cisco asa 5505 i p2p vpnGledao sam ovaj link: http://www.cisco.com/en/US/doc...a5505/quick/guide/rem_acc.html i najviše sam pokušavao za cisco klijent
Ne znam skoro ništa o ciscu pa ne znam gde još da potražim i šta još treba
Konfig je:
Code:
denied(config)# show configuration
: Saved
: Written by enable_15 at 17:32:52.179 UTC Tue May 11 2010
!
ASA Version 7.2(4)
!
hostname denied
domain-name default.domain.invalid
enable password <sakrio> encrypted
passwd <sakrio> encrypted
names
name <neki_ip> ime_lokacije
!
interface Vlan1
nameif inside
security-level 100
ip address 172.16.30.252 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address <javna_adresa_cisca> 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group service at9955 tcp
description test
port-object eq 9955
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service pf_136 tcp-udp
port-object eq 2222
access-list outside_1_cryptomap extended permit ip host 172.16.30.136 host <sakrio_vpn1>
access-list ping1 extended permit icmp any any echo-reply
access-list ping1 extended permit ip any any
access-list ping2 extended permit icmp any any echo-reply
access-list ping2 extended permit object-group TCPUDP any any object-group pf_136
access-list ping2 extended permit tcp any any object-group at9955
access-list ping2 extended permit ip host ime_lokacije any log debugging
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 host <sakrio_vpn1>
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 host <sakrio_vpn2>
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 <sakrio_vpn3> 255.255.255.248
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 host <sakrio_vpn4>
access-list inside_nat0_outbound extended permit ip any 172.16.30.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 172.16.30.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 172.16.30.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 172.16.30.144 255.255.255.240
access-list outside_2_cryptomap extended permit ip host 172.16.30.136 host <sakrio_vpn2>
access-list outside_3_cryptomap extended permit ip host 172.16.30.136 <sakrio_vpn3> 255.255.255.248
access-list outside_4_cryptomap extended permit ip host 172.16.30.136 host <sakrio_vpn4>
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
mtu outside 1500
ip local pool Test 172.16.30.100-172.16.30.120 mask 255.255.255.0
ip local pool test2 172.16.30.121-172.16.30.135 mask 255.255.255.0
ip local pool test3 172.16.30.140-172.16.30.145 mask 255.255.255.0
ip local pool Test4 172.16.30.150-172.16.30.155 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
asdm location ime_lokacije 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 2222 172.16.30.135 2222 netmask 255.255.255.255
static (inside,outside) tcp interface 9955 172.16.30.135 9955 netmask 255.255.255.255
access-group ping1 in interface inside
access-group ping2 in interface outside
route outside 0.0.0.0 0.0.0.0 195.252.89.241 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 172.16.30.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <sakrio>
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer <sakrio>
crypto map outside_map 2 set transform-set ESP-3DES-MD5
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer <sakrio>
crypto map outside_map 3 set transform-set ESP-3DES-MD5
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer <sakrio>
crypto map outside_map 4 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.16.30.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
wins-server none
dns-server value <adsl ruter>
group-policy GroupPolicyEP internal
group-policy GroupPolicyEP attributes
vpn-tunnel-protocol IPSec
pfs enable
username user1 password <loz1> encrypted
username user2 password <loz2> encrypted privilege 7
username user3 password <loz3> encrypted
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 300 retry 2
tunnel-group DefaultRAGroup general-attributes
address-pool Test
address-pool test2
address-pool test3
address-pool Test4
authorization-server-group LOCAL
authorization-server-group (outside) LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_1> type ipsec-l2l
tunnel-group <sakrio_1> ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_2> type ipsec-l2l
tunnel-group <sakrio_2> ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_3> type ipsec-l2l
tunnel-group <sakrio_3> ipsec-attributes
pre-shared-key *
tunnel-group cisco0 type ipsec-ra
tunnel-group cisco0 general-attributes
address-pool Test
tunnel-group cisco0 ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_4> type ipsec-l2l
tunnel-group <sakrio_4> ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f7d7c9afd4b28f5f1e0b9f6e913ef4f8
denied(config)# show configuration
: Saved
: Written by enable_15 at 17:32:52.179 UTC Tue May 11 2010
!
ASA Version 7.2(4)
!
hostname denied
domain-name default.domain.invalid
enable password <sakrio> encrypted
passwd <sakrio> encrypted
names
name <neki_ip> ime_lokacije
!
interface Vlan1
nameif inside
security-level 100
ip address 172.16.30.252 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address <javna_adresa_cisca> 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group service at9955 tcp
description test
port-object eq 9955
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service pf_136 tcp-udp
port-object eq 2222
access-list outside_1_cryptomap extended permit ip host 172.16.30.136 host <sakrio_vpn1>
access-list ping1 extended permit icmp any any echo-reply
access-list ping1 extended permit ip any any
access-list ping2 extended permit icmp any any echo-reply
access-list ping2 extended permit object-group TCPUDP any any object-group pf_136
access-list ping2 extended permit tcp any any object-group at9955
access-list ping2 extended permit ip host ime_lokacije any log debugging
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 host <sakrio_vpn1>
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 host <sakrio_vpn2>
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 <sakrio_vpn3> 255.255.255.248
access-list inside_nat0_outbound extended permit ip host 172.16.30.136 host <sakrio_vpn4>
access-list inside_nat0_outbound extended permit ip any 172.16.30.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 172.16.30.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 172.16.30.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 172.16.30.144 255.255.255.240
access-list outside_2_cryptomap extended permit ip host 172.16.30.136 host <sakrio_vpn2>
access-list outside_3_cryptomap extended permit ip host 172.16.30.136 <sakrio_vpn3> 255.255.255.248
access-list outside_4_cryptomap extended permit ip host 172.16.30.136 host <sakrio_vpn4>
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
mtu outside 1500
ip local pool Test 172.16.30.100-172.16.30.120 mask 255.255.255.0
ip local pool test2 172.16.30.121-172.16.30.135 mask 255.255.255.0
ip local pool test3 172.16.30.140-172.16.30.145 mask 255.255.255.0
ip local pool Test4 172.16.30.150-172.16.30.155 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
asdm location ime_lokacije 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 2222 172.16.30.135 2222 netmask 255.255.255.255
static (inside,outside) tcp interface 9955 172.16.30.135 9955 netmask 255.255.255.255
access-group ping1 in interface inside
access-group ping2 in interface outside
route outside 0.0.0.0 0.0.0.0 195.252.89.241 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 172.16.30.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <sakrio>
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer <sakrio>
crypto map outside_map 2 set transform-set ESP-3DES-MD5
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer <sakrio>
crypto map outside_map 3 set transform-set ESP-3DES-MD5
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer <sakrio>
crypto map outside_map 4 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.16.30.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
wins-server none
dns-server value <adsl ruter>
group-policy GroupPolicyEP internal
group-policy GroupPolicyEP attributes
vpn-tunnel-protocol IPSec
pfs enable
username user1 password <loz1> encrypted
username user2 password <loz2> encrypted privilege 7
username user3 password <loz3> encrypted
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 300 retry 2
tunnel-group DefaultRAGroup general-attributes
address-pool Test
address-pool test2
address-pool test3
address-pool Test4
authorization-server-group LOCAL
authorization-server-group (outside) LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_1> type ipsec-l2l
tunnel-group <sakrio_1> ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_2> type ipsec-l2l
tunnel-group <sakrio_2> ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_3> type ipsec-l2l
tunnel-group <sakrio_3> ipsec-attributes
pre-shared-key *
tunnel-group cisco0 type ipsec-ra
tunnel-group cisco0 general-attributes
address-pool Test
tunnel-group cisco0 ipsec-attributes
pre-shared-key *
tunnel-group <sakrio_4> type ipsec-l2l
tunnel-group <sakrio_4> ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f7d7c9afd4b28f5f1e0b9f6e913ef4f8
Rezultati loga su (da ne zbuni, čita se naopako):
Code:
7|May 11 2010|14:45:43|710005|<ip_adsl_rutera>|195.252.89.247|UDP request discarded from <ip_adsl_rutera>/520 to outside:195.252.89.247/520
4|May 11 2010|14:45:40|713903|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Error: Unable to remove PeerTblEntry
3|May 11 2010|14:45:40|713902|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Removing peer from peer table failed, no match!
7|May 11 2010|14:45:40|713906|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, sending delete/delete with reason message
7|May 11 2010|14:45:40|713906|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, IKE SA AM:f624c181 terminating: flags 0x0104c001, refcnt 0, tuncnt 0
7|May 11 2010|14:45:40|715065|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, IKE AM Responder FSM error history (struct &0x41bcaf0) <state>, <event>: AM_DONE, EV_ERROR-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_BLD_MSG2, EV_BLD_MSG2_TRL-->AM_BLD_MSG2, EV_SKEYID_OK-->AM_BLD_MSG2, NullEvent-->AM_BLD_MSG2, EV_GEN_SKEYID-->AM_BLD_MSG2, EV_BLD_MSG2_HDR
7|May 11 2010|14:45:40|713236|||IP = <ip_mreze_sa_koje_sam_pokusao>, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 348
7|May 11 2010|14:45:40|715048|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing VID payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing Fragmentation VID + extended capabilities payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing xauth V6 VID payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing Cisco Unity VID payload
7|May 11 2010|14:45:40|715076|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Computing hash for ISAKMP
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing hash payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing ID payload
7|May 11 2010|14:45:40|713906|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Generating keys for Responder...
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing nonce payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing ke payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing ISAKMP SA payload
7|May 11 2010|14:45:40|715028|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, IKE SA Proposal # 1, Transform # 10 acceptable Matches global IKE entry # 2
7|May 11 2010|14:45:40|715047|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, processing IKE SA payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received Cisco Unity client VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received NAT-Traversal ver 02 VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715064|||IP = <ip_mreze_sa_koje_sam_pokusao>, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received Fragmentation VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received DPD VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received xauth V6 VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing ID payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing nonce payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing ISA_KE payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing ke payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing SA payload
7|May 11 2010|14:45:40|713236|||IP = <ip_mreze_sa_koje_sam_pokusao>, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 849
6|May 11 2010|14:45:40|302015|<ip_mreze_sa_koje_sam_pokusao>|<ip_cisca_outside>|Built inbound UDP connection 23308 for outside:<ip_mreze_sa_koje_sam_pokusao>/1963 (<ip_mreze_sa_koje_sam_pokusao>/1963) to NP Identity Ifc:<ip_cisca_outside>/500 (<ip_cisca_outside>/500)
7|May 11 2010|14:45:40|609001|<ip_cisca_outside>||Built local-host NP Identity Ifc:<ip_cisca_outside>
7|May 11 2010|14:45:40|609001|<ip_mreze_sa_koje_sam_pokusao>||Built local-host outside:<ip_mreze_sa_koje_sam_pokusao>
7|May 11 2010|14:45:43|710005|<ip_adsl_rutera>|195.252.89.247|UDP request discarded from <ip_adsl_rutera>/520 to outside:195.252.89.247/520
4|May 11 2010|14:45:40|713903|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Error: Unable to remove PeerTblEntry
3|May 11 2010|14:45:40|713902|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Removing peer from peer table failed, no match!
7|May 11 2010|14:45:40|713906|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, sending delete/delete with reason message
7|May 11 2010|14:45:40|713906|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, IKE SA AM:f624c181 terminating: flags 0x0104c001, refcnt 0, tuncnt 0
7|May 11 2010|14:45:40|715065|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, IKE AM Responder FSM error history (struct &0x41bcaf0) <state>, <event>: AM_DONE, EV_ERROR-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_BLD_MSG2, EV_BLD_MSG2_TRL-->AM_BLD_MSG2, EV_SKEYID_OK-->AM_BLD_MSG2, NullEvent-->AM_BLD_MSG2, EV_GEN_SKEYID-->AM_BLD_MSG2, EV_BLD_MSG2_HDR
7|May 11 2010|14:45:40|713236|||IP = <ip_mreze_sa_koje_sam_pokusao>, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 348
7|May 11 2010|14:45:40|715048|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing VID payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing Fragmentation VID + extended capabilities payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing xauth V6 VID payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing Cisco Unity VID payload
7|May 11 2010|14:45:40|715076|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Computing hash for ISAKMP
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing hash payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing ID payload
7|May 11 2010|14:45:40|713906|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, Generating keys for Responder...
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing nonce payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing ke payload
7|May 11 2010|14:45:40|715046|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, constructing ISAKMP SA payload
7|May 11 2010|14:45:40|715028|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, IKE SA Proposal # 1, Transform # 10 acceptable Matches global IKE entry # 2
7|May 11 2010|14:45:40|715047|||Group = DefaultRAGroup, IP = <ip_mreze_sa_koje_sam_pokusao>, processing IKE SA payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received Cisco Unity client VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received NAT-Traversal ver 02 VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715064|||IP = <ip_mreze_sa_koje_sam_pokusao>, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received Fragmentation VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received DPD VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715049|||IP = <ip_mreze_sa_koje_sam_pokusao>, Received xauth V6 VID
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing VID payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing ID payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing nonce payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing ISA_KE payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing ke payload
7|May 11 2010|14:45:40|715047|||IP = <ip_mreze_sa_koje_sam_pokusao>, processing SA payload
7|May 11 2010|14:45:40|713236|||IP = <ip_mreze_sa_koje_sam_pokusao>, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 849
6|May 11 2010|14:45:40|302015|<ip_mreze_sa_koje_sam_pokusao>|<ip_cisca_outside>|Built inbound UDP connection 23308 for outside:<ip_mreze_sa_koje_sam_pokusao>/1963 (<ip_mreze_sa_koje_sam_pokusao>/1963) to NP Identity Ifc:<ip_cisca_outside>/500 (<ip_cisca_outside>/500)
7|May 11 2010|14:45:40|609001|<ip_cisca_outside>||Built local-host NP Identity Ifc:<ip_cisca_outside>
7|May 11 2010|14:45:40|609001|<ip_mreze_sa_koje_sam_pokusao>||Built local-host outside:<ip_mreze_sa_koje_sam_pokusao>
Da li je potrebno još nešto da se podesi, acl ili nešto drugo da bi proradilo?
Ima li iko ideju?
