<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial, sans-serif" size="2">
<div>I am using strongSwan version 4.5.2 running on Ubuntu (Amazon Cloud)</div>
<div>I want to connect a SoHo Cisco VPN Router to it.</div>
<div> </div>
<div>In the auth.log I see that STATE_MAIN_R3 is failing with following error:</div>
<div>ISAKMP Hash Payload has an unknown value</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>Here the strongSwan ipsec.conf:</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>config setup</div>
<div> plutodebug=control</div>
<div> nat_traversal=yes</div>
<div> charonstart=no</div>
<div> </div>
<div>conn %default</div>
<div> ike=3des-md5-modp1024!</div>
<div> esp=3des-md5-modp1024!</div>
<div> pfs=no</div>
<div> compress=no</div>
<div> ikelifetime=60m</div>
<div> keylife=20m</div>
<div> rekeymargin=3m</div>
<div> keyingtries=1</div>
<div> keyexchange=ikev1</div>
<div> authby=secret</div>
<div> </div>
<div>conn ikev1</div>
<div> left=172.31.1.112</div>
<div> leftsubnet=172.31.1.0/24</div>
<div> leftfirewall=yes</div>
<div> right=%any</div>
<div> rightsubnet=192.168.1.0/24</div>
<div> <a href="mailto:rightid=client@test.com"><font color="#0000FF"><u>rightid=client@test.com</u></font></a></div>
<div> auto=add</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>ipsec.secrets:</div>
<div>===============</div>
<div>172.31.1.112 %any : PSK "0000000000"</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>The auth.log File:</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: packet from 84.152.147.120:56421: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: packet from 84.152.147.120:56421: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | preparse_isakmp_policy: peer requests PSK authentication</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | instantiated "ikev1" for 80.111.147.120</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | creating state object #1 at 0x7faf12c52760</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | ICOOKIE: 37 03 6d c8 6e 59 15 77</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | RCOOKIE: 27 47 66 07 15 b4 3e 53</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | peer: 54 98 93 78</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state hash entry 20</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: "ikev1"[1] 80.111.147.120:56421 #1: responding to Main Mode from unknown peer 80.111.147.120:56421</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | next event EVENT_RETRANSMIT in 10 seconds for #1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: |</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | *received 220 bytes from 80.111.147.120:56421 on eth0</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | ICOOKIE: 37 03 6d c8 6e 59 15 77</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | RCOOKIE: 27 47 66 07 15 b4 3e 53</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | peer: 54 98 93 78</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state hash entry 20</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state object #1 found, in STATE_MAIN_R1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: "ikev1"[1] 80.111.147.120:56421 #1: NAT-Traversal: Result using RFC 3947: both are NATed</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | next event EVENT_RETRANSMIT in 10 seconds for #1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: |</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | *received 76 bytes from 80.111.147.120:56422 on eth0</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | ICOOKIE: 37 03 6d c8 6e 59 15 77</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | RCOOKIE: 27 47 66 07 15 b4 3e 53</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | peer: 54 98 93 78</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state hash entry 20</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state object #1 found, in STATE_MAIN_R2</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: "ikev1"[1] 80.111.147.120:56421 #1: Peer ID is ID_FQDN: 'client@test.com'</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | peer CA: %none</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | current connection is a full match -- no need to look further</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | offered CA: %none</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | NAT-T: new mapping 80.111.147.120:56421/56422)</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | inserting event EVENT_SA_REPLACE, timeout in 3510 seconds for #1</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: "ikev1"[1] 80.111.147.120:56422 #1: sent MR3, ISAKMP SA established</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: |</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | *received 60 bytes from 80.111.147.120:56422 on eth0</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | ICOOKIE: 37 03 6d c8 6e 59 15 77</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | RCOOKIE: 27 47 66 07 15 b4 3e 53</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | peer: 54 98 93 78</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state hash entry 20</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | state object #1 found, in STATE_MAIN_R3</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: "ikev1"[1] 80.111.147.120:56422 #1: next payload type of ISAKMP Hash Payload has an unknown value: 128</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: "ikev1"[1] 80.111.147.120:56422 #1: malformed payload in packet</div>
<div>Oct 25 11:49:10 ip-172-31-1-112 pluto[26918]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>The configuration of the Cisco Router you can see here:</div>
<div><font face="Calibri, sans-serif" size="2"><a href="http://www.image-share.com/ijpg-2316-278.html"><font face="Arial, sans-serif" size="2" color="#0000FF"><u>http://www.image-share.com/ijpg-2316-278.html</u></font></a></font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>Unfortunately there is no log of the Cisco router available.</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>Thx for helping!</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>Mit freundlichen Grüßen / Best regards</div>
<div> </div>
<div><b>Tobias Gruber </b></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div>Tel. +49(89)6290-1690</div>
<div>PC-Fax +49(711)811-5121690</div>
<div> </div>
<div><font size="3"><b>Be</b><font color="#FF0000"><b>QIK</b></font></font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
</font>
</body>
</html>