VPN Cisco client
Jan Spatka
J.Spatka at dhi.cz
Wed Jan 7 11:13:51 CET 2009
Toho jsem se trochu bal, ze muj klient nenabizi to co potrebuje server. Kazdopadne nejsem schopen zmenit požadavky serveru a tedy musim zkusit jineho klienta. Nemate někdo nejaky tip kam se podivat?
Honza
-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz] On Behalf Of Tibor Marchyn
Sent: Tuesday, January 06, 2009 5:40 PM
To: FreeBSD mailing list
Subject: RE: VPN Cisco client
No tie hlasky ktore su tam napisane by mohli byt aj pravda ;)
Pokial je v danej firme v Group Policy pre dany connection profile dane, ze je pozadovany firewall, alebo ze je zapnuta IP kompresia tak to fakt nemusi chodit.
Kazdopadne:
"quick mode response rejected: (ISAKMP_N_INVALID_MESSAGE_ID)(9) this means the concentrator did not like what we had to offer."
Znamena ze vpn server ta sice overil, ale tvoj klient neponuka take sluzby ake vpn server ma v gproup policy nakonfigurovane.
-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz] On Behalf Of Jan Spatka
Sent: Tuesday, January 06, 2009 12:13 PM
To: FreeBSD mailing list
Subject: RE: VPN Cisco client
Stále nic :(
Prevedl jsem svůj funkcni (ve windows funkcni) PCF file pomoci pcf2vpnc a když jsem spustil vpnc vratila se mi tto hlaska:
bsd# /usr/local/sbin/vpnc
add host X.X.X.X: gateway X.X.X.X
delete net default
add net default: gateway X.X.X.X
quick mode response rejected: (ISAKMP_N_INVALID_MESSAGE_ID)(9)
this means the concentrator did not like what we had to offer.
Possible reasons are:
* concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround (yet).
* concentrator configured to require IP compression
this is not yet supported by vpnc.
Note: the Cisco Concentrator Documentation recommends against using
compression, expect on low-bandwith (read: ISDN) links, because it
uses much CPU-resources on the concentrator
A jsem zase tam co jsem byl.
Honza
-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz] On Behalf Of Tomas Zajpt
Sent: Tuesday, January 06, 2009 11:44 AM
To: FreeBSD mailing list
Subject: Re: VPN Cisco client
Doporucuju pro konfigurak pouzit pcf2vpnc a fungujici pcf profil. Vse
mi pak fungovalo bez problemu a nikdy jsem do toho konfiguraku nemusel
sahat rucne.
T.
2009/1/6 Jan Spatka <J.Spatka at dhi.cz>:
> Podle reakce jsem se tedy vydal cestou VPNC, ale stále narazim na průkazky, které nedokazu odstranit.
>
> Provozuji
> Freebsd 7.1
> Vpnc 0_5_1.6
>
> Sestavil jsem si vpnc.conf podle udaju, které mam pro prihlasovani do VPN site a narazil jsem na nasledujici problémy:
>
> Pokud pouzivam:
> IKE Authmode hybrid
>
> Tak dostavam tuto hlasku:
> Response was invalid [1]: (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
>
>
> Pokud pouzivam:
> IKE Authmode psk
>
> Tak dostavam tuto hlasku:
> Quit mode response rejected: (ISAKMP_N_INVALID_MESSAGE_ID)(9)
>
>
> Nesetkali jste se stim uz někdo - pripadne jak jste to vyresili. Google mi zatím nepomohl :(
>
> Honza
>
>
> -----Original Message-----
> From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz] On Behalf Of Juraj Lutter
> Sent: Saturday, January 03, 2009 7:29 PM
> To: FreeBSD mailing list
> Subject: Re: VPN Cisco client
>
> Dan Lukes wrote:
>> kyli at email.cz napsal/wrote, On 12/30/08 16:38:
>>>> ssh session zila, ale nova pripojeni neslo navazat
>>
>>> Podle mne je problem v nastaveni koncentratoru, kde pri delsi
>>> neaktivite (urcite nastavitelny parametr) uzavre tunel.
>>> VK
>>
>> To by ale prestalo fungoval i jiz navazane spojeni, ne ?
>
>
> Trackujem svn verziu vpnc a v latest release to je fixnute (bol to
> problem s Dead Peer Detection), teraz vpnc v pohode prezije aj celu noc.
>
> --
> Juraj Lutter | /\ ASCII Ribbon Campaign
> otis (at) wilbury (dot) sk | \/ - NO HTML/RTF in e-mail
> http://www.wilbury.sk/ | /\ - NO Word docs in e-mail
> JID: otis (at) jabber (dot) vx (dot) sk
> !07/11 PDP a ni deppart m'I !pleH
> --
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l
>
>
>
> --
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l
>
--
S pozdravem Tomas
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
More information about the Users-l
mailing list