Cisco 837 - Juniper VPN

[ alex741 @ 05.05.2011. 11:45 ] @

Pokusavam da napravim VPN tunel sa mog Cisco 837 (Version 12.2(13)ZH4) ka Juniper ruteru u centrali, koji nije pod mojom kontrolom.
Vidim da oni komuniciraju i razmene key ali tunel ostane Down.
Probao sam da napravim tunel ka mom drugom Cisco 851 i to naravno radi bez problema.

Admin od Juniper-a mi je rekao da "disable sending the vendor ID" zbog ovoga iz isakmp debug log:
ISAKMP (0:1): constructed NAT-T vendor-03 ID
ISAKMP (0:1): constructed NAT-T vendor-02 ID
processing vendor id payload
vendor ID seems Unity/DPD but major 59 mismatch

Trazio sam svuda ali to nigde ne mogu da nadjem kako da uradim.

Da li neko ima iskustva sa Cisco/Juniper VPNom i da li neko zna kako da se "disable sending the vendor ID"?

Ovo je ceo isakmp debug log:
287: ISAKMP: received ke message (1/1)
287: ISAKMP (0:0): SA request profile is (NULL)
287: ISAKMP: local port 500, remote port 500
287: ISAKMP: set new node 0 to QM_IDLE
287: ISAKMP: insert sa successfully sa = 8151CF2C
287: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode.
291: ISAKMP: Looking for a matching key for xxx.xxx.xxx.xxx in default : success
291: ISAKMP (0:1): found peer pre-shared key matching xxx.xxx.xxx.xxx
291: ISAKMP (0:1): constructed NAT-T vendor-03 ID
291: ISAKMP (0:1): constructed NAT-T vendor-02 ID
291: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
291: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1
291: ISAKMP (0:1): beginning Main Mode exchange
291: ISAKMP (0:1): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE
379: ISAKMP (0:1): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_NO_STATE
379: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
379: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM2
379: ISAKMP (0:1): processing SA payload. message ID = 0
379: ISAKMP (0:1): processing vendor id payload
379: ISAKMP (0:1): vendor ID seems Unity/DPD but major 59 mismatch
383: ISAKMP (0:1): processing vendor id payload
383: ISAKMP (0:1): vendor ID is DPD
383: ISAKMP (0:1): processing vendor id payload
383: ISAKMP (0:1): vendor ID seems Unity/DPD but major 102 mismatch
383: ISAKMP: Looking for a matching key for xxx.xxx.xxx.xxx in default : success
383: ISAKMP (0:1): found peer pre-shared key matching xxx.xxx.xxx.xxx
383: ISAKMP (0:1) local preshared key found
383: ISAKMP : Scanning profiles for xauth ...
383: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 1 policy
387: ISAKMP: encryption 3DES-CBC
387: ISAKMP: hash SHA
387: ISAKMP: default group 2
387: ISAKMP: auth pre-share
387: ISAKMP: life type in seconds
387: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
387: ISAKMP (0:1): atts are acceptable. Next payload is 0
611: ISAKMP (0:1): processing vendor id payload
611: ISAKMP (0:1): vendor ID seems Unity/DPD but major 59 mismatch
611: ISAKMP (0:1): processing vendor id payload
615: ISAKMP (0:1): vendor ID is DPD
615: ISAKMP (0:1): processing vendor id payload
615: ISAKMP (0:1): vendor ID seems Unity/DPD but major 102 mismatch
615: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
615: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM2
619: ISAKMP (0:1): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_SA_SETUP
619: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
619: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM3
703: ISAKMP (0:1): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_SA_SETUP
703: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
703: ISAKMP (0:1): Old State = IKE_I_MM3 New State = IKE_I_MM4
707: ISAKMP (0:1): processing KE payload. message ID = 0
983: ISAKMP (0:1): processing NONCE payload. message ID = 0
983: ISAKMP: Looking for a matching key for xxx.xxx.xxx.xxx in default : success
983: ISAKMP (0:1): found peer pre-shared key matching xxx.xxx.xxx.xxx
987: ISAKMP (0:1): SKEYID state generated
987: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
987: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM4
003: ISAKMP (0:1): Send initial contact
003: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
003: ISAKMP (1): ID payload
next-payload : 8
type : 1
addr : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 8
003: ISAKMP (1): Total payload length: 12
007: ISAKMP (0:1): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_KEY_EXCH
007: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
007: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM5
087: ISAKMP (0:1): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_KEY_EXCH
095: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
095: ISAKMP (0:1): Old State = IKE_I_MM5 New State = IKE_I_MM6
095: ISAKMP (0:1): processing ID payload. message ID = 0
095: ISAKMP (0:1): processing HASH payload. message ID = 0
099: ISAKMP (0:1): SA has been authenticated with xxx.xxx.xxx.xxx
099: ISAKMP (0:1): peer matches *none* of the profiles
099: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
099: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_I_MM6
099: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
103: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
103: ISAKMP (0:1): beginning Quick Mode exchange, M-ID of -347920718
103: ISAKMP (0:1): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
103: ISAKMP (0:1): Node -347920718, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
107: ISAKMP (0:1): Old State = IKE_QM_READY New State = IKE_QM_I_QM1
107: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
107: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
187: ISAKMP (0:1): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
187: ISAKMP: set new node 2139258604 to QM_IDLE
195: ISAKMP (0:1): processing HASH payload. message ID = 2139258604
195: ISAKMP (0:1): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 1
spi 0, message ID = 2139258604, sa = 8151CF2C
195: ISAKMP (0:1): peer does not do paranoid keepalives.
195: ISAKMP (0:1): deleting SA reason "recevied fatal informational" state (I) QM_IDLE (peer xxx.xxx.xxx.xxx) input queue 0
195: ISAKMP (0:1): deleting node 2139258604 error FALSE reason "informational (in) state 1"
199: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
199: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
199: ISAKMP: set new node -1906347570 to QM_IDLE
199: ISAKMP (0:1): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
199: ISAKMP (0:1): purging node -1906347570
199: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
199: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
203: ISAKMP (0:1): deleting SA reason "" state (I) QM_IDLE (peer xxx.xxx.xxx.xxx) input queue 0
203: ISAKMP (0:1): deleting node -347920718 error FALSE reason ""
203: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
203: ISAKMP (0:1): Old State = IKE_DEST_SA New State = IKE_DEST_SA