Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Other Astaro Products > Astaro Secure Client (ASC)
Reload this Page ASC could not connect to ASG - need assistance
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-04-2007, 02:24 PM
Senior Member
  
Join Date: Jun 2004
Location: Kahl, Bavaria, Germany
Posts: 148
Smile ASC could not connect to ASG - need assistance
Dear all,
i follow up the explanation of the document in the knowledgebase (Astaro Secure Client X.509 Roadwarrior How-To)

This was not working for me ;-(

The Astaro-Firewall(6.311) got a static IP and at home i am using dsl with dynamic IP and a Linksys-router wrt54g, WinXP SP2 and ASC 8.21(108).

I created everything as described. Exported and imported everything to the Windowsclient. The Client is starting but no connection comes up.

PLEASE give me a hint - i created the certificates etc. but nothing is working.

Errormessages:
Astaro 6.311 IPSec Logfile



2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: ignoring unknown Vendor ID payload [da8e937880010000]

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [XAUTH]

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 108

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [RFC 3947] method set to=109

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [Dead Peer Detection]

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: ignoring unknown Vendor ID payload [101fb0b35c5a4f4c08b919f1cf53c96a]

2007:09:04-13:46:05 (none) pluto[6281]: packet from 217.95.218.72:500: received Vendor ID payload [Cisco-Unity]

2007:09:04-13:46:05 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: responding to Main Mode from unknown peer 217.95.218.72

2007:09:04-13:46:05 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

2007:09:04-13:46:05 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: STATE_MAIN_R1: sent MR1, expecting MI2

2007:09:04-13:46:05 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: NAT-Traversal: Result using 3: peer is NATed

2007:09:04-13:46:05 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

2007:09:04-13:46:05 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: STATE_MAIN_R2: sent MR2, expecting MI3

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Main mode peer ID is ID_DER_ASN1_DN: 'C=de, ST=Bayern, L=Alzenau, O=EASi, OU=EDV, CN=krischeu, E=heinz.krischeu@carhs.de'

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: no crl from issuer "C=de, ST=Bayern, L=Alzenau, O=EASi, OU=EDV, CN=AstaroAlzenauRootCAcert, E=heinz.krischeu@easi.de" found (strict=no)

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: I am sending my cert

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

2007:09:04-13:46:06 (none) pluto[6281]: | NAT-T: new mapping 217.95.218.72:500/4500)

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_md5 group=modp1536}

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Dead Peer Detection (RFC 3706): enabled

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Virtual IP 10.168.23.1/32 is already used by '195.135.152.190'

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Your ID is 'C=de, ST=Bayern, L=Alzenau, O=EASi, OU=EDV, CN=krischeu, E=heinz.krischeu@carhs.de'

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Virtual IP 10.168.23.1/32 is already used by '195.135.152.190'

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Your ID is 'C=de, ST=Bayern, L=Alzenau, O=EASi, OU=EDV, CN=krischeu, E=heinz.krischeu@carhs.de'

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: cannot respond to IPsec SA request because no connection is known for 192.168.0.0/24===195.30.37.65[C=de, ST=Bayern, L=Alzenau, O=EASi, OU=EDV, CN=ASGAlzenauHostCSR, E=heinz.krischeu@easi.de]...217.95.218.72[C=de, ST=Bayern, L=Alzenau, O=EASi, OU=EDV, CN=krischeu, E=heinz.krischeu@carhs.de]===10.168.23.1/32

2007:09:04-13:46:06 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: sending encrypted notification INVALID_ID_INFORMATION to 217.95.218.72:4500

2007:09:04-13:46:09 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xbba167e5 (perhaps this is a duplicated packet)

2007:09:04-13:46:09 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: sending encrypted notification INVALID_MESSAGE_ID to 217.95.218.72:4500

2007:09:04-13:46:12 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xbba167e5 (perhaps this is a duplicated packet)

2007:09:04-13:46:12 (none) pluto[6281]: "D_krischeu_0"[2] 217.95.218.72 #12644: sending encrypted notification INVALID_MESSAGE_ID to 217.95.218.72:4500









NCP – Astaro Secure Client 8.21



04.09.2007 13:21:53 IPSDIALCHAN::start building connection

04.09.2007 13:21:57 IPSDIALCHAN::start building connection

04.09.2007 13:21:57 NCPIKE-phase1:name(krischeu) - outgoing connect request - main mode.

04.09.2007 13:21:57 XMIT_MSG1_MAIN - krischeu

04.09.2007 13:21:57 RECV_MSG2_MAIN - krischeu

04.09.2007 13:21:57 IPSDIAL->FINAL_TUNNEL_ENDPOINT:195.030.037.065

04.09.2007 13:21:57 IKE phase I: Setting LifeTime to 7800 seconds

04.09.2007 13:21:57 krischeu ->Support for NAT-T version - 9

04.09.2007 13:21:57 XMIT_MSG3_MAIN - krischeu

04.09.2007 13:21:58 RECV_MSG4_MAIN - krischeu

04.09.2007 13:21:58 Turning on NATD mode - krischeu - 1

04.09.2007 13:21:58 XMIT_MSG5_MAIN - krischeu

04.09.2007 13:21:58 XMIT_MSG5_MAIN_RESUME - krischeu

04.09.2007 13:21:58 RECV_MSG6_MAIN - krischeu

04.09.2007 13:21:59 RECV_MSG6_MAIN_RESUME - krischeu

04.09.2007 13:21:59 Turning on DPD mode - krischeu

04.09.2007 13:21:59 NCPIKE-phase1:name(krischeu) - connected

04.09.2007 13:21:59 XMIT_MSG1_QUICK - krischeu

04.09.2007 13:21:59 NOTIFY : krischeu : RECEIVED : INVALID_ID_INFORMATION

04.09.2007 13:22:01 NOTIFY : krischeu : RECEIVED : INVALID_MESSAGE_ID

04.09.2007 13:22:04 NOTIFY : krischeu : RECEIVED : INVALID_MESSAGE_ID

04.09.2007 13:22:07 NOTIFY : krischeu : RECEIVED : INVALID_MESSAGE_ID

04.09.2007 13:22:10 NCPIKE-phase2:name(krischeu) - error - retry timeout - max retries

04.09.2007 13:22:10 IPSDIAL - disconnected from krischeu on channel 1.
__________________
Heinz Krischeu
Portenstrasse 14
63796 Kahl
_____________________________
3 ASG 7.011, x509-DN-certificates, RSA-Certificate
Core2Duo, 1GB RAM, 80 GB SATA HDD
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 02:32 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.