Microsoft
Software
Hardware
Network
Question : Problem: DMVPN and Remote Access
Hello
I have a hub (router 871) and few Spokes (871) and have DMVPN configured. the DMVPN is working fine. I configured Remote-Access to connect remotely but it doesn't work
I tried to connect througth cisco vpn client. I can't
vpn client rel 5.0.03.0560
thank you for helping
===========here is the config ======================
hostname HUB
!
boot-start-marker
boot-end-marker
!
logging buffered 200000
enable secret secretme
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login uservty local
aaa authorization network RW-RMT local
aaa authorization network groupauthor local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EST recurring
!
!
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.58.0 192.168.58.9
ip dhcp excluded-address 192.168.58.21 192.168.58.255
ip dhcp ping packets 3
ip dhcp ping timeout 100
!
ip dhcp pool DATA
network 192.168.58.0 255.255.255.0
dns-server a.g.h.j 1.2.3.4
default-router 192.168.58.254
option 125 ascii "id:ipphone.kkjljlk"
!
!
ip domain name domaine.ca
ip name-server a.d.c.b
ip inspect name fwoutbound ftp
ip inspect name fwoutbound udp
ip inspect name fwoutbound tcp
ip inspect name fwoutbound http
ip inspect name fwinbound ftp
ip inspect name fwinbound tcp
ip inspect name fwinbound udp
ip inspect name fwinbound http
!
multilink bundle-name authenticated
vpdn enable
!
!
!
username private password 1234567
username meadmin password 12345
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
!
crypto isakmp policy 20
encr aes 256
authentication pre-share
group 5
crypto isakmp key mykey address 0.0.0.0 0.0.0.0
crypto isakmp fragmentation
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 15
crypto isakmp xauth timeout 60
!
crypto isakmp client configuration group RW-RMT
key iamthekey
dns 1.2.3.4
domain domaine.ca
pool RAPOOL
save-password
include-local-lan
crypto isakmp profile VPNCLIENT
match identity group RW-RMT
client authentication list RW-RMT
isakmp authorization list RW-RMT
client configuration address respond
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set Hub&Spoke esp-aes
mode transport
crypto ipsec transform-set REMOTEACCESS esp-aes esp-sha-hmac
!
crypto ipsec profile VPNPROFILE
set security-association lifetime seconds 3600
set transform-set Hub&Spoke
!
!
crypto dynamic-map dynmap 1
set transform-set REMOTEACCESS
set isakmp-profile VPNCLIENT
reverse-route
!
!
crypto map dynmap isakmp authorization list RW-RMT
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
class-map match-any RT
match ip dscp ef
!
policy-map QOS
class RT
priority 400
class class-default
fair-queue
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.10.10.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication tunnels
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
no ip split-horizon eigrp 1
no ip mroute-cache
delay 1000
qos pre-classify
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile VPNPROFILE
!
interface FastEthernet0
description Switch Nortel
switchport trunk native vlan 111
switchport mode trunk
switchport voice vlan 121
!
interface FastEthernet1
switchport access vlan 111
!
interface FastEthernet2
switchport access vlan 111
!
interface FastEthernet3
switchport access vlan 111
!
interface FastEthernet4
description vers ADSL
bandwidth 800
no ip address
duplex auto
speed auto
pppoe-client dial-pool-number 1
service-policy output QOS
!
interface Vlan1
no ip address
shutdown
!
interface Vlan111
description Vlan DATA for PC
ip address 192.168.58.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan121
description Vlan VOIX for IP Phone
ip address 172.16.58.254 255.255.255.0
ip helper-address 172.16.58.2
ip nat inside
ip virtual-reassembly
!
interface Dialer0
description ADSL
ip address negotiated
ip access-group 111 in
ip mtu 1452
ip nat outside
ip inspect fwinbound in
ip inspect fwoutbound out
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
fair-queue 64 16 256
ppp pap sent-username metest password testme
crypto map dynmap
!
interface Dialer1
no ip address
ip inspect fwinbound in
ip inspect fwoutbound out
!
router eigrp 1
network 10.10.10.0
network 172.16.0.0
network 192.168.58.0
no auto-summary
!
ip local pool RAPOOL 192.168.58.200 192.168.58.210
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 120 interface Dialer0 overload
ip nat inside source static tcp 172.16.58.2 443 interface Dialer0 64488
!
access-list 111 remark ---Acces Internet---
access-list 111 permit esp any any
access-list 111 permit gre any any
access-list 111 permit tcp any any eq 139
access-list 111 permit tcp any any eq 1723
access-list 111 permit udp any any eq 10000
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any eq domain any
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any administratively-prohibite
d
access-list 111 remark ---Pour acces SSH---
access-list 111 permit tcp any any eq 22
access-list 111 remark ---Pour update time.nrc.ca---
access-list 111 permit ip host 2.3.4.5 any
access-list 111 remark Pour acces Mitel Bell-Temporaire
access-list 111 permit tcp any any eq 64488
access-list 120 remark ---Acces Intranet---
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 172.16.58.0 0.0.0.255 any
access-list 120 permit ip 192.168.58.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
banner motd ^CC
**************************
**********
**********
**********
**********
**********
***
* *
* WARNING *
* UNAUTHORIZED ACCESS TO ANY PROGRAM OR DATA ON *
* THIS SYSTEM IS NOT PERMITTED. *
* *
**************************
**********
**********
**********
**********
**********
***
^C
!
line con 0
password
no modem enable
line aux 0
password
line vty 0 4
password
logging synchronous
transport input telnet ssh
--------------------here is the result of debug crypto isakmp
Nov 2 07:52:08.533: ISAKMP: New peer created peer = 0x83C01CD4 peer_handle = 0x800000E1
Nov 2 07:52:08.533: ISAKMP: Locking peer struct 0x83C01CD4, refcount 1 for crypto_isakmp_process_bloc
k
Nov 2 07:52:08.533: ISAKMP:(0):Setting client config settings 846EDBE0
Nov 2 07:52:08.533: ISAKMP/xauth: initializing AAA request
Nov 2 07:52:08.533: ISAKMP: local port 500, remote port 39302
Nov 2 07:52:08.533: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 846EBB68
Nov 2 07:52:08.533: ISAKMP:(0): processing SA payload. message ID = 0
Nov 2 07:52:08.533: ISAKMP:(0): processing ID payload. message ID = 0
Nov 2 07:52:08.533: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : RW-RMT
protocol : 17
port : 500
length : 18
Nov 2 07:52:08.537: ISAKMP:(0):: peer matches VPNclient profile
Nov 2 07:52:08.537: ISAKMP:(0):(Re)Setting client xauth list and state
Nov 2 07:52:08.537: ISAKMP/xauth: initializing AAA request
Nov 2 07:52:08.537: ISAKMP:(0): processing vendor id payload
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID is XAUTH
Nov 2 07:52:08.537: ISAKMP:(0): processing vendor id payload
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID is DPD
Nov 2 07:52:08.537: ISAKMP:(0): processing vendor id payload
Nov 2 07:52:08.537: ISAKMP:(0): processing IKE frag vendor id payload
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID is IKE Fragmentation
Nov 2 07:52:08.537: ISAKMP:(0): MM Fragmentation supported
Nov 2 07:52:08.537: ISAKMP:(0): processing vendor id payload
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID is NAT-T v2
Nov 2 07:52:08.537: ISAKMP:(0): processing vendor id payload
Nov 2 07:52:08.537: ISAKMP:(0): vendor ID is Unity
Nov 2 07:52:08.537: ISAKMP:(0): Authentication by xauth preshared
Nov 2 07:52:08.537: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
Nov 2 07:52:08.537: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.537: ISAKMP: hash SHA
Nov 2 07:52:08.537: ISAKMP: default group 2
Nov 2 07:52:08.537: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.537: ISAKMP: life type in seconds
Nov 2 07:52:08.537: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.541: ISAKMP: keylength of 256
Nov 2 07:52:08.541: ISAKMP:(0):Diffie-Hellman group offered does not match policy!
Nov 2 07:52:08.541: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.541: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
Nov 2 07:52:08.541: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.541: ISAKMP: hash MD5
Nov 2 07:52:08.541: ISAKMP: default group 2
Nov 2 07:52:08.541: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.541: ISAKMP: life type in seconds
Nov 2 07:52:08.541: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.541: ISAKMP: keylength of 256
Nov 2 07:52:08.541: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.541: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.541: ISAKMP:(0):Checking ISAKMP transform 3 against priority 10 policy
Nov 2 07:52:08.541: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.541: ISAKMP: hash SHA
Nov 2 07:52:08.541: ISAKMP: default group 2
Nov 2 07:52:08.541: ISAKMP: auth pre-share
Nov 2 07:52:08.541: ISAKMP: life type in seconds
Nov 2 07:52:08.541: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.541: ISAKMP: keylength of 256
Nov 2 07:52:08.541: ISAKMP:(0):Diffie-Hellman group offered does not match policy!
Nov 2 07:52:08.541: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.541: ISAKMP:(0):Checking ISAKMP transform 4 against priority 10 policy
Nov 2 07:52:08.541: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.541: ISAKMP: hash MD5
Nov 2 07:52:08.541: ISAKMP: default group 2
Nov 2 07:52:08.541: ISAKMP: auth pre-share
Nov 2 07:52:08.541: ISAKMP: life type in seconds
Nov 2 07:52:08.545: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.545: ISAKMP: keylength of 256
Nov 2 07:52:08.545: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.545: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.545: ISAKMP:(0):Checking ISAKMP transform 5 against priority 10 policy
Nov 2 07:52:08.545: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.545: ISAKMP: hash SHA
Nov 2 07:52:08.545: ISAKMP: default group 2
Nov 2 07:52:08.545: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.545: ISAKMP: life type in seconds
Nov 2 07:52:08.545: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.545: ISAKMP: keylength of 128
Nov 2 07:52:08.545: ISAKMP:(0):Proposed key length does not match policy
Nov 2 07:52:08.545: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.545: ISAKMP:(0):Checking ISAKMP transform 6 against priority 10 policy
Nov 2 07:52:08.545: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.545: ISAKMP: hash MD5
Nov 2 07:52:08.545: ISAKMP: default group 2
Nov 2 07:52:08.545: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.545: ISAKMP: life type in seconds
Nov 2 07:52:08.545: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.545: ISAKMP: keylength of 128
Nov 2 07:52:08.545: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.545: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.545: ISAKMP:(0):Checking ISAKMP transform 7 against priority 10 policy
Nov 2 07:52:08.545: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.545: ISAKMP: hash SHA
Nov 2 07:52:08.545: ISAKMP: default group 2
Nov 2 07:52:08.545: ISAKMP: auth pre-share
Nov 2 07:52:08.545: ISAKMP: life type in seconds
Nov 2 07:52:08.545: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.549: ISAKMP: keylength of 128
Nov 2 07:52:08.549: ISAKMP:(0):Proposed key length does not match policy
Nov 2 07:52:08.549: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.549: ISAKMP:(0):Checking ISAKMP transform 8 against priority 10 policy
Nov 2 07:52:08.549: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.549: ISAKMP: hash MD5
Nov 2 07:52:08.549: ISAKMP: default group 2
Nov 2 07:52:08.549: ISAKMP: auth pre-share
Nov 2 07:52:08.549: ISAKMP: life type in seconds
Nov 2 07:52:08.549: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.549: ISAKMP: keylength of 128
Nov 2 07:52:08.549: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.549: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.549: ISAKMP:(0):Checking ISAKMP transform 9 against priority 10 policy
Nov 2 07:52:08.549: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.549: ISAKMP: hash SHA
Nov 2 07:52:08.549: ISAKMP: default group 2
Nov 2 07:52:08.549: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.549: ISAKMP: life type in seconds
Nov 2 07:52:08.549: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.549: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.549: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.549: ISAKMP:(0):Checking ISAKMP transform 10 against priority 10 policy
Nov 2 07:52:08.549: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.549: ISAKMP: hash MD5
Nov 2 07:52:08.549: ISAKMP: default group 2
Nov 2 07:52:08.549: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.549: ISAKMP: life type in seconds
Nov 2 07:52:08.549: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.549: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.549: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.549: ISAKMP:(0):Checking ISAKMP transform 11 against priority 10 policy
Nov 2 07:52:08.549: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.549: ISAKMP: hash SHA
Nov 2 07:52:08.549: ISAKMP: default group 2
Nov 2 07:52:08.549: ISAKMP: auth pre-share
Nov 2 07:52:08.549: ISAKMP: life type in seconds
Nov 2 07:52:08.549: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.553: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.553: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.553: ISAKMP:(0):Checking ISAKMP transform 12 against priority 10 policy
Nov 2 07:52:08.553: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.553: ISAKMP: hash MD5
Nov 2 07:52:08.553: ISAKMP: default group 2
Nov 2 07:52:08.553: ISAKMP: auth pre-share
Nov 2 07:52:08.553: ISAKMP: life type in seconds
Nov 2 07:52:08.553: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.553: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.553: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.553: ISAKMP:(0):Checking ISAKMP transform 13 against priority 10 policy
Nov 2 07:52:08.553: ISAKMP: encryption DES-CBC
Nov 2 07:52:08.553: ISAKMP: hash MD5
Nov 2 07:52:08.553: ISAKMP: default group 2
Nov 2 07:52:08.553: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.553: ISAKMP: life type in seconds
Nov 2 07:52:08.553: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.553: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.553: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.553: ISAKMP:(0):Checking ISAKMP transform 14 against priority 10 policy
Nov 2 07:52:08.553: ISAKMP: encryption DES-CBC
Nov 2 07:52:08.553: ISAKMP: hash MD5
Nov 2 07:52:08.553: ISAKMP: default group 2
Nov 2 07:52:08.553: ISAKMP: auth pre-share
Nov 2 07:52:08.553: ISAKMP: life type in seconds
Nov 2 07:52:08.553: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.553: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.553: ISAKMP:(0):atts are not acceptable. Next payload is 0
Nov 2 07:52:08.553: ISAKMP:(0):Checking ISAKMP transform 1 against priority 20 policy
Nov 2 07:52:08.553: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.553: ISAKMP: hash SHA
Nov 2 07:52:08.553: ISAKMP: default group 2
Nov 2 07:52:08.553: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.553: ISAKMP: life type in seconds
Nov 2 07:52:08.557: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.557: ISAKMP: keylength of 256
Nov 2 07:52:08.557: ISAKMP:(0):Diffie-Hellman group offered does not match policy!
Nov 2 07:52:08.557: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.557: ISAKMP:(0):Checking ISAKMP transform 2 against priority 20 policy
Nov 2 07:52:08.557: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.557: ISAKMP: hash MD5
Nov 2 07:52:08.557: ISAKMP: default group 2
Nov 2 07:52:08.557: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.557: ISAKMP: life type in seconds
Nov 2 07:52:08.557: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.557: ISAKMP: keylength of 256
Nov 2 07:52:08.557: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.557: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.557: ISAKMP:(0):Checking ISAKMP transform 3 against priority 20 policy
Nov 2 07:52:08.557: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.557: ISAKMP: hash SHA
Nov 2 07:52:08.557: ISAKMP: default group 2
Nov 2 07:52:08.557: ISAKMP: auth pre-share
Nov 2 07:52:08.557: ISAKMP: life type in seconds
Nov 2 07:52:08.557: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.557: ISAKMP: keylength of 256
Nov 2 07:52:08.557: ISAKMP:(0):Diffie-Hellman group offered does not match policy!
Nov 2 07:52:08.557: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.557: ISAKMP:(0):Checking ISAKMP transform 4 against priority 20 policy
Nov 2 07:52:08.557: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.557: ISAKMP: hash MD5
Nov 2 07:52:08.557: ISAKMP: default group 2
Nov 2 07:52:08.557: ISAKMP: auth pre-share
Nov 2 07:52:08.557: ISAKMP: life type in seconds
Nov 2 07:52:08.557: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.557: ISAKMP: keylength of 256
Nov 2 07:52:08.557: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.561: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.561: ISAKMP:(0):Checking ISAKMP transform 5 against priority 20 policy
Nov 2 07:52:08.561: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.561: ISAKMP: hash SHA
Nov 2 07:52:08.561: ISAKMP: default group 2
Nov 2 07:52:08.561: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.561: ISAKMP: life type in seconds
Nov 2 07:52:08.561: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.561: ISAKMP: keylength of 128
Nov 2 07:52:08.561: ISAKMP:(0):Proposed key length does not match policy
Nov 2 07:52:08.561: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.561: ISAKMP:(0):Checking ISAKMP transform 6 against priority 20 policy
Nov 2 07:52:08.561: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.561: ISAKMP: hash MD5
Nov 2 07:52:08.561: ISAKMP: default group 2
Nov 2 07:52:08.561: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.561: ISAKMP: life type in seconds
Nov 2 07:52:08.561: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.561: ISAKMP: keylength of 128
Nov 2 07:52:08.561: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.561: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.561: ISAKMP:(0):Checking ISAKMP transform 7 against priority 20 policy
Nov 2 07:52:08.561: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.561: ISAKMP: hash SHA
Nov 2 07:52:08.561: ISAKMP: default group 2
Nov 2 07:52:08.561: ISAKMP: auth pre-share
Nov 2 07:52:08.561: ISAKMP: life type in seconds
Nov 2 07:52:08.561: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.561: ISAKMP: keylength of 128
Nov 2 07:52:08.561: ISAKMP:(0):Proposed key length does not match policy
Nov 2 07:52:08.561: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.561: ISAKMP:(0):Checking ISAKMP transform 8 against priority 20 policy
Nov 2 07:52:08.561: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.561: ISAKMP: hash MD5
Nov 2 07:52:08.561: ISAKMP: default group 2
Nov 2 07:52:08.565: ISAKMP: auth pre-share
Nov 2 07:52:08.565: ISAKMP: life type in seconds
Nov 2 07:52:08.565: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.565: ISAKMP: keylength of 128
Nov 2 07:52:08.565: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.565: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.565: ISAKMP:(0):Checking ISAKMP transform 9 against priority 20 policy
Nov 2 07:52:08.565: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.565: ISAKMP: hash SHA
Nov 2 07:52:08.565: ISAKMP: default group 2
Nov 2 07:52:08.565: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.565: ISAKMP: life type in seconds
Nov 2 07:52:08.565: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.565: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.565: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.565: ISAKMP:(0):Checking ISAKMP transform 10 against priority 20 policy
Nov 2 07:52:08.565: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.565: ISAKMP: hash MD5
Nov 2 07:52:08.565: ISAKMP: default group 2
Nov 2 07:52:08.565: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.565: ISAKMP: life type in seconds
Nov 2 07:52:08.565: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.565: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.565: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.565: ISAKMP:(0):Checking ISAKMP transform 11 against priority 20 policy
Nov 2 07:52:08.565: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.565: ISAKMP: hash SHA
Nov 2 07:52:08.565: ISAKMP: default group 2
Nov 2 07:52:08.565: ISAKMP: auth pre-share
Nov 2 07:52:08.565: ISAKMP: life type in seconds
Nov 2 07:52:08.565: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.565: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.565: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.565: ISAKMP:(0):Checking ISAKMP transform 12 against priority 20 policy
Nov 2 07:52:08.569: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.569: ISAKMP: hash MD5
Nov 2 07:52:08.569: ISAKMP: default group 2
Nov 2 07:52:08.569: ISAKMP: auth pre-share
Nov 2 07:52:08.569: ISAKMP: life type in seconds
Nov 2 07:52:08.569: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.569: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.569: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.569: ISAKMP:(0):Checking ISAKMP transform 13 against priority 20 policy
Nov 2 07:52:08.569: ISAKMP: encryption DES-CBC
Nov 2 07:52:08.569: ISAKMP: hash MD5
Nov 2 07:52:08.569: ISAKMP: default group 2
Nov 2 07:52:08.569: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.569: ISAKMP: life type in seconds
Nov 2 07:52:08.569: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.569: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.569: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.569: ISAKMP:(0):Checking ISAKMP transform 14 against priority 20 policy
Nov 2 07:52:08.569: ISAKMP: encryption DES-CBC
Nov 2 07:52:08.569: ISAKMP: hash MD5
Nov 2 07:52:08.569: ISAKMP: default group 2
Nov 2 07:52:08.569: ISAKMP: auth pre-share
Nov 2 07:52:08.569: ISAKMP: life type in seconds
Nov 2 07:52:08.569: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.569: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.569: ISAKMP:(0):atts are not acceptable. Next payload is 0
Nov 2 07:52:08.569: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy
Nov 2 07:52:08.569: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.569: ISAKMP: hash SHA
Nov 2 07:52:08.569: ISAKMP: default group 2
Nov 2 07:52:08.569: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.569: ISAKMP: life type in seconds
Nov 2 07:52:08.569: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.569: ISAKMP: keylength of 256
Nov 2 07:52:08.573: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.573: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.573: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65535 policy
Nov 2 07:52:08.573: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.573: ISAKMP: hash MD5
Nov 2 07:52:08.573: ISAKMP: default group 2
Nov 2 07:52:08.573: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.573: ISAKMP: life type in seconds
Nov 2 07:52:08.573: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.573: ISAKMP: keylength of 256
Nov 2 07:52:08.573: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.573: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.573: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65535 policy
Nov 2 07:52:08.573: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.573: ISAKMP: hash SHA
Nov 2 07:52:08.573: ISAKMP: default group 2
Nov 2 07:52:08.573: ISAKMP: auth pre-share
Nov 2 07:52:08.573: ISAKMP: life type in seconds
Nov 2 07:52:08.573: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.573: ISAKMP: keylength of 256
Nov 2 07:52:08.573: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.573: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.573: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65535 policy
Nov 2 07:52:08.573: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.573: ISAKMP: hash MD5
Nov 2 07:52:08.573: ISAKMP: default group 2
Nov 2 07:52:08.573: ISAKMP: auth pre-share
Nov 2 07:52:08.573: ISAKMP: life type in seconds
Nov 2 07:52:08.573: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.573: ISAKMP: keylength of 256
Nov 2 07:52:08.573: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.573: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.573: ISAKMP:(0):Checking ISAKMP transform 5 against priority 65535 policy
Nov 2 07:52:08.573: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.573: ISAKMP: hash SHA
Nov 2 07:52:08.573: ISAKMP: default group 2
Nov 2 07:52:08.577: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.577: ISAKMP: life type in seconds
Nov 2 07:52:08.577: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.577: ISAKMP: keylength of 128
Nov 2 07:52:08.577: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.577: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.577: ISAKMP:(0):Checking ISAKMP transform 6 against priority 65535 policy
Nov 2 07:52:08.577: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.577: ISAKMP: hash MD5
Nov 2 07:52:08.577: ISAKMP: default group 2
Nov 2 07:52:08.577: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.577: ISAKMP: life type in seconds
Nov 2 07:52:08.577: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.577: ISAKMP: keylength of 128
Nov 2 07:52:08.577: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.577: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.577: ISAKMP:(0):Checking ISAKMP transform 7 against priority 65535 policy
Nov 2 07:52:08.577: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.577: ISAKMP: hash SHA
Nov 2 07:52:08.577: ISAKMP: default group 2
Nov 2 07:52:08.577: ISAKMP: auth pre-share
Nov 2 07:52:08.577: ISAKMP: life type in seconds
Nov 2 07:52:08.577: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.577: ISAKMP: keylength of 128
Nov 2 07:52:08.577: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.577: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.577: ISAKMP:(0):Checking ISAKMP transform 8 against priority 65535 policy
Nov 2 07:52:08.577: ISAKMP: encryption AES-CBC
Nov 2 07:52:08.577: ISAKMP: hash MD5
Nov 2 07:52:08.577: ISAKMP: default group 2
Nov 2 07:52:08.577: ISAKMP: auth pre-share
Nov 2 07:52:08.577: ISAKMP: life type in seconds
Nov 2 07:52:08.577: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.577: ISAKMP: keylength of 128
Nov 2 07:52:08.581: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.581: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.581: ISAKMP:(0):Checking ISAKMP transform 9 against priority 65535 policy
Nov 2 07:52:08.581: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.581: ISAKMP: hash SHA
Nov 2 07:52:08.581: ISAKMP: default group 2
Nov 2 07:52:08.581: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.581: ISAKMP: life type in seconds
Nov 2 07:52:08.581: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.581: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.581: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.581: ISAKMP:(0):Checking ISAKMP transform 10 against priority 65535 policy
Nov 2 07:52:08.581: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.581: ISAKMP: hash MD5
Nov 2 07:52:08.581: ISAKMP: default group 2
Nov 2 07:52:08.581: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.581: ISAKMP: life type in seconds
Nov 2 07:52:08.581: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.581: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.581: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.581: ISAKMP:(0):Checking ISAKMP transform 11 against priority 65535 policy
Nov 2 07:52:08.581: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.581: ISAKMP: hash SHA
Nov 2 07:52:08.581: ISAKMP: default group 2
Nov 2 07:52:08.581: ISAKMP: auth pre-share
Nov 2 07:52:08.581: ISAKMP: life type in seconds
Nov 2 07:52:08.581: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.581: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.581: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.581: ISAKMP:(0):Checking ISAKMP transform 12 against priority 65535 policy
Nov 2 07:52:08.581: ISAKMP: encryption 3DES-CBC
Nov 2 07:52:08.581: ISAKMP: hash MD5
Nov 2 07:52:08.581: ISAKMP: default group 2
Nov 2 07:52:08.581: ISAKMP: auth pre-share
Nov 2 07:52:08.581: ISAKMP: life type in seconds
Nov 2 07:52:08.585: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.585: ISAKMP:(0):Encryption algorithm offered does not match policy!
Nov 2 07:52:08.585: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.585: ISAKMP:(0):Checking ISAKMP transform 13 against priority 65535 policy
Nov 2 07:52:08.585: ISAKMP: encryption DES-CBC
Nov 2 07:52:08.585: ISAKMP: hash MD5
Nov 2 07:52:08.585: ISAKMP: default group 2
Nov 2 07:52:08.585: ISAKMP: auth XAUTHInitPreShared
Nov 2 07:52:08.585: ISAKMP: life type in seconds
Nov 2 07:52:08.585: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.585: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.585: ISAKMP:(0):atts are not acceptable. Next payload is 3
Nov 2 07:52:08.585: ISAKMP:(0):Checking ISAKMP transform 14 against priority 65535 policy
Nov 2 07:52:08.585: ISAKMP: encryption DES-CBC
Nov 2 07:52:08.585: ISAKMP: hash MD5
Nov 2 07:52:08.585: ISAKMP: default group 2
Nov 2 07:52:08.585: ISAKMP: auth pre-share
Nov 2 07:52:08.585: ISAKMP: life type in seconds
Nov 2 07:52:08.585: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
Nov 2 07:52:08.585: ISAKMP:(0):Hash algorithm offered does not match policy!
Nov 2 07:52:08.585: ISAKMP:(0):atts are not acceptable. Next payload is 0
Nov 2 07:52:08.585: ISAKMP:(0):no offers accepted!
Nov 2 07:52:08.585: ISAKMP:(0): phase 1 SA policy not acceptable! (local 76.70.37.71 remote a.b.c.d)
Nov 2 07:52:08.585: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
Nov 2 07:52:08.585: ISAKMP:(0): sending packet to a.b.c.d my_port 500 peer_port 39302 (R) AG_NO_STATE
Nov 2 07:52:08.585: ISAKMP:(0):Sending an IKE IPv4 Packet.
Nov 2 07:52:08.585: ISAKMP:(0):peer does not do paranoid keepalives.
Nov 2 07:52:08.589: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer a.b.c.d)
Nov 2 07:52:08.589: ISAKMP:(0): processing KE payload. message ID = 0
Nov 2 07:52:08.589: ISAKMP:(0): group size changed! Should be 0, is 128
Nov 2 07:52:08.589: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission
Nov 2 07:52:08.589: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
Nov 2 07:52:08.589: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
Nov 2 07:52:08.589: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
Nov 2 07:52:08.589: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer a.b.c.d)
Nov 2 07:52:08.589: ISAKMP: Unlocking peer struct 0x83C01CD4 for isadb_mark_sa_deleted(), count 0
Nov 2 07:52:08.589: ISAKMP: Deleting peer node by peer_reap for a.b.c.d: 83C01CD4
Nov 2 07:52:08.589: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Nov 2 07:52:08.589: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
Answer : Problem: DMVPN and Remote Access
I found the error: the acl 111 was blocking
I permit ip non-isakmp and it starts working
thank you lrmoore for your proposed answer
Random Solutions
Problem: SMS errors 25001 and 1321with Office 2003
Problem: Ricoh copier scanner function issues
Problem: Target Mode: any way to find hidden volume?
Problem: How do you recover your Exchange Deleted Items when using an iPhone and IMAP?
Problem: Why are laptop processor speeds so SLOW?
Problem: Wireless Repeater or Access points
Problem: LCD screen has multi coloured lines running accross
Problem: Hp Pavillion does not power on and green light blinking on power supply.
Problem: Apple Macbook Flashing ? folder error
Problem: Test page fails to print