Interpreting IPsec Oakley log

  • Thread starter Thread starter utopian201
  • Start date Start date
U

utopian201

Hi
I am trying to get Windows XP SP3 to log into an IPsec VPN. XP is the
initiator, the peer is a router. I have attached the quick mode section of
the Oakley log below:
4-08: 16:37:48:265:e6c MM established. SA: 014F6D40
4-08: 16:37:48:265:e6c QM PolicyName: L2TP Optional Encryption Quick Mode
Policy dwFlags 0
4-08: 16:37:48:265:e6c QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[0] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
4-08: 16:37:48:265:e6c QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[1] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
4-08: 16:37:48:265:e6c QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[2] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: SHA
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
4-08: 16:37:48:265:e6c QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[3] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: MD5
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
4-08: 16:37:48:265:e6c QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[4] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: SHA
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
4-08: 16:37:48:265:e6c QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[5] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: MD5
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
4-08: 16:37:48:265:e6c QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[6] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
4-08: 16:37:48:265:e6c QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[7] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
4-08: 16:37:48:265:e6c QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[8] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: SHA
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
4-08: 16:37:48:265:e6c QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[9] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: MD5
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
4-08: 16:37:48:265:e6c QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[10] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: SHA
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
4-08: 16:37:48:265:e6c QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[11] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: MD5
4-08: 16:37:48:265:e6c Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
4-08: 16:37:48:265:e6c QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[12] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
4-08: 16:37:48:265:e6c QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[13] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
4-08: 16:37:48:265:e6c QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[14] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: SHA
4-08: 16:37:48:265:e6c QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
4-08: 16:37:48:265:e6c QMOffer[15] dwFlags 0 dwPFSGroup 0
4-08: 16:37:48:265:e6c Algo[0] Operation: AH Algo: MD5
4-08: 16:37:48:265:e6c GetSpi: src = 192.168.1.1.1701, dst =
192.168.1.10.1701, proto = 17, context = 00000000, srcMask = 255.255.255.255,
destMask = 255.255.255.255, TunnelFilter 0
4-08: 16:37:48:265:e6c Setting SPI 1945056158
4-08: 16:37:48:265:e6c constructing ISAKMP Header
4-08: 16:37:48:265:e6c constructing HASH (null)
4-08: 16:37:48:265:e6c constructing SA (IPSEC)
4-08: 16:37:48:281:e6c constructing NONCE (IPSEC)
4-08: 16:37:48:281:e6c constructing ID (proxy)
4-08: 16:37:48:281:e6c constructing ID (proxy)
4-08: 16:37:48:281:e6c constructing HASH (QM)
4-08: 16:37:48:281:e6c
4-08: 16:37:48:281:e6c Sending: SA = 0x014F6D40 to 192.168.1.1:Type 2.500
4-08: 16:37:48:281:e6c ISAKMP Header: (V1.0), len = 1300
4-08: 16:37:48:281:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:48:281:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:48:281:e6c exchange: Oakley Quick Mode
4-08: 16:37:48:281:e6c flags: 1 ( encrypted )
4-08: 16:37:48:281:e6c next payload: HASH
4-08: 16:37:48:281:e6c message ID: 5a05732b
4-08: 16:37:48:281:e6c Ports S:f401 D:f401
4-08: 16:37:48:281:e6c
4-08: 16:37:48:281:e6c Receive: (get) SA = 0x014f6d40 from 192.168.1.1.500
4-08: 16:37:48:281:e6c ISAKMP Header: (V1.0), len = 172
4-08: 16:37:48:281:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:48:281:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:48:281:e6c exchange: Oakley Quick Mode
4-08: 16:37:48:281:e6c flags: 3 ( encrypted commit )
4-08: 16:37:48:281:e6c next payload: HASH
4-08: 16:37:48:281:e6c message ID: 5a05732b
4-08: 16:37:48:281:e6c processing HASH (QM)
4-08: 16:37:48:281:e6c ClearFragList
4-08: 16:37:48:281:e6c processing payload NONCE
4-08: 16:37:48:281:e6c processing payload ID
4-08: 16:37:48:281:e6c processing payload ID
4-08: 16:37:48:281:e6c processing payload SA
4-08: 16:37:48:281:e6c Negotiated Proxy ID: Src 192.168.1.10.1701 Dst
192.168.1.1.1701
4-08: 16:37:48:281:e6c Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
4-08: 16:37:48:281:e6c Checking Transform # 2: ID=Triple DES CBC(3)
4-08: 16:37:48:281:e6c SA life type in seconds
4-08: 16:37:48:281:e6c SA life duration 00000e10
4-08: 16:37:48:281:e6c SA life type in kilobytes
4-08: 16:37:48:281:e6c SA life duration 0003d090
4-08: 16:37:48:281:e6c tunnel mode is Transport Mode(2)
4-08: 16:37:48:281:e6c HMAC algorithm is SHA(2)
4-08: 16:37:48:281:e6c Phase 2 SA accepted: proposal=1 transform=2
4-08: 16:37:48:281:e6c constructing ISAKMP Header
4-08: 16:37:48:281:e6c constructing HASH (QM)
4-08: 16:37:48:281:e6c Adding QMs: src = 192.168.1.10.1701, dst =
192.168.1.1.1701, proto = 17, context = 0000001D, my tunnel = 0.0.0.0, peer
tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 200 Direction 2 EncapType 1
4-08: 16:37:48:281:e6c Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
4-08: 16:37:48:281:e6c Algo[0] MySpi: 1945056158 PeerSpi: 1451571054
4-08: 16:37:48:281:e6c Encap Ports Src 500 Dst 500
4-08: 16:37:48:281:e6c Skipping Outbound SA add
4-08: 16:37:48:281:e6c
4-08: 16:37:48:281:e6c Sending: SA = 0x014F6D40 to 192.168.1.1:Type 2.500
4-08: 16:37:48:281:e6c ISAKMP Header: (V1.0), len = 52
4-08: 16:37:48:281:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:48:281:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:48:281:e6c exchange: Oakley Quick Mode
4-08: 16:37:48:281:e6c flags: 3 ( encrypted commit )
4-08: 16:37:48:281:e6c next payload: HASH
4-08: 16:37:48:281:e6c message ID: 5a05732b
4-08: 16:37:48:281:e6c Ports S:f401 D:f401
4-08: 16:37:48:281:e6c
4-08: 16:37:48:281:e6c Receive: (get) SA = 0x014f6d40 from 192.168.1.1.500
4-08: 16:37:48:281:e6c ISAKMP Header: (V1.0), len = 68
4-08: 16:37:48:281:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:48:281:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:48:281:e6c exchange: ISAKMP Informational Exchange
4-08: 16:37:48:281:e6c flags: 1 ( encrypted )
4-08: 16:37:48:281:e6c next payload: HASH
4-08: 16:37:48:281:e6c message ID: 5a05732b
4-08: 16:37:48:281:e6c processing HASH (Notify/Delete)
4-08: 16:37:48:281:e6c processing payload NOTIFY
4-08: 16:37:48:281:e6c ProcessFailure: sa:014F6D40 centry:00000000
status:3610
4-08: 16:37:48:281:e6c unable to process info-only exchange
4-08: 16:37:49:265:13bc retransmit: sa = 014F6D40 centry 00111CC8 , count = 1
4-08: 16:37:49:265:13bc
4-08: 16:37:49:265:13bc Sending: SA = 0x014F6D40 to 192.168.1.1:Type 2.500
4-08: 16:37:49:265:13bc ISAKMP Header: (V1.0), len = 52
4-08: 16:37:49:265:13bc I-COOKIE 8f4894f922863850
4-08: 16:37:49:265:13bc R-COOKIE 16719b2b392339bb
4-08: 16:37:49:265:13bc exchange: Oakley Quick Mode
4-08: 16:37:49:265:13bc flags: 3 ( encrypted commit )
4-08: 16:37:49:265:13bc next payload: HASH
4-08: 16:37:49:265:13bc message ID: 5a05732b
4-08: 16:37:49:265:13bc Ports S:f401 D:f401
4-08: 16:37:49:265:e6c
4-08: 16:37:49:265:e6c Receive: (get) SA = 0x014f6d40 from 192.168.1.1.500
4-08: 16:37:49:265:e6c ISAKMP Header: (V1.0), len = 68
4-08: 16:37:49:265:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:49:265:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:49:265:e6c exchange: ISAKMP Informational Exchange
4-08: 16:37:49:265:e6c flags: 1 ( encrypted )
4-08: 16:37:49:265:e6c next payload: HASH
4-08: 16:37:49:265:e6c message ID: 5a05732b
4-08: 16:37:49:265:e6c processing HASH (Notify/Delete)
4-08: 16:37:49:265:e6c processing payload NOTIFY
4-08: 16:37:49:265:e6c ProcessFailure: sa:014F6D40 centry:00000000
status:3610
4-08: 16:37:49:265:e6c unable to process info-only exchange
4-08: 16:37:51:265:13bc retransmit: sa = 014F6D40 centry 00111CC8 , count = 2
4-08: 16:37:51:265:13bc
4-08: 16:37:51:265:13bc Sending: SA = 0x014F6D40 to 192.168.1.1:Type 2.500
4-08: 16:37:51:265:13bc ISAKMP Header: (V1.0), len = 52
4-08: 16:37:51:265:13bc I-COOKIE 8f4894f922863850
4-08: 16:37:51:265:13bc R-COOKIE 16719b2b392339bb
4-08: 16:37:51:265:13bc exchange: Oakley Quick Mode
4-08: 16:37:51:265:13bc flags: 3 ( encrypted commit )
4-08: 16:37:51:265:13bc next payload: HASH
4-08: 16:37:51:265:13bc message ID: 5a05732b
4-08: 16:37:51:265:13bc Ports S:f401 D:f401
4-08: 16:37:51:265:e6c
4-08: 16:37:51:265:e6c Receive: (get) SA = 0x014f6d40 from 192.168.1.1.500
4-08: 16:37:51:265:e6c ISAKMP Header: (V1.0), len = 68
4-08: 16:37:51:265:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:51:265:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:51:265:e6c exchange: ISAKMP Informational Exchange
4-08: 16:37:51:265:e6c flags: 1 ( encrypted )
4-08: 16:37:51:265:e6c next payload: HASH
4-08: 16:37:51:265:e6c message ID: 5a05732b
4-08: 16:37:51:265:e6c processing HASH (Notify/Delete)
4-08: 16:37:51:265:e6c processing payload NOTIFY
4-08: 16:37:51:265:e6c ProcessFailure: sa:014F6D40 centry:00000000
status:3610
4-08: 16:37:51:265:e6c unable to process info-only exchange
4-08: 16:37:55:265:13bc retransmit: sa = 014F6D40 centry 00111CC8 , count = 3
4-08: 16:37:55:265:13bc
4-08: 16:37:55:265:13bc Sending: SA = 0x014F6D40 to 192.168.1.1:Type 2.500
4-08: 16:37:55:265:13bc ISAKMP Header: (V1.0), len = 52
4-08: 16:37:55:265:13bc I-COOKIE 8f4894f922863850
4-08: 16:37:55:265:13bc R-COOKIE 16719b2b392339bb
4-08: 16:37:55:265:13bc exchange: Oakley Quick Mode
4-08: 16:37:55:265:13bc flags: 3 ( encrypted commit )
4-08: 16:37:55:265:13bc next payload: HASH
4-08: 16:37:55:265:13bc message ID: 5a05732b
4-08: 16:37:55:265:13bc Ports S:f401 D:f401
4-08: 16:37:55:265:e6c
4-08: 16:37:55:265:e6c Receive: (get) SA = 0x014f6d40 from 192.168.1.1.500
4-08: 16:37:55:265:e6c ISAKMP Header: (V1.0), len = 68
4-08: 16:37:55:265:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:55:265:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:55:265:e6c exchange: ISAKMP Informational Exchange
4-08: 16:37:55:265:e6c flags: 1 ( encrypted )
4-08: 16:37:55:265:e6c next payload: HASH
4-08: 16:37:55:265:e6c message ID: 5a05732b
4-08: 16:37:55:265:e6c processing HASH (Notify/Delete)
4-08: 16:37:55:265:e6c processing payload NOTIFY
4-08: 16:37:55:265:e6c ProcessFailure: sa:014F6D40 centry:00000000
status:3610
4-08: 16:37:55:265:e6c unable to process info-only exchange
4-08: 16:37:59:187:155c isadb_schedule_kill_oldPolicy_sas:
6f88a852-9e49-4034-9e99a72b2f972e12 4
4-08: 16:37:59:203:e6c entered kill_old_policy_sas 4
4-08: 16:37:59:203:e6c SA Dead. sa:014F6D40 status:3619
4-08: 16:37:59:203:e6c isadb_set_status sa:014F6D40 centry:00000000 status
3619
4-08: 16:37:59:203:e6c Data Protection Mode (Quick Mode)
4-08: 16:37:59:203:e6c Source IP Address 192.168.1.10 Source IP Address
Mask 255.255.255.255 Destination IP Address 192.168.1.1 Destination IP
Address Mask 255.255.255.255 Protocol 17 Source Port 1701 Destination Port
1701 IKE Local Addr 192.168.1.10 IKE Peer Addr 192.168.1.1
4-08: 16:37:59:203:e6c Certificate based Identity. Peer Subject C=UK,
O=TCC, CN=router1.test.com Peer SHA Thumbprint
f7b935bed056e8df73f72c44f6b11c09048c1ce1 Peer Issuing Certificate Authority
C=UT, S=Some-State, L=Utopia City, O=UIWST, OU=C4I, CN=UWIST CA Root
Certificate Authority C=UT, S=Some-State, L=Utopia City, O=UIWST, OU=C4I,
CN=UWIST CA My Subject C=NZ, S=test, L=test, O=test, CN=Test-Computer My
SHA Thumbprint 86335bad125a36c26ecea35341fbaf1558c807ef Peer IP Address:
192.168.1.1
4-08: 16:37:59:203:e6c Me
4-08: 16:37:59:203:e6c New policy invalidated SAs formed with old policy
4-08: 16:37:59:203:e6c 0x0 0x0
4-08: 16:37:59:203:e6c isadb_set_status sa:014F6D40 centry:00111CC8 status
3619
4-08: 16:37:59:203:e6c isadb_set_status InitiateEvent 00000794: Setting
Status 3619
4-08: 16:37:59:203:e6c Clearing centry 00111CC8 InitiateEvent 00000794
4-08: 16:37:59:203:e6c constructing ISAKMP Header
4-08: 16:37:59:203:e6c constructing HASH (null)
4-08: 16:37:59:203:e6c constructing DELETE. MM 014F6D40
4-08: 16:37:59:203:e6c constructing HASH (Notify/Delete)
4-08: 16:37:59:203:e6c Not setting retransmit to downlevel client. SA
014F6D40 Centry 00000000
4-08: 16:37:59:203:e6c
4-08: 16:37:59:203:e6c Sending: SA = 0x014F6D40 to 192.168.1.1:Type 1.500
4-08: 16:37:59:203:e6c ISAKMP Header: (V1.0), len = 84
4-08: 16:37:59:203:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:59:203:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:59:203:e6c exchange: ISAKMP Informational Exchange
4-08: 16:37:59:203:e6c flags: 1 ( encrypted )
4-08: 16:37:59:203:e6c next payload: HASH
4-08: 16:37:59:203:e6c message ID: 3cf81ff3
4-08: 16:37:59:203:e6c Ports S:f401 D:f401
4-08: 16:37:59:203:578 isadb_schedule_kill_oldPolicy_sas:
879d8951-055e-4d54-9f7177d294873c4f 3
4-08: 16:37:59:203:1564 isadb_schedule_kill_oldPolicy_sas:
94909486-da1c-4e28-8229cde9d6a4ec42 2
4-08: 16:37:59:203:e6c entered kill_old_policy_sas 3
4-08: 16:37:59:203:e6c entered kill_old_policy_sas 2
4-08: 16:37:59:203:155c isadb_schedule_kill_oldPolicy_sas:
212ae9f7-ad7f-4234-b9f9195702842f17 1
4-08: 16:37:59:203:1304 entered kill_old_policy_sas 1
4-08: 16:37:59:203:578 CloseNegHandle 00000794
4-08: 16:37:59:203:578 SE cookie 8f4894f922863850

The first line says Main mode established. Everything seems fine up until
here:

4-08: 16:37:49:265:13bc Sending: SA = 0x014F6D40 to 192.168.1.1:Type 2.500
4-08: 16:37:49:265:13bc ISAKMP Header: (V1.0), len = 52
4-08: 16:37:49:265:13bc I-COOKIE 8f4894f922863850
4-08: 16:37:49:265:13bc R-COOKIE 16719b2b392339bb
4-08: 16:37:49:265:13bc exchange: Oakley Quick Mode
4-08: 16:37:49:265:13bc flags: 3 ( encrypted commit )
4-08: 16:37:49:265:13bc next payload: HASH
4-08: 16:37:49:265:13bc message ID: 5a05732b
4-08: 16:37:49:265:13bc Ports S:f401 D:f401
4-08: 16:37:49:265:e6c
4-08: 16:37:49:265:e6c Receive: (get) SA = 0x014f6d40 from 192.168.1.1.500
4-08: 16:37:49:265:e6c ISAKMP Header: (V1.0), len = 68
4-08: 16:37:49:265:e6c I-COOKIE 8f4894f922863850
4-08: 16:37:49:265:e6c R-COOKIE 16719b2b392339bb
4-08: 16:37:49:265:e6c exchange: ISAKMP Informational Exchange
4-08: 16:37:49:265:e6c flags: 1 ( encrypted )
4-08: 16:37:49:265:e6c next payload: HASH
4-08: 16:37:49:265:e6c message ID: 5a05732b
4-08: 16:37:49:265:e6c processing HASH (Notify/Delete)
4-08: 16:37:49:265:e6c processing payload NOTIFY
4-08: 16:37:49:265:e6c ProcessFailure: sa:014F6D40 centry:00000000
status:3610
4-08: 16:37:49:265:e6c unable to process info-only exchange
4-08: 16:37:51:265:13bc retransmit: sa = 014F6D40 centry 00111CC8 , count = 2

Or more specifically, here
4-08: 16:37:49:265:e6c processing HASH (Notify/Delete)
4-08: 16:37:49:265:e6c processing payload NOTIFY
4-08: 16:37:49:265:e6c ProcessFailure: sa:014F6D40 centry:00000000
status:3610
4-08: 16:37:49:265:e6c unable to process info-only exchange
4-08: 16:37:51:265:13bc retransmit: sa = 014F6D40 centry 00111CC8 , count = 2

Is there a way I can find out -why- the processing of the NOTIFY messag
failed? I'm hoping status:3610 is an error code, but I can't seem to find
where these are defined. When I disable the send commit bit option on the
router, XP can log in fine. However when it is enabled, it fails and
continues to retransmit the last Quick Mode message over and over again.

In addition:
http://www.microsoft.com/technet/network/ipsec/ipsecfaq.mspx says:

Q. How can I interpret the contents of the Oakley log?
A.
Interpreting the contents of the Oakley log requires a detailed
understanding of the IPsec protocols. The recommendation is that you forward
your Oakley logs to Microsoft support engineers for analysis.

While I have an understanding of how to implement IPsec, I dont see a reason
for the process failing.
 
Back
Top