We have had this less than adequate configuration at one of our client sites, for the past two years and starting today it just stopped working for no apparent reason.
I've doubled check settings on both ends, preshared key, 3des, sha, timeouts everything looks good.
This is the log of the router when it tries to connect.
IP address blocked out for obvious reasons.
Log on the BEFVP41
2007-09-18 11:35:08 IKE[1] Rx << MM_R2 : x.x.x.x KE, NONCE, VID, VID, VID, VID
2007-09-18 11:35:08 IKE[1] Tx >> MM_I3 : x.x.x.x ID, HASH
2007-09-18 11:35:28
2007-09-18 11:35:28 IKE[1] Tx >> MM_I1 : x.x.x.x SA
2007-09-18 11:35:29 IKE[1] Rx << MM_R1 : x.x.x.x SA
2007-09-18 11:35:29 IKE[1] ISAKMP SA CKI=[5a40875b 3b704bb2] CKR=[ef170ef 1fcd1f24]
2007-09-18 11:35:29 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 3600 sec (*3600 sec)
2007-09-18 11:35:29 IKE[1] Tx >> MM_I2 : x.x.x.x KE, NONCE
VPN Settings on the PIX
crypto ipsec transform-set mytrans esp-3des esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address crypto
crypto map mymap 10 set pfs group2
crypto map mymap 10 set peer x.x.x.x
crypto map mymap 10 set transform-set mytrans
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 3600
I'm really at a loss right now, i'm hoping another set of eyes might help me reveal somethign i've been overlooking.
EDIT: It just keeps repeating these steps, there are about 20 sequences of these in the log.
Thanks in advance.
I've doubled check settings on both ends, preshared key, 3des, sha, timeouts everything looks good.
This is the log of the router when it tries to connect.
IP address blocked out for obvious reasons.
Log on the BEFVP41
2007-09-18 11:35:08 IKE[1] Rx << MM_R2 : x.x.x.x KE, NONCE, VID, VID, VID, VID
2007-09-18 11:35:08 IKE[1] Tx >> MM_I3 : x.x.x.x ID, HASH
2007-09-18 11:35:28
2007-09-18 11:35:28 IKE[1] Tx >> MM_I1 : x.x.x.x SA
2007-09-18 11:35:29 IKE[1] Rx << MM_R1 : x.x.x.x SA
2007-09-18 11:35:29 IKE[1] ISAKMP SA CKI=[5a40875b 3b704bb2] CKR=[ef170ef 1fcd1f24]
2007-09-18 11:35:29 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 3600 sec (*3600 sec)
2007-09-18 11:35:29 IKE[1] Tx >> MM_I2 : x.x.x.x KE, NONCE
VPN Settings on the PIX
crypto ipsec transform-set mytrans esp-3des esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address crypto
crypto map mymap 10 set pfs group2
crypto map mymap 10 set peer x.x.x.x
crypto map mymap 10 set transform-set mytrans
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 3600
I'm really at a loss right now, i'm hoping another set of eyes might help me reveal somethign i've been overlooking.
EDIT: It just keeps repeating these steps, there are about 20 sequences of these in the log.
Thanks in advance.