto[5221]: loading attribute certificates from '/etc/ipsec.d/acerts'
2010:07:02-23:06:12 bfg pluto[5221]: Changing to directory '/etc/ipsec.d/crls'
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: received Vendor ID payload [RFC 3947]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: received Vendor ID payload [XAUTH]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: ignoring Vendor ID payload [Cisco-Unity]
2010:07:02-23:17:12 bfg pluto[5221]: packet from 203.12.***.***:500: received Vendor ID payload [Dead Peer Detection]
2010:07:02-23:17:12 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: responding to Main Mode from unknown peer 203.12.***.***
2010:07:02-23:17:13 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: NAT-Traversal: Result using RFC 3947: both are NATed
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: Peer ID is ID_DER_ASN1_DN: 'C=au, L=PERTH, O=bfg, CN=rjet, E=rjet@my.org'
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: crl not found
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: certificate status unknown
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: deleting connection "D_REF_ENIOipAlRP" instance with peer 203.12.***.*** {isakmp=#0/ipsec=#0}
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.*** #9: we have a cert and are sending it
2010:07:02-23:17:17 bfg pluto[5221]: | NAT-T: new mapping 203.12.***.***:500/4500)
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: sent MR3, ISAKMP SA established
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: sending XAUTH request
2010:07:02-23:17:17 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: parsing XAUTH reply
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: extended authentication was successful
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: sending XAUTH status
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: parsing XAUTH ack
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: received XAUTH ack, established
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: parsing ModeCfg request
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: unknown attribute type (28683)
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: peer requested virtual IP %any
2010:07:02-23:17:18 bfg pluto[5221]: acquired existing lease for address 10.242.5.1 in pool 'VPN Pool (Cisco)'
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: assigning virtual IP 10.242.5.1 to peer
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: sending ModeCfg reply
2010:07:02-23:17:18 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #9: sent ModeCfg reply, established
2010:07:02-23:17:19 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #10: responding to Quick Mode
2010:07:02-23:17:19 bfg pluto[5221]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="rjet" variant="ipsec" srcip="203.12.***.***" virtual_ip="10.242.5.1"
2010:07:02-23:17:21 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #10: Dead Peer Detection (RFC 3706) enabled
2010:07:02-23:17:21 bfg pluto[5221]: "D_REF_ENIOipAlRP"[2] 203.12.***.***:4500 #10: IPsec SA established {ESP=>0x04c786a5
This thread was automatically locked due to age.