IpSec in transport mode not completeing phase 2 quick mode

I am trying to connect Solaris 10 to a non Solaris box over IPsec. I know this box has worked with a windows machine running ipsec.
My configuration of ipsec and ike looks to be correct but I must be missing something.
If I turn the ikeadm traces I see that I get through the phase 1 main mode but can not establish quick mode.
I have to use 3des for encryption and sha1 for authentic ion. I have followed the steps in the Solaris 10 ipsec and ike manual but I don't know where to turn now.
This are the ikeadm traces
Wed 20 Jul 2005 12:05:21 BST: in.iked: Quick Mode negotiation failed: code 14 (No proposal chosen).
Wed 20 Jul 2005 12:05:21 BST: in.iked: local_ip = 172.18.10.1, remote_ip = 192.168.25.22,
Wed 20 Jul 2005 12:05:21 BST: in.iked: local_i_id = ipv4(tcp:0,[0..3]=192.168.25.22), local_r_id = No Id,
Wed 20 Jul 2005 12:05:21 BST: in.iked: remote_i_id = ipv4(tcp:2126,[0..3]=172.18.10.1), remote_r_id = No Id,
Wed 20 Jul 2005 12:05:21 BST: in.iked: spsi: ike_send_packet -1
Wed 20 Jul 2005 12:05:21 BST: in.iked: In ssh_policy_phase_ii_sa_freed.
Wed 20 Jul 2005 12:05:21 BST: in.iked: local_ip = 172.18.10.1, remote_ip = 192.168.25.22,
Wed 20 Jul 2005 12:05:21 BST: in.iked: spsi: ike_udp_callback_common -1
Wed 20 Jul 2005 12:05:21 BST: in.iked: In ssh_policy_new_connection_phase_qm (pm_info = 0x85938).
Wed 20 Jul 2005 12:05:21 BST: in.iked: In ssh_policy_qm_select_sa (pm_info = 0x85938).
Wed 20 Jul 2005 12:05:21 BST: in.iked: Number of sas is 1.
Wed 20 Jul 2005 12:05:21 BST: in.iked: pfkey_request: queueing seq 598 type 12/X_INVERSE_ACQUIRE satype 0/UNSPEC
Wed 20 Jul 2005 12:05:21 BST: in.iked: tx_req: posting seq 598 type 12/X_INVERSE_ACQUIRE satype 0/UNSPEC
Wed 20 Jul 2005 12:05:21 BST: in.iked: pf_key_handler: got pid 1242 seq 598 type
6/ACQUIRE sa 0/UNSPEC errno 0 diag 0/No diagnostic len 109
Wed 20 Jul 2005 12:05:21 BST: in.iked: handle_reply: got seq 598 type 6/ACQUIREsatype 0/UNSPEC
Wed 20 Jul 2005 12:05:21 BST: in.iked: SA #0.
Wed 20 Jul 2005 12:05:21 BST: in.iked: Number of proposals = 1.
Wed 20 Jul 2005 12:05:21 BST: in.iked: Proposal 0.
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 0 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 1 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 2 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 3 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 4 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 5 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 6 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 7 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 8 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: ecomb 9 lost
Wed 20 Jul 2005 12:05:21 BST: in.iked: no matching ecomb
Wed 20 Jul 2005 12:05:21 BST: in.iked: No winner.
Wed 20 Jul 2005 12:05:21 BST: in.iked: finish_qm_select_sa: invoked for 85018
Wed 20 Jul 2005 12:05:21 BST: in.iked: Quick Mode negotiation failed: code 14 (No proposal chosen).
Wed 20 Jul 2005 12:05:21 BST: in.iked: local_ip = 172.18.10.1, remote_ip = 192.1
My config file
# more config
local_id_type IP
p1_lifetime_secs 28800
p1_nonce_len 20
p1_xform {auth_method preshared oakley_group 2 auth_alg sha1 encr_alg 3des}
p2_pfs 0
p2_lifetime_secs 10800
label "cmts1"
local_addr 172.18.10.1
remote_addr 192.168.25.22
I have also set up the ike.preshared file with my preshared key
When I do a ikeadm dump preshared I see the correct key
Any suggestions
penright

Eeesh. I wish I'd signed up for SDN earlier.
I know I'm a year late in replying, but the peer is proposing something in Quick Mode
(Phase 2) that your Solaris box doesn't think is available. Given the combinations
you had (0-9), I'd be interested to know what the peer proposed that didn't match.
You don't mention what ipsecconf(1m) input is, nor what the peer is configured to
do. You say 3des + sha1 - so that should be one of the choices.
One common mistake is to use "auth_algs" in ipsecconf(1m) (which is AH) instead
of "encr_auth_algs" (which is ESP's hash).

Similar Messages

  • Checkpoint Not Complete in NOARCHIVELOG mode

    Hi,
    This is first time I am seeing this. In my 11.1.0.7 development database on SOLARIS, I see checkpoint not complete message in alert log file and my database is running in NOARCHIVELOG mode. Can any expert throw light on this that why this warning is there even in NOARCHIVELOG mode?
    Salman

    871174 wrote:
    Hi,
    This is first time I am seeing this. In my 11.1.0.7 development database on SOLARIS, I see checkpoint not complete message in alert log file and my database is running in NOARCHIVELOG mode. Can any expert throw light on this that why this warning is there even in NOARCHIVELOG mode?
    Salman,
    The error doesn't have any relation to the archive log or no archive log mode of the database but to the size of the redo log files of yours and some other factors. The error basically means that you are not able to checkpoint your last current redo quickly enough before it can be reused. What's the size of the redo log files of yours?
    Aman....

  • Firefox for android does not completely enter fullscreen mode (addon installed).

    A black bar still remains at the upper portion of the screen, where the location bar is supposed to be. I am using a samsung galaxy s3 mini and jellybean 4.1.2.

    The addon is called Full Screen 3.4. http://imageshack.us/photo/photo/543/7vpz.png/
    http://imageshack.us/photo/photo/571/vt1l.png/

  • MySQL query works fine for Debug mode not during regular run mode

    Hello fellow Java gurus,
    I'm very much confused at the moment. I have an Java application that populates and accesses a MySQL database. It's a little complicated to explain but basically I've got a few threads that manipulate it. The database itself can handle multiple client connections.
    Now, my first SQL query determines whether records exist within a particular timeframe, since one of my columns is a time of arrival (toa). This works fine in debug and normal run mode. My second SQL query is only executed once the first query returns true, which occurs 100% of the time. The second query is very similar, however, has the very weird behaviour of working the way I want it during debugging mode, but doesn't work at all during normal run mode. I really do not understand. I've tried running the 2nd query using the same connection and also a different connection as to the 1st query but it really doesn't make a difference to the non-working outcome.
    If anyone has any ideas as to as to why this is happening, please help me. Any feedback would be greatly appreciated. I am desperate at the moment.
    Kind regards,
    Mitch.

    Sorry everyone, I've been able to solve it. My boolean variables were being set to their opposite values! Silly me.... cheers anyway....

  • Apps do not remember full screen mode

    When I open a app, like Safari, and I go to full screen mode the app works great. When I'm done, I close the app and after a while I open it again. In my case it will open the app, but it will open in the "normal" mode, not the full screen mode. Anyone having troubles with this?

    I don't have this problem.  Try this:
    Open System Preferences > General Settings > Make sure the "Close windows..." checkbox is unticked.

  • Object extraction to transport table is not complete.

    I had applied the patch for BUG 2472140 and BUG 2451096 and exported the transport set with a one page group. I downloaded the Windows NT Command Utility and I saved it as export.cmd
    When I run the script with the Export mode set I get an error:
    C:\>export.cmd -mode export -s portal -p portal1 -c iasdb -pu orcladmin -pp sszp
    ortal1 -company OKSystem -d c:\test.dmp -automatic_merge -check_mode
    Mode Selected is EXPORT
    Error: Object extraction to transport table is not complete.
    Please try again later.
    Export/Import aborted.
    I have waited for 2 days, but it doesn't help. I tried the same with application and it worked fine.
    Thanks for help.
    Martin Rosol

    This could have happen when the background job in the Job_Queue is still waiting to get executed completely. You could do the following...
    1. Login to SQL*Plus as Portal Owner.
    2. Execute the following SQL statements...
    select export_id,name,status from wwutl_export_import$;
    (This will list you all the transport sets available ; Identify your transport set here)
    delete from wwutl_export_import$ where export_id = '(Export Id you found out just now)';
    3. Then Export the Pagegroup again to create a new transport set.
    4. Download the script and run it after the status of the transport_set becomes 'EXTRACT_COMPLETE'
    Thanks,
    Arun

  • PSE11 Why does Sharpening not work in Quick or Guided Mode?

    I have used PSE 5 happily and greatly liked the auto sharpen feature. I have been forced to upgrade to PSE 11 due to Windows 8 incompatibility with 5.
    I am appalled to find that the sharpen feature, including auto, does not work in Quick or Guided modes. The small previews in Quick mode show the correct sharpening effect but clicking on them or using the slider does not transfer to the main image. I either have to go into full unsharp mask, which I hate for quick fixes, or use the 'adjust sharpness' option under 'filter' in Quick or Guided Mode, which increases sharpness by an unspecified amount on each click.
    Surely there si something wrong here. The feature is there so why doesn't it work?
    Any ideas would be welcome. If it isn't fixable I shall want a refund based on the product not being fit for purpose.
    Thanks
    dlgoodyear

    Thanks for confirming that it should work ok. I've now done the obvious and uninstalled/reinstalled and it's fine now.
    Dave

  • Transport Monitor could not complete your request (16)

    Transport Monitor could not complete your request (16) is the message I keep getting lately when I try to hotsync my palm IIIc with my 24inch imac running OSX 10.4.11. I'm also using Keyspan serial adaptor for the palm to a USB port. I've been able to hotsync on this machine before the only thing different was that I unplugged the cable once from the USB port to use a flash drive. Now everytime I try to enable hotsync via the hotsync software setup panel I get the above message.
    Any ideas about what to do? Thanks in advance.
    Post relates to: Palm IIIc

    I have recently been receiving a "Transport Monitor could not complete your request" error, though with the tag (-4960) at the end.  This error appears upon computer startup, ever since I had to reinstall Mac OX 10.5.2 on my computer.  Everything worked fine with the same computer until that reinstallation.  Now, nothing happens on my computer when I try to USB-synch my Treo 680, though it works fine on other computers.
    I have tried repairing disk permissions.  I have also tried deleting all the files for Palm Desktop and reinstalling it.  When I did so, I received the same error message during the installation process!
    What can I do?
    Thanks 
    EDIT: Perhaps relatedly, something seems to be malfunctioning in the HotSync Manager application.  When I open it, the default window with "HotSync Software Setup" does not open.  I can select other menu options (e.g. "Install Handheld Files" ), but if I select "Setup" from the HotSync menu, nothing happens. 
    Post relates to: Treo 680 (Cingular)
    Message Edited by emergent on 03-30-2008 08:27 PM
    Message Edited by emergent on 03-30-2008 08:28 PM

  • Ok, so i downloaded three albums (sic) and discovered the next day that on two of them there were songs which did not completely download.  I quickly reported it and expected a reply within 24 hrs but Ive heard nothing back and now I cannot re-report it .

    ok, so i downloaded three albums (sic) and discovered the next day that on two of them there were songs which did not completely download.  I quickly reported it and expected a reply within 24 hrs but Ive heard nothing back and now I cannot re-report it because it says Ive already reported it.  Should I just wait?  It's been three days.  Thanks, mj

    You can try to contact iTunes Store Support via http://www.apple.com/support/itunes/contact/
    Click the big blue button and follow the prompts.
    You can also try downloading the songs again.  Downloading past purchases from the App Store, iBookstore, and iTunes Store: http://support.apple.com/kb/HT2519

  • Transport monitor: could not complet your request (16)

    I had been syncing my palm T!X with my G4 laptop.
    I change to a macbook core 2 duo with OS 10.5.8
    I have installed palm package 4.2.1 rev D .
    When I restart the laptop during the startup I get this message:  Transport Monitor:  could not complete your request.  (16).
    I cannot sync my palm.
    help!!!
    Ron
    Post relates to: Tungsten C

    Hello Ron and welcome to the Palm forums.
    You may want to check out this thread to start troubleshooting.
    Alan G

  • TS1702 When I tried to update existing Pages app it did not complete loading update and has 'locked' into loading mode. I do not want to trash the existing Pages because it contains documents I need. Any advice?

    My problem is that when attempting to load updateed Pages the app has frozen in 'loading' mode and will not complete the loading. It is now unusable and does not respond to turning off the iPad and restarting. The Pages icon is in 'shadow' and will not respond . Cannot get the red minus symbol. Can get X symbol but do not want to trash it because it contains many documents I do not want to lose.  Suggestions welcome!

    Try a Reset [Hold the Home and Sleep/Wake buttons down together for 10 seconds or so (until the Apple logo appears) and then release. The screen will go blank and then power ON again in the normal way.] It is app and data safe!

  • Site-2-Site IPSEC VPN tunnel will not come up.

    Hello Experts,
    Just wondering if I can get some help on setting up a IPSEC VPN tunnel between a Cisco 2921 and ASA 550x. Below is the config
    show run | s crypto
    crypto pki token default removal timeout 0
    crypto isakmp policy 1
    encr aes
    authentication pre-share
    group 2
    lifetime 28800
    crypto isakmp key xxxxxxxxxxxxxxxxxxxxxx address A.A.A.A
    crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
    mode transport
    crypto map ICQ-2-ILAND 1 ipsec-isakmp
    set peer A.A.A.A
    set transform-set ESP-AES128-SHA
    match address iland_london_s2s_vpn
    crypto map ICQ-2-ILAND
    The config on the remote end has not been shared with me, so I don't know if I am doing something wrong locally or if the remote end is wrongly configured.
    The command Sh crypto isakmp sa displays the following
    show crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id status
    A.A.A.A    B.B.B.B   MM_NO_STATE       1231 ACTIVE (deleted)
    IPv6 Crypto ISAKMP SA
    show crypto session
    Crypto session current status
    Interface: GigabitEthernet0/0
    Session status: DOWN-NEGOTIATING
    Peer: A.A.A.A port 500
      IKEv1 SA: local B.B.B.B/500 remote A.A.A.A/500 Inactive
      IKEv1 SA: local B.B.B.B/500 remote A.A.A.A/500 Inactive
      IPSEC FLOW: permit ip 10.20.111.0/255.255.255.0 10.120.1.0/255.255.255.0
            Active SAs: 0, origin: crypto map
      IPSEC FLOW: permit ip 10.10.0.0/255.255.0.0 10.120.1.0/255.255.255.0
            Active SAs: 0, origin: crypto map
    The debug logs from the debug crypto isakmp command are listed below.
    ISAKMP:(0): local preshared key found
    Dec  6 08:51:52.019: ISAKMP : Scanning profiles for xauth ...
    Dec  6 08:51:52.019: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
    Dec  6 08:51:52.019: ISAKMP:      encryption AES-CBC
    Dec  6 08:51:52.019: ISAKMP:      keylength of 128
    Dec  6 08:51:52.019: ISAKMP:      hash SHA
    Dec  6 08:51:52.019: ISAKMP:      default group 2
    Dec  6 08:51:52.019: ISAKMP:      auth pre-share
    Dec  6 08:51:52.019: ISAKMP:      life type in seconds
    Dec  6 08:51:52.019: ISAKMP:      life duration (basic) of 28800
    Dec  6 08:51:52.019: ISAKMP:(0):atts are acceptable. Next payload is 0
    Dec  6 08:51:52.019: ISAKMP:(0):Acceptable atts:actual life: 0
    Dec  6 08:51:52.019: ISAKMP:(0):Acceptable atts:life: 0
    Dec  6 08:51:52.019: ISAKMP:(0):Basic life_in_seconds:28800
    Dec  6 08:51:52.019: ISAKMP:(0):Returning Actual lifetime: 28800
    Dec  6 08:51:52.019: ISAKMP:(0)::Started lifetime timer: 28800.
    Dec  6 08:51:52.019: ISAKMP:(0): processing vendor id payload
    Dec  6 08:51:52.019: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
    Dec  6 08:51:52.019: ISAKMP:(0): vendor ID is NAT-T v2
    Dec  6 08:51:52.019: ISAKMP:(0): processing vendor id payload
    Dec  6 08:51:52.019: ISAKMP:(0): processing IKE frag vendor id payload
    Dec  6 08:51:52.019: ISAKMP:(0):Support for IKE Fragmentation not enabled
    Dec  6 08:51:52.019: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Dec  6 08:51:52.019: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2
    Dec  6 08:51:52.019: ISAKMP:(0): sending packet to A.A.A.A my_port 500 peer_port 500 (I) MM_SA_SETUP
    Dec  6 08:51:52.019: ISAKMP:(0):Sending an IKE IPv4 Packet.
    Dec  6 08:51:52.019: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    Dec  6 08:51:52.019: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3
    Dec  6 08:51:52.155: ISAKMP (0): received packet from A.A.A.A dport 500 sport 500 Global (I) MM_SA_SETUP
    Dec  6 08:51:52.155: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Dec  6 08:51:52.155: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4
    Dec  6 08:51:52.155: ISAKMP:(0): processing KE payload. message ID = 0
    Dec  6 08:51:52.175: ISAKMP:(0): processing NONCE payload. message ID = 0
    Dec  6 08:51:52.175: ISAKMP:(0):found peer pre-shared key matching A.A.A.A
    Dec  6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
    Dec  6 08:51:52.175: ISAKMP:(1227): vendor ID is Unity
    Dec  6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
    Dec  6 08:51:52.175: ISAKMP:(1227): vendor ID seems Unity/DPD but major 92 mismatch
    Dec  6 08:51:52.175: ISAKMP:(1227): vendor ID is XAUTH
    Dec  6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
    Dec  6 08:51:52.175: ISAKMP:(1227): speaking to another IOS box!
    Dec  6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
    Dec  6 08:51:52.175: ISAKMP:(1227):vendor ID seems Unity/DPD but hash mismatch
    Dec  6 08:51:52.175: ISAKMP:received payload type 20
    Dec  6 08:51:52.175: ISAKMP (1227): His hash no match - this node outside NAT
    Dec  6 08:51:52.175: ISAKMP:received payload type 20
    Dec  6 08:51:52.175: ISAKMP (1227): No NAT Found for self or peer
    Dec  6 08:51:52.175: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Dec  6 08:51:52.179: ISAKMP:(1227):Old State = IKE_I_MM4  New State = IKE_I_MM4
    Dec  6 08:51:52.179: ISAKMP:(1227):Send initial contact
    Dec  6 08:51:52.179: ISAKMP:(1227):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    Dec  6 08:51:52.179: ISAKMP (1227): ID payload
            next-payload : 8
            type         : 1
            address      : B.B.B.B
            protocol     : 17
            port         : 500
            length       : 12
    Dec  6 08:51:52.179: ISAKMP:(1227):Total payload length: 12
    Dec  6 08:51:52.179: ISAKMP:(1227): sending packet to A.A.A.A my_port 500 peer_port 500 (I) MM_KEY_EXCH
    Dec  6 08:51:52.179: ISAKMP:(1227):Sending an IKE IPv4 Packet.
    Dec  6 08:51:52.179: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    Dec  6 08:51:52.179: ISAKMP:(1227):Old State = IKE_I_MM4  New State = IKE_I_MM5
    Dec  6 08:51:52.315: ISAKMP (1227): received packet from A.A.A.A dport 500 sport 500 Global (I) MM_KEY_EXCH
    Dec  6 08:51:52.315: ISAKMP:(1227): processing ID payload. message ID = 0
    Dec  6 08:51:52.315: ISAKMP (1227): ID payload
            next-payload : 8
            type         : 1
            address      : A.A.A.A
            protocol     : 17
            port         : 0
            length       : 12
    Dec  6 08:51:52.315: ISAKMP:(0):: peer matches *none* of the profiles
    Dec  6 08:51:52.315: ISAKMP:(1227): processing HASH payload. message ID = 0
    Dec  6 08:51:52.315: ISAKMP:received payload type 17
    Dec  6 08:51:52.315: ISAKMP:(1227): processing vendor id payload
    Dec  6 08:51:52.315: ISAKMP:(1227): vendor ID is DPD
    Dec  6 08:51:52.315: ISAKMP:(1227):SA authentication status:
            authenticated
    Dec  6 08:51:52.315: ISAKMP:(1227):SA has been authenticated with A.A.A.A
    Dec  6 08:51:52.315: ISAKMP: Trying to insert a peer B.B.B.B/A.A.A.A/500/,  and inserted successfully 2B79E8BC.
    Dec  6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Dec  6 08:51:52.315: ISAKMP:(1227):Old State = IKE_I_MM5  New State = IKE_I_MM6
    Dec  6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Dec  6 08:51:52.315: ISAKMP:(1227):Old State = IKE_I_MM6  New State = IKE_I_MM6
    Dec  6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    Dec  6 08:51:52.315: ISAKMP:(1227):Old State = IKE_I_MM6  New State = IKE_P1_COMPLETE
    Dec  6 08:51:52.315: ISAKMP:(1227):beginning Quick Mode exchange, M-ID of 1511581970
    Dec  6 08:51:52.315: ISAKMP:(1227):QM Initiator gets spi
    Dec  6 08:51:52.315: ISAKMP:(1227): sending packet to A.A.A.A my_port 500 peer_port 500 (I) QM_IDLE
    Dec  6 08:51:52.315: ISAKMP:(1227):Sending an IKE IPv4 Packet.
    Dec  6 08:51:52.315: ISAKMP:(1227):Node 1511581970, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
    Dec  6 08:51:52.315: ISAKMP:(1227):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1
    Dec  6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
    Dec  6 08:51:52.315: ISAKMP:(1227):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    Dec  6 08:51:52.455: ISAKMP (1227): received packet from A.A.A.A dport 500 sport 500 Global (I) QM_IDLE
    Dec  6 08:51:52.455: ISAKMP: set new node -1740216573 to QM_IDLE
    Dec  6 08:51:52.455: ISAKMP:(1227): processing HASH payload. message ID = 2554750723
    Dec  6 08:51:52.455: ISAKMP:(1227): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
            spi 0, message ID = 2554750723, sa = 0x2B78D574
    Dec  6 08:51:52.455: ISAKMP:(1227):deleting node -1740216573 error FALSE reason "Informational (in) state 1"
    Dec  6 08:51:52.455: ISAKMP:(1227):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    Dec  6 08:51:52.455: ISAKMP:(1227):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    Dec  6 08:51:52.455: ISAKMP (1227): received packet from A.A.A.A dport 500 sport 500 Global (I) QM_IDLE
    Dec  6 08:51:52.455: ISAKMP: set new node 1297146574 to QM_IDLE
    Dec  6 08:51:52.455: ISAKMP:(1227): processing HASH payload. message ID = 1297146574
    Dec  6 08:51:52.455: ISAKMP:(1227): processing DELETE payload. message ID = 1297146574
    Dec  6 08:51:52.455: ISAKMP:(1227):peer does not do paranoid keepalives.
    Dec  6 08:51:52.455: ISAKMP:(1227):deleting SA reason "No reason" state (I) QM_IDLE       (peer A.A.A.A)
    Dec  6 08:51:52.455: ISAKMP:(1227):deleting node 1297146574 error FALSE reason "Informational (in) state 1"
    Dec  6 08:51:52.455: ISAKMP: set new node -1178304129 to QM_IDLE
    Dec  6 08:51:52.455: ISAKMP:(1227): sending packet to A.A.A.A my_port 500 peer_port 500 (I) QM_IDLE
    Dec  6 08:51:52.455: ISAKMP:(1227):Sending an IKE IPv4 Packet.
    Dec  6 08:51:52.455: ISAKMP:(1227):purging node -1178304129
    Dec  6 08:51:52.455: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    Dec  6 08:51:52.455: ISAKMP:(1227):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA
    Dec  6 08:51:52.455: ISAKMP:(1227):deleting SA reason "No reason" state (I) QM_IDLE       (peer A.A.A.A)
    Dec  6 08:51:52.455: ISAKMP: Unlocking peer struct 0x2B79E8BC for isadb_mark_sa_deleted(), count 0
    Dec  6 08:51:52.455: ISAKMP: Deleting peer node by peer_reap for A.A.A.A: 2B79E8BC
    Dec  6 08:51:52.455: ISAKMP:(1227):deleting node 1511581970 error FALSE reason "IKE deleted"
    Dec  6 08:51:52.455: ISAKMP:(1227):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Dec  6 08:51:52.455: ISAKMP:(1227):Old State = IKE_DEST_SA  New State = IKE_DEST_SA
    would appreciate any help you can provide.
    Regards,
    Sidney Dsouza

    Hi Anuj,
    thanks for responding. Here are the logs from the debug crypto ipsec
    Dec 10 15:54:38.099 UTC: IPSEC(sa_request): ,
      (key eng. msg.) OUTBOUND local= B.B.B.B:500, remote= A.A.A.A:500,
        local_proxy= 10.20.0.0/255.255.0.0/0/0 (type=4),
        remote_proxy= 10.120.1.0/255.255.255.0/0/0 (type=4),
        protocol= ESP, transform= esp-aes esp-sha-hmac  (Tunnel),
        lifedur= 3600s and 4608000kb,
        spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
    Dec 10 15:54:38.671 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)
    thats all that appeared after pinging the remote subnet.

  • "Could not complete the render video command because of program error?"

    Hello,
    Does anyone know what to do to fix this problem?
    When I go to File>export>video render> then I click for it to render, up
    pops this window saying "Could not complete the render video command
    because of a program error." I would appreciate any and all work around
    ideas.
    Thanks
    Windows XP Pro SP3
    Photoshop extended CS3 with all the latest updates.
    Asus P5B Deluxe Cpu Duo 2 E8400 4gigs ram.

    Thank you so much for your reply. My PC does have the latest quick time version.I went into QT Preferences and under advance, I checked "Enable encoding using legacy codecs" but this change didn't help. Is that the one you were talking about?. Where do I find "GDI-only mode without hardware acceleration" ? The weird part is no matter what format I choose to render out I still get the pop up. Photoshop doesn't even try to do anything at all, just shoot up the error window. Is there by chance something I needed to install but didn't? I install photoshop CS3 as part of production premium set. PP and AF render video just fine no problems.

  • Quick Mode SA Idle Tomeout in Windows Server 2008 R2

    We observed quick mode SA idle timeout appears as 300 sec in Windows 2008 R2. Is there a way to reduce the timeout value?

    On older OSes you could add/modify below registry value and reboot server afterwards:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
    Value name: SAIdleTime
    Data Type: REG_DWORD
    Value data: 300 - 3600 (default=300)
    Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Modify the registry at your own risk.
    I also found this post that it should work with 2008:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/f6da5dc9-7e6e-4921-8b88-ab88e1d0c0d5/w2008-ipsec-quick-mode-sa-timeout?forum=winserversecurity
    But I am not sure if it is supported on 2008 r2. Canyone confirm is is supported?
    Regards
    Jure Labrovic | Blog

  • Direct Access: No Security Associations under Main mode and Quick Mode: No SA

    Could someone please help me with the issue here :'(
    Windows Firewall advanced security--> Monitoring --> Main mode (Empty)
      --> quick Mode (Empty)
    Its been days I am trying to trouble shoot this issue. All the setup seems good. I am not able to figure out this certificate issue.

    Hi Sijin,
    What is the status of this issue ? If you still have issue please confirm the following.
    1) What is the Network Topology?
    2) What is the client OS?
    3) If you have it configured for Windows 7 and 8 both then do you have Client Authentication Certificate in Personal store and Root Certificate from Internal CA present on client machine?
    4) What is the Status of IPHTTPS Interface?
    5) Are you able to Ping Direct Access (DNS Server) IP Address (2002:836b:33:3333::1 from client?
    6) What is the status of below services on the client machine?
    IKE and AuthIP IPsec Keying Modules
    IPSec Policy Agent
    7) Which Windows Firewall profile is enable on DA Server and Client?
    Regards
    Kapil

Maybe you are looking for

  • How to delete movies still in Original Media folder?

    Using iMovie 10.0.6 and Yosemite. I delete clips within iMovie in my Library view by selecting the clip and 'Move to Trash' (this as I go through all my clips to see what I want to keep and what I want to throw away). After selecting to move to trash

  • Source different O/S and hardware from destination

    What are the limitations on using Streams to move data between Oracle instances, when those instances differ by O/S and hardware platform? We're working with a vendor to replicate from an Oracle instance 10gR2 running on an IBM server running AIX, an

  • Project Transfer From Plant to Plant

    Dear All, We have New Plant created 2000. 1000-nm3-abc25 has been created in 1000 Plant earlier and now we will in process of transfer of this project to 2000 Plant. We have Open PR/PO, Advances, Stock, CWIP etc on our Projects. Almost 90% of the Bud

  • Yaourt stopped working

    After two days of being away from my computer, i noticed that yaourt stoped working. Here is output: [code]└─[$]> yaourt --aur -Su                                                                                                      Sprawdzanie dostęp

  • ITune movie rentals question

    If I rent a movie on iTunes, can I watch it without internet? I would like to download a couple of rentals for a plane trip. Is that possible, or do I need to be connected to play them? Thanks!