Hello,
I have an issue connecting to the voice racks, the setup is via the layer 2 vpn guide in the rack rental guide, I have pasted in everything to ensure I havn't missed anything and I am pulling my hair out as I can't seem to get it work. I have had it working previously but since I have come back from the bootcamp i can't seem to find where my issue is.
I have included the relevent debugs below if someone can help I will be eternally grateful, from all the debugging I have done so far seems to point to an IKE phase 1 mis-match, the router is configured as per defualts however and there is no mention of there needing to be any special profiles created to connect up. Here we go....
show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8
Tunnel name : INEVORACK
Inside interface list: FastEthernet0/1.102, Loopback0
Outside interface: FastEthernet0/1.999
Current State: READY
Last Event: CONN_DOWN
Save Password: Disallowed
Current EzVPN Peer: 75.140.41.126
RTR_CME#show l2tun
%No active L2TP tunnels
#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
75.140.41.126 82.8.21.99 AG_INIT_EXCH 0 ACTIVE
75.140.41.126 82.8.21.99 MM_NO_STATE 0 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
RTR_CME#show crypto ipsec sa
No SAs found
*Nov 4 15:21:50.954: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) AG_INIT_EXCH (peer 75.140.41.126)
*Nov 4 15:21:50.954: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=voracktest Client_public_addr=82.8.21.99 Server_public_addr=75.140.41.126
*Nov 4 15:21:50.954: ISAKMP:isadb_key_addr_delete: no key for address 75.140.41.126 (NULL root)
*Nov 4 15:21:50.954: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) AG_INIT_EXCH (peer 75.140.41.126)
*Nov 4 15:21:50.954: ISAKMP: Unlocking peer struct 0x4C5BF3D4 for isadb_mark_sa_deleted(), count 0
*Nov 4 15:21:50.954: ISAKMP: Deleting peer node by peer_reap for 75.140.41.126: 4C5BF3D4
*Nov 4 15:21:50.954: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Nov 4 15:21:50.954: ISAKMP:(0):Old State = IKE_I_AM1 New State = IKE_DEST_SA
*Nov 4 15:21:50.958: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Nov 4 15:21:52.858: del_node src 82.8.21.99:500 dst 75.140.41.126:500 fvrf 0x0, ivrf 0x0
*Nov 4 15:21:52.858: ISAKMP:(0):peer does not do paranoid keepalives.
*Nov 4 15:21:52.858: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Nov 4 15:21:52.858: ISAKMP:(0): SA request profile is (NULL)
*Nov 4 15:21:52.858: ISAKMP: Created a peer struct for 75.140.41.126, peer port 500
*Nov 4 15:21:52.858: ISAKMP: New peer created peer = 0x4C5137E8 peer_handle = 0x80003910
*Nov 4 15:21:52.858: ISAKMP: Locking peer struct 0x4C5137E8, refcount 1 for isakmp_initiator
*Nov 4 15:21:52.858: ISAKMP:(0):Setting client config settings 4C5BF3D4
*Nov 4 15:21:52.858: ISAKMP: local port 500, remote port 500
*Nov 4 15:21:52.858: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 4C5BE5D4
*Nov 4 15:21:52.862: ISAKMP:(0): client mode configured.
*Nov 4 15:21:52.862: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Nov 4 15:21:52.862: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Nov 4 15:21:52.862: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Nov 4 15:21:52.862: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Nov 4 15:21:52.902: ISKAMP: growing send buffer from 1024 to 3072
*Nov 4 15:21:52.902: ISAKMP:(0):SA is doing pre-shared key authentication plus XAUTH using id type ID_KEY_ID
*Nov 4 15:21:52.902: ISAKMP (0): ID payload
next-payload : 13
type : 11
group id : voracktest
protocol : 17
port : 0
length : 18
*Nov 4 15:21:52.902: ISAKMP:(0):Total payload length: 18
*Nov 4 15:21:52.902: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
*Nov 4 15:21:52.902: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_AM1
*Nov 4 15:21:52.902: ISAKMP:(0): beginning Aggressive Mode exchange
*Nov 4 15:21:52.902: ISAKMP:(0): sending packet to 75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH
*Nov 4 15:21:52.902: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 4 15:21:53.098: ISAKMP (0): received packet from 75.140.41.126 dport 500 sport 500 Global (I) AG_INIT_EXCH
*Nov 4 15:21:53.102: ISAKMP:(0):Notify has no hash. Rejected.
*Nov 4 15:21:53.102: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_AM1
*Nov 4 15:21:53.102: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Nov 4 15:21:53.102: ISAKMP:(0):Old State = IKE_I_AM1 New State = IKE_I_AM1
*Nov 4 15:21:53.102: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 75.140.41.126
*Nov 4 15:22:02.902: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
*Nov 4 15:22:02.902: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Nov 4 15:22:02.902: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
*Nov 4 15:22:02.902: ISAKMP:(0): sending packet to 75.140.41.126 my_port 500 peer_port 500 (I) AG_INIT_EXCH
*Nov 4 15:22:02.902: ISAKMP:(0):Sending an IKE IPv4 Packet.
RTR_CME#sho ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM up up
FastEthernet0/1.1 172.16.20.254 YES NVRAM up up
FastEthernet0/1.2 10.1.1.254 YES manual up up
FastEthernet0/1.3 172.16.1.254 YES NVRAM up up
FastEthernet0/1.4 10.254.254.254 YES NVRAM up up
FastEthernet0/1.5 unassigned YES unset up up
FastEthernet0/1.6 192.168.120.254 YES NVRAM up up
FastEthernet0/1.102 192.168.10.1 YES NVRAM up up << INSIDE LAB NETWORK
FastEthernet0/1.999 82.8.21.99 YES DHCP up up << OUTSIDE ADDRESS OBTAINED BY DHCP
NVI0 177.177.177.1 YES unset up up
SSLVPN-VIF0 unassigned NO TFTP up up
Virtual-Access1 unassigned YES unset down down
Virtual-Template1 unassigned NO TFTP down down
Loopback0 177.177.177.1 YES NVRAM up up