Вот логи установки соединения той стороны которая 10.0.254.0/24
Jun 28 18:10:57.491: ISAKMP:(0:28:HW:2):deleting SA reason "No reason" state (R) QM_IDLE (peer 80.250.218.2)
Jun 28 18:10:57.491: ISAKMP:(0:28:HW:2):deleting node 687874368 error FALSE reason "Informational (in) state 1"
Jun 28 18:10:57.491: ISAKMP:(0:28:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jun 28 18:10:57.491: ISAKMP:(0:28:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SAJun 28 18:10:57.495: ISAKMP:(0:28:HW:2):deleting SA reason "No reason" state (R) QM_IDLE (peer 80.250.218.2)
Jun 28 18:10:57.495: ISAKMP: Unlocking IKE struct 0x658C3FD0 for isadb_mark_sa_deleted(), count 0
Jun 28 18:10:57.495: ISAKMP: Deleting peer node by peer_reap for 80.250.218.2: 658C3FD0
Jun 28 18:10:57.495: ISAKMP:(0:28:HW:2):deleting node 876229975 error FALSE reason "IKE deleted"
Jun 28 18:10:57.495: ISAKMP:(0:28:HW:2):deleting node 687874368 error FALSE reason "IKE deleted"
Jun 28 18:10:57.495: ISAKMP:(0:28:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jun 28 18:10:57.495: ISAKMP:(0:28:HW:2):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Jun 28 18:11:29.355: ISAKMP: received ke message (1/1)
Jun 28 18:11:29.355: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
Jun 28 18:11:29.355: ISAKMP: Created a peer struct for 80.250.218.2, peer port 500
Jun 28 18:11:29.355: ISAKMP: New peer created peer = 0x646608C8 peer_handle = 0x80000015
Jun 28 18:11:29.355: ISAKMP: Locking peer struct 0x646608C8, IKE refcount 1 for isakmp_initiator
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0):Setting client config settings 6466AE28
Jun 28 18:11:29.359: ISAKMP: local port 500, remote port 500
Jun 28 18:11:29.359: ISAKMP: set new node 0 to QM_IDLE
Jun 28 18:11:29.359: insert sa successfully sa = 646BBE68
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0):Looking for a matching key for 80.250.218.2 in default
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0): : success
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 80.250.218.2
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
Jun 28 18:11:29.359: ISAKMP:(0:0:N/A:0): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) MM_NO_STATE
Jun 28 18:11:29.371: ISAKMP (0:0): received packet from 80.250.218.2 dport 500 sport 500 Global (I) MM_NO_STATE
Jun 28 18:11:29.371: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jun 28 18:11:29.371: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Jun 28 18:11:29.371: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0): processing vendor id payload
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch
Jun 28 18:11:29.375: ISAKMP (0:0): vendor ID is NAT-T v7
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0):Looking for a matching key for 80.250.218.2 in default
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0): : success
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 80.250.218.2
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0): local preshared key found
Jun 28 18:11:29.375: ISAKMP : Scanning profiles for xauth ...
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy
Jun 28 18:11:29.375: ISAKMP: encryption AES-CBC
Jun 28 18:11:29.375: ISAKMP: keylength of 256
Jun 28 18:11:29.375: ISAKMP: hash SHA
Jun 28 18:11:29.375: ISAKMP: default group 2
Jun 28 18:11:29.375: ISAKMP: auth pre-share
Jun 28 18:11:29.375: ISAKMP: life type in seconds
Jun 28 18:11:29.375: ISAKMP: life duration (basic) of 3600
Jun 28 18:11:29.375: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0
Jun 28 18:11:29.383: ISAKMP:(0:29:HW:2): processing vendor id payload
Jun 28 18:11:29.383: ISAKMP:(0:29:HW:2): vendor ID seems Unity/DPD but major 245 mismatch
Jun 28 18:11:29.383: ISAKMP (0:268435485): vendor ID is NAT-T v7
Jun 28 18:11:29.383: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jun 28 18:11:29.383: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM2 New State = IKE_I_MM2
Jun 28 18:11:29.383: ISAKMP:(0:29:HW:2): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) MM_SA_SETUP
Jun 28 18:11:29.387: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jun 28 18:11:29.387: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM2 New State = IKE_I_MM3
Jun 28 18:11:29.403: ISAKMP (0:268435485): received packet from 80.250.218.2 dport 500 sport 500 Global (I) MM_SA_SETUP
Jun 28 18:11:29.403: ISAKMP:(0:29:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jun 28 18:11:29.403: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM3 New State = IKE_I_MM4
Jun 28 18:11:29.403: ISAKMP:(0:29:HW:2): processing KE payload. message ID = 0
Jun 28 18:11:29.411: ISAKMP:(0:29:HW:2): processing NONCE payload. message ID = 0
Jun 28 18:11:29.411: ISAKMP:(0:0:N/A:0):Looking for a matching key for 80.250.218.2 in default
Jun 28 18:11:29.411: ISAKMP:(0:0:N/A:0): : success
Jun 28 18:11:29.411: ISAKMP:(0:29:HW:2):found peer pre-shared key matching 80.250.218.2
Jun 28 18:11:29.411: ISAKMP:(0:0:N/A:0):Looking for a matching key for 80.250.218.2 in default
Jun 28 18:11:29.411: ISAKMP:(0:0:N/A:0): : success
Jun 28 18:11:29.411: ISAKMP:(0:29:HW:2):found peer pre-shared key matching 80.250.218.2
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2):SKEYID state generated
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2): processing vendor id payload
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2): vendor ID is Unity
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2): processing vendor id payload
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2): vendor ID is DPD
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2): processing vendor id payload
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2): speaking to another IOS box!
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jun 28 18:11:29.415: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM4 New State = IKE_I_MM4
Jun 28 18:11:29.419: ISAKMP:(0:29:HW:2):Send initial contact
Jun 28 18:11:29.419: ISAKMP:(0:29:HW:2):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jun 28 18:11:29.419: ISAKMP (0:268435485): ID payload
next-payload : 8
type : 1
address : 82.148.15.64
protocol : 17
port : 500
length : 12
Jun 28 18:11:29.419: ISAKMP:(0:29:HW:2):Total payload length: 12
Jun 28 18:11:29.423: ISAKMP:(0:29:HW:2): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Jun 28 18:11:29.423: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jun 28 18:11:29.423: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM4 New State = IKE_I_MM5
Jun 28 18:11:29.427: ISAKMP (0:268435485): received packet from 80.250.218.2 dport 500 sport 500 Global (I) MM_KEY_EXCH
Jun 28 18:11:29.431: ISAKMP:(0:29:HW:2): processing ID payload. message ID = 0
Jun 28 18:11:29.431: ISAKMP (0:268435485): ID payload
next-payload : 8
type : 1
address : 80.250.218.2
protocol : 17
port : 500
length : 12
Jun 28 18:11:29.431: ISAKMP:(0:29:HW:2):: peer matches *none* of the profiles
Jun 28 18:11:29.431: ISAKMP:(0:29:HW:2): processing HASH payload. message ID = 0
Jun 28 18:11:29.431: ISAKMP:(0:29:HW:2):SA authentication status:
authenticated
Jun 28 18:11:29.431: ISAKMP:(0:29:HW:2):SA has been authenticated with 80.250.218.2
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):IKE_DPD is enabled, initializing timers
Jun 28 18:11:29.435: ISAKMP: Trying to insert a peer 82.148.15.64/80.250.218.2/500/, and inserted successfully 646608C8.
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM5 New State = IKE_I_MM6
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM6 New State = IKE_I_MM6
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
Jun 28 18:11:29.435: ISAKMP:(0:29:HW:2):beginning Quick Mode exchange, M-ID of 80228627
Jun 28 18:11:29.447: ISAKMP:(0:29:HW:2): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) QM_IDLE
Jun 28 18:11:29.447: ISAKMP:(0:29:HW:2):Node 80228627, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Jun 28 18:11:29.447: ISAKMP:(0:29:HW:2):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
Jun 28 18:11:29.447: ISAKMP:(0:29:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jun 28 18:11:29.447: ISAKMP:(0:29:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jun 28 18:11:29.475: ISAKMP (0:268435485): received packet from 80.250.218.2 dport 500 sport 500 Global (I) QM_IDLE
Jun 28 18:11:29.479: ISAKMP:(0:29:HW:2): processing HASH payload. message ID = 80228627
Jun 28 18:11:29.479: ISAKMP:(0:29:HW:2): processing SA payload. message ID = 80228627
Jun 28 18:11:29.479: ISAKMP:(0:29:HW:2):Checking IPSec proposal 1
Jun 28 18:11:29.479: ISAKMP: transform 1, ESP_AES
Jun 28 18:11:29.479: ISAKMP: attributes in transform:
Jun 28 18:11:29.479: ISAKMP: encaps is 1 (Tunnel)
Jun 28 18:11:29.479: ISAKMP: SA life type in seconds
Jun 28 18:11:29.479: ISAKMP: SA life duration (basic) of 3600
Jun 28 18:11:29.479: ISAKMP: SA life type in kilobytes
Jun 28 18:11:29.479: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
Jun 28 18:11:29.479: ISAKMP: authenticator is HMAC-SHA
Jun 28 18:11:29.479: ISAKMP: key length is 256
Jun 28 18:11:29.479: ISAKMP: group is 2
Jun 28 18:11:29.479: ISAKMP:(0:29:HW:2):atts are acceptable.
Jun 28 18:11:29.483: ISAKMP:(0:29:HW:2): processing NONCE payload. message ID = 80228627
Jun 28 18:11:29.483: ISAKMP:(0:29:HW:2): processing KE payload. message ID = 80228627
Jun 28 18:11:29.487: ISAKMP:(0:29:HW:2): processing ID payload. message ID = 80228627
Jun 28 18:11:29.487: ISAKMP:(0:29:HW:2): processing ID payload. message ID = 80228627
Jun 28 18:11:29.499: ISAKMP: Locking peer struct 0x646608C8, IPSEC refcount 1 for for stuff_ke
Jun 28 18:11:29.499: ISAKMP:(0:29:HW:2): Creating IPSec SAs
Jun 28 18:11:29.499: inbound SA from 80.250.218.2 to 82.148.15.64 (f/i) 0/ 0
(proxy 10.0.0.0 to 10.0.254.0)
Jun 28 18:11:29.499: has spi 0x4B1337A and conn_id 0 and flags 23
Jun 28 18:11:29.499: lifetime of 3600 seconds
Jun 28 18:11:29.499: lifetime of 4608000 kilobytes
Jun 28 18:11:29.499: has client flags 0x0
Jun 28 18:11:29.499: outbound SA from 82.148.15.64 to 80.250.218.2 (f/i) 0/0
(proxy 10.0.254.0 to 10.0.0.0)
Jun 28 18:11:29.499: has spi -1882863622 and conn_id 0 and flags 2B
Jun 28 18:11:29.499: lifetime of 3600 seconds
Jun 28 18:11:29.499: lifetime of 4608000 kilobytes
Jun 28 18:11:29.499: has client flags 0x0
Jun 28 18:11:29.499: ISAKMP: Locking peer struct 0x646608C8, IPSEC refcount 2 for from create_transforms
Jun 28 18:11:29.503: ISAKMP: Unlocking IPSEC struct 0x646608C8 from create_transforms, count 1
Jun 28 18:11:29.503: ISAKMP:(0:29:HW:2): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) QM_IDLE
Jun 28 18:11:29.503: ISAKMP:(0:29:HW:2):deleting node 80228627 error FALSE reason "No Error"
Jun 28 18:11:29.503: ISAKMP:(0:29:HW:2):Node 80228627, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jun 28 18:11:29.503: ISAKMP:(0:29:HW:2):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
Jun 28 18:11:47.496: ISAKMP:(0:28:HW:2):purging node 876229975
Jun 28 18:11:47.496: ISAKMP:(0:28:HW:2):purging node 687874368
Jun 28 18:11:57.496: ISAKMP:(0:28:HW:2):purging SA., sa=646B799C, delme=646B799C
Jun 28 18:12:19.496: ISAKMP:(0:29:HW:2):purging node 80228627
Jun 28 18:45:08.969: ISAKMP (0:268435485): received packet from 80.250.218.2 dport 500 sport 500 Global (I) QM_IDLE
Jun 28 18:45:08.969: ISAKMP: set new node 1196849088 to QM_IDLE
Jun 28 18:45:08.973: ISAKMP:(0:29:HW:2): processing HASH payload. message ID = 1196849088
Jun 28 18:45:08.973: ISAKMP:(0:29:HW:2): processing SA payload. message ID = 1196849088
Jun 28 18:45:08.973: ISAKMP:(0:29:HW:2):Checking IPSec proposal 1
Jun 28 18:45:08.973: ISAKMP: transform 1, ESP_AES
Jun 28 18:45:08.973: ISAKMP: attributes in transform:
Jun 28 18:45:08.973: ISAKMP: encaps is 1 (Tunnel)
Jun 28 18:45:08.973: ISAKMP: SA life type in seconds
Jun 28 18:45:08.973: ISAKMP: SA life duration (basic) of 3600
Jun 28 18:45:08.973: ISAKMP: SA life type in kilobytes
Jun 28 18:45:08.973: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
Jun 28 18:45:08.973: ISAKMP: authenticator is HMAC-SHA
Jun 28 18:45:08.973: ISAKMP: key length is 256
Jun 28 18:45:08.973: ISAKMP:(0:29:HW:2):atts are acceptable.
Jun 28 18:45:08.973: ISAKMP:(0:29:HW:2): IPSec policy invalidated proposal
Jun 28 18:45:08.973: ISAKMP:(0:29:HW:2): phase 2 SA policy not acceptable! (local 82.148.15.64 remote 80.250.218.2)
Jun 28 18:45:08.977: ISAKMP: set new node 411620218 to QM_IDLE
Jun 28 18:45:08.977: ISAKMP:(0:29:HW:2):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 1697941984, message ID = 411620218
Jun 28 18:45:08.977: ISAKMP:(0:29:HW:2): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) QM_IDLE
Jun 28 18:45:08.977: ISAKMP:(0:29:HW:2):purging node 411620218
Jun 28 18:45:08.981: ISAKMP:(0:29:HW:2):deleting node 1196849088 error TRUE reason "QM rejected"
Jun 28 18:45:08.981: ISAKMP (0:268435485): Unknown Input IKE_MESG_FROM_PEER, IKE_QM_EXCH: for node 1196849088: state = IKE_QM_READY
Jun 28 18:45:08.981: ISAKMP:(0:29:HW:2):Node 1196849088, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jun 28 18:45:08.981: ISAKMP:(0:29:HW:2):Old State = IKE_QM_READY New State = IKE_QM_READY
Jun 28 18:45:08.981: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 80.250.218.2
Jun 28 18:45:38.965: ISAKMP (0:268435485): received packet from 80.250.218.2 dport 500 sport 500 Global (I) QM_IDLE
Jun 28 18:45:38.965: ISAKMP: set new node -1614916990 to QM_IDLE
Jun 28 18:45:38.969: ISAKMP:(0:29:HW:2): processing HASH payload. message ID = -1614916990
Jun 28 18:45:38.969: ISAKMP:(0:29:HW:2): processing SA payload. message ID = -1614916990
Jun 28 18:45:38.969: ISAKMP:(0:29:HW:2):Checking IPSec proposal 1
Jun 28 18:45:38.969: ISAKMP: transform 1, ESP_AES
Jun 28 18:45:38.969: ISAKMP: attributes in transform:
Jun 28 18:45:38.969: ISAKMP: encaps is 1 (Tunnel)
Jun 28 18:45:38.969: ISAKMP: SA life type in seconds
Jun 28 18:45:38.969: ISAKMP: SA life duration (basic) of 3600
Jun 28 18:45:38.969: ISAKMP: SA life type in kilobytes
Jun 28 18:45:38.969: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
Jun 28 18:45:38.969: ISAKMP: authenticator is HMAC-SHA
Jun 28 18:45:38.969: ISAKMP: key length is 256
Jun 28 18:45:38.969: ISAKMP:(0:29:HW:2):atts are acceptable.
Jun 28 18:45:38.969: ISAKMP:(0:29:HW:2): IPSec policy invalidated proposal
Jun 28 18:45:38.969: ISAKMP:(0:29:HW:2): phase 2 SA policy not acceptable! (local 82.148.15.64 remote 80.250.218.2)
Jun 28 18:45:38.973: ISAKMP: set new node -1227785736 to QM_IDLE
Jun 28 18:45:38.973: ISAKMP:(0:29:HW:2):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 1697941984, message ID = -1227785736
Jun 28 18:45:38.973: ISAKMP:(0:29:HW:2): sending packet to 80.250.218.2 my_port 500 peer_port 500 (I) QM_IDLE
Jun 28 18:45:38.973: ISAKMP:(0:29:HW:2):purging node -1227785736
Jun 28 18:45:38.977: ISAKMP:(0:29:HW:2):deleting node -1614916990 error TRUE reason "QM rejected"
Jun 28 18:45:38.977: ISAKMP (0:268435485): Unknown Input IKE_MESG_FROM_PEER, IKE_QM_EXCH: for node -1614916990: state = IKE_QM_READY
Jun 28 18:45:38.977: ISAKMP:(0:29:HW:2):Node -1614916990, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jun 28 18:45:38.977: ISAKMP:(0:29:HW:2):Old State = IKE_QM_READY New State = IKE_QM_READY
Jun 28 18:45:58.981: ISAKMP:(0:29:HW:2):purging node 1196849088
Версия для распечатки
проблема с ipsec и двумя кошками =(, 
Osirix, 28-Июн-07, 22:43 [смотреть все]
