VPN na omrežju T-2

[porast]

Naredil sem loga za zagon VPN preko SiOL in T-2 na istem računalniku z enakim dostopom do interneta (mrežna kartica, kabel, modem ADSL pri SiOL oz. VDSL pri T-2) in dobil naslednje:

- LOG USPEŠNEGA ZAGONA PREKO SiOL

Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1 13:11:52.937 09/22/08 Sev=Info/6 GUI/0x63B00013
Wrote CertSerialHash value for profile SHA_PARIS_PKI_STD. CertName: cn=Franc KOSICEK L9999999,2.5.4.45=#xxxxxxxxxxxxxxxxxxxx,ou=TOTAL AUTHENTIFICATION INTERNE,o=TOTAL,c=FR

2 13:11:53.156 09/22/08 Sev=Info/4 CERT/0x63600013
Cert (cn=Franc KOSICEK L9999999,2.5.4.45=#xxxxxxxxxxxxxxxxxxxx,ou=TOTAL AUTHENTIFICATION INTERNE,o=TOTAL,c=FR) verification succeeded.

3 13:11:53.187 09/22/08 Sev=Info/4 CM/0x63100002
Begin connection process

4 13:11:53.343 09/22/08 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

5 13:11:53.343 09/22/08 Sev=Info/4 CM/0x63100024
Attempt connection with server "vpn02.par.totalfinaelf.net"

6 13:11:53.390 09/22/08 Sev=Info/4 CM/0x6310001D
Unable to resolve server address "vpn02.par.totalfinaelf.net"

7 13:11:53.390 09/22/08 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

8 13:11:53.687 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

9 13:11:54.312 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

10 13:11:54.453 09/22/08 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

11 13:11:54.453 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

12 13:11:54.453 09/22/08 Sev=Info/6 IPSEC/0x6370002B
Sent 4 packets, 0 were fragmented.

13 13:11:54.453 09/22/08 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (192.168.1.5)

14 13:11:54.453 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

15 13:11:54.453 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

16 13:11:54.453 09/22/08 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

17 13:11:54.984 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

18 13:11:55.671 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

19 13:11:56.296 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

20 13:11:56.875 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

21 13:11:57.546 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

22 13:11:58.140 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

23 13:11:58.906 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

24 13:11:59.531 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

25 13:12:00.125 09/22/08 Sev=Info/4 CLI/0x63900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

==========================================================================================
- LOG NEUSPEŠNEGA ZAGONA PREKO T-2

Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1 13:14:05.953 09/22/08 Sev=Info/6 GUI/0x63B00013
Wrote CertSerialHash value for profile SHA_PARIS_PKI_STD. CertName: cn=Franc KOSICEK L9999999,2.5.4.45=#xxxxxxxxxxxxxxxxxxxx,ou=TOTAL AUTHENTIFICATION INTERNE,o=TOTAL,c=FR

2 13:14:06.078 09/22/08 Sev=Info/4 CERT/0x63600013
Cert (cn=Franc KOSICEK L9999999,2.5.4.45=#xxxxxxxxxxxxxxxxxxxx,ou=TOTAL AUTHENTIFICATION INTERNE,o=TOTAL,c=FR) verification succeeded.

3 13:14:06.078 09/22/08 Sev=Info/4 CM/0x63100002
Begin connection process

4 13:14:06.093 09/22/08 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

5 13:14:06.109 09/22/08 Sev=Info/4 CM/0x63100024
Attempt connection with server "vpn02.par.totalfinaelf.net"

6 13:14:06.109 09/22/08 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 141.227.1.18.

7 13:14:07.281 09/22/08 Sev=Info/4 CERT/0x63600013
Cert (cn=Franc KOSICEK L9999999,2.5.4.45=#xxxxxxxxxxxxxxxxxxxx,ou=TOTAL AUTHENTIFICATION INTERNE,o=TOTAL,c=FR) verification succeeded.

8 13:14:07.281 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 141.227.1.18

9 13:14:07.281 09/22/08 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

10 13:14:07.281 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

11 13:14:07.359 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

12 13:14:07.359 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (SA, VID(Nat-T), VID(Frag)) from 141.227.1.18

13 13:14:07.359 09/22/08 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T

14 13:14:07.359 09/22/08 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads

15 13:14:07.359 09/22/08 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful

16 13:14:07.359 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (KE, NON, NAT-D, NAT-D, VID(?), VID(Unity)) to 141.227.1.18

17 13:14:07.468 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

18 13:14:07.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from 141.227.1.18

19 13:14:07.468 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

20 13:14:07.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from 141.227.1.18

21 13:14:07.468 09/22/08 Sev=Info/5 IKE/0x63000073
All fragments received.

22 13:14:07.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (KE, NON, CERT_REQ, CERT_REQ, CERT_REQ, CERT_REQ, VID(Unity), VID(Xauth), VID(?), VID(?), NAT-D, NAT-D) from 141.227.1.18

23 13:14:07.468 09/22/08 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer

24 13:14:07.468 09/22/08 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH

25 13:14:07.468 09/22/08 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text

26 13:14:12.796 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_INITIAL_CONTACT) to 141.227.1.18

27 13:14:15.468 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

28 13:14:15.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from 141.227.1.18

29 13:14:15.468 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

30 13:14:15.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from 141.227.1.18

31 13:14:15.468 09/22/08 Sev=Info/5 IKE/0x63000073
All fragments received.

32 13:14:15.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (Retransmission) from 141.227.1.18

33 13:14:15.468 09/22/08 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

34 13:14:15.468 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to 141.227.1.18

35 13:14:20.468 09/22/08 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

36 13:14:20.468 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to 141.227.1.18

37 13:14:23.468 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

38 13:14:23.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from 141.227.1.18

39 13:14:23.468 09/22/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 141.227.1.18

40 13:14:23.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from 141.227.1.18

41 13:14:23.468 09/22/08 Sev=Info/5 IKE/0x63000073
All fragments received.

42 13:14:23.468 09/22/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (Retransmission) from 141.227.1.18

43 13:14:23.468 09/22/08 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

44 13:14:23.468 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to 141.227.1.18

45 13:14:28.468 09/22/08 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=0D5CD546C82342C7 R_Cookie=726920292889E7C1) reason = DEL_REASON_PEER_NOT_RESPONDING

46 13:14:28.468 09/22/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 141.227.1.18

47 13:14:28.968 09/22/08 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=0D5CD546C82342C7 R_Cookie=726920292889E7C1) reason = DEL_REASON_PEER_NOT_RESPONDING

48 13:14:28.968 09/22/08 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "vpn02.par.totalfinaelf.net" because of "DEL_REASON_PEER_NOT_RESPONDING"

49 13:14:28.968 09/22/08 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

50 13:14:28.984 09/22/08 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

51 13:14:28.984 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

52 13:14:28.984 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

53 13:14:28.984 09/22/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

54 13:14:28.984 09/22/08 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

[dal]

Kaj imaš nastavljeno v lastnostih povezave pod "Transport"? Prepiši si trenutne nastavitve in poizkusi dodati kljukico pri "Enable Transparent Tunneling", "IPSec over TCP", TCP Port pa pustiš na 10000. Shraniš s "Save" in poizkusiš.

Ali se je karkoli drugega spremenilo (mrežna kartica, router, ...)? Si kaj spreminjal vrednost MTU?

[porast]

V Cisco VPN Clientu imam pod "Transport" okljukano "Enable Transparent Tuneling" in v okviru tega izbrano "IPSec over UDP (NAT / PAT)", "IPSec over TPC" ni izbran in TCP Port je nastavljen na 10000 in sivo označen. Vse te nastavitve sem prejel s strani TOTALA in jih nikoli nisem spreminjal ali kakorkoli posegal v njih.

Če nastavitev spremenim tako da vključim "IPSec over TPC", se VPN tunel ne vzpostavi in dobim sporočilo:

Secure VPN connection terminated locally by the Client.
Reason 414: Failed to establish a TPC connection.

Med priklopom na SiOl in priklopom na T-2 nisem na računalniku izvedel nobenih sprememb v nastavitvah. V primeru SiOL priklopa sem se priključil direktno na ADSL modem, v primeru T-2 priklopa pa sem se priklopil direktno na njihov VDSL modem in izvedel VPN priključitev. Postopka sta v obeh primerih identična.