Wie schaffe ich es ohne die vereinfachte Einwahl mit Zertifikaten eine VPN-Verbindung (mit Zertifikaten) erfolgreich aufzubauen und/oder warum verwandelt der Lancom-Router die Bezeichnung der Gegenstelle?
Tracelog des 1722:
Code: Alles auswählen
[VPN-Status] 2012/03/29 02:39:15,270
IKE info: The remote server xxx.xxx.xxx.xxx:45579 (UDP) peer def-main-peer id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote peer def-main-peer supports NAT-T in draft mode
IKE info: The remote peer def-main-peer supports NAT-T in draft mode
IKE info: The remote peer def-main-peer supports NAT-T in RFC mode
IKE info: The remote server xxx.xxx.xxx.xxx:45579 (UDP) peer def-main-peer id <no_id> negotiated rfc-3706-dead-peer-detection
IKE info: The remote client xxx.xxx.xxx.xxx:45579 (UDP) peer def-main-peer id <no_id> is NCP LANCOM Serial Number Protocol 1.0 with serial number 0
[VPN-Status] 2012/03/29 02:39:15,270
IKE info: Phase-1 remote proposal 1 for peer def-main-peer matched with local proposal 1
[VPN-Status] 2012/03/29 02:39:16,230
IKE info: Phase-1 [responder] got INITIAL-CONTACT from peer def-main-peer (xxx.xxx.xxx.xxx)
[VPN-Status] 2012/03/29 02:39:16,250
IKE info: Set local ID to </CN=DEVICE>
[VPN-Status] 2012/03/29 02:39:16,500
IKE info: Phase-1 [responder] for peer def-main-peer between initiator id CN=NOTEBOOK, responder id CN=DEVICE done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is behind a nat
IKE info: SA ISAKMP for peer def-main-peer encryption aes-cbc authentication md5
IKE info: life time ( 28800 sec/ 0 kb)
[VPN-Status] 2012/03/29 02:39:16,500
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer def-main-peer set to 25920 seconds (Responder)
[VPN-Status] 2012/03/29 02:39:16,500
IKE info: Phase-1 SA Timeout (Hard-Event) for peer def-main-peer set to 28800 seconds (Responder)
[VPN-Status] 2012/03/29 02:39:16,790
IKE info: IKE-CFG: Received REQUEST message with id 0 from peer def-main-peer
IKE info: IKE-CFG: Attribute INTERNAL_IP4_ADDRESS len 0 value (none) received
IKE info: IKE-CFG: Attribute INTERNAL_IP4_DNS len 0 value (none) received
IKE info: IKE-CFG: Attribute INTERNAL_IP4_NBNS len 0 value (none) received
IKE info: IKE-CFG: Attribute APPLICATION_VERSION len 42 value Cisco Systems VPN Client 5.0.03.0560:WinNT received
IKE info: IKE-CFG: Attribute <Unknown 20002> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28672> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28673> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28674> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28675> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28676> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28678> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28679> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28680> len 12 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28681> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 20003> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 20004> len 0 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 28682> len 11 is private -> ignore
IKE info: IKE-CFG: Attribute <Unknown 20005> len 11 is private -> ignore
[VPN-Status] 2012/03/29 02:39:16,790
IKE info: IKE-CFG: Creating REPLY message with id 0 for peer def-main-peer
IKE info: IKE-CFG: Attribute APPLICATION_VERSION len 0 skipped
IKE info: IKE-CFG: Attribute INTERNAL_IP4_NBNS len 0 skipped
IKE info: IKE-CFG: Attribute INTERNAL_IP4_DNS len 0 skipped
IKE info: IKE-CFG: Attribute INTERNAL_IP4_ADDRESS len 0 skipped
IKE info: IKE-CFG: Sending message
[VPN-Status] 2012/03/29 02:39:17,090
IKE info: Phase-2 failed for peer def-main-peer: no rule matches the phase-2 ids 0.0.0.0 <-> 0.0.0.0/0.0.0.0
IKE log: 023917.000000 Default message_negotiate_sa: no compatible proposal found
IKE log: 023917.000000 Default dropped message from xxx.xxx.xxx.xxx port 4294959821 due to notification type NO_PROPOSAL_CHOSEN
IKE info: dropped message from peer def-main-peer xxx.xxx.xxx.xxx port 4294959821 due to notification type NO_PROPOSAL_CHOSEN
Code: Alles auswählen
29.03.2012 02:39:16 IPSec: Start building connection
29.03.2012 02:39:16 IpsDial: Generate available provider links - media available is = 2202
29.03.2012 02:39:16 IpsDial: Created the following list of provider links:
29.03.2012 02:39:16 IPSec: DNSREQ: resolving GW=<gateway.url.de> over lan:
29.03.2012 02:39:16 IPSec: DNSREQ: resolved ipadr: xxx.xxx.xxx.xxx
29.03.2012 02:39:17 Ike: Opening connection in PATHFINDER mode : VPN-Connection
29.03.2012 02:39:17 Ike: Outgoing connect request MAIN mode - gateway=xxx.xxx.xxx.xxx : VPN-Connection
29.03.2012 02:39:17 Ike: XMIT_MSG1_MAIN - VPN-Connection
29.03.2012 02:39:17 Ike: RECV_MSG2_MAIN - VPN-Connection
29.03.2012 02:39:17 Ike: IKE phase I: Setting LifeTime to 28800 seconds
29.03.2012 02:39:17 Ike: IkeSa negotiated with the following properties -
29.03.2012 02:39:17 Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=2,KeyLen=128
29.03.2012 02:39:17 IPSec: Final Tunnel EndPoint is:xxx.xxx.xxx.xxx
29.03.2012 02:39:17 Ike: VPN-Connection ->Support for NAT-T version - 9
29.03.2012 02:39:17 Ike: XMIT_MSG3_MAIN - VPN-Connection
29.03.2012 02:39:17 Ike: RECV_MSG4_MAIN - VPN-Connection
29.03.2012 02:39:17 Ike: Turning on NATD mode - VPN-Connection - 1
29.03.2012 02:39:17 Ike: XMIT_MSG5_MAIN - VPN-Connection
29.03.2012 02:39:17 MONITOR: LinkType change 21 -> 8
29.03.2012 02:39:18 Ike: XMIT_MSG5_MAIN_RESUME - VPN-Connection
29.03.2012 02:39:18 Ike: RECV_MSG6_MAIN - VPN-Connection
29.03.2012 02:39:18 Ike: RECV_MSG6_MAIN_RESUME - VPN-Connection
29.03.2012 02:39:18 Ike: IkeSa negotiated with the following properties -
29.03.2012 02:39:18 Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=2,KeyLen=128
29.03.2012 02:39:18 Ike: Turning on DPD mode - VPN-Connection
29.03.2012 02:39:18 Ike: phase1:name(VPN-Connection) - connected
29.03.2012 02:39:18 SUCCESS: IKE phase 1 ready
29.03.2012 02:39:18 IkeCfg: XMIT_IKECFG_REQUEST - VPN-Connection
29.03.2012 02:39:18 IPSec: Phase1 is Ready,AdapterIndex=206,IkeIndex=92,LocTepIpAdr=xx.xx.xx.xx,AltRekey=1
29.03.2012 02:39:18 IkeCfg: RECV_IKECFG_REPLY - VPN-Connection
29.03.2012 02:39:18 IkeCfg: name <VPN-Connection> - enter state open
29.03.2012 02:39:18 SUCCESS: IkeCfg ready
29.03.2012 02:39:18 IPSec: Quick Mode is Ready: IkeIndex = 0000005c , VpnSrcPort = 10954
29.03.2012 02:39:18 IPSec: Assigned IP Address: 0.0.0.0
29.03.2012 02:39:18 IkeQuick: XMIT_MSG1_QUICK - VPN-Connection
29.03.2012 02:39:19 Ike: NOTIFY : VPN-Connection : RECEIVED : NO_PROPOSAL_CHOSEN : 14
29.03.2012 02:39:24 Ike: NOTIFY : VPN-Connection : RECEIVED : NO_PROPOSAL_CHOSEN : 14
29.03.2012 02:39:30 Ike: NOTIFY : VPN-Connection : RECEIVED : NO_PROPOSAL_CHOSEN : 14
29.03.2012 02:39:36 Ike: NOTIFY : VPN-Connection : RECEIVED : NO_PROPOSAL_CHOSEN : 14
29.03.2012 02:39:37 IkeQuick: phase2:name(VPN-Connection) - error - cleared by phase1
29.03.2012 02:39:37 ERROR - 4037: IKE(phase2):Waiting for message2, cleared by phase1 - VPN-Connection.