VPN in aggressive mode

Hello

Can someone tell me whatthe above message means and how to solve it.

Thank you

The command to disable connections inbound aggressive mode.

If you want, there is an option to disable connections inbound aggressive mode on the tunnel-group as well.

tunnel-group ipsec-attributes xxxxxx

ISAKMP am - disable

In this way you disable connections inbound aggressive mode to a specific peer.

If a peer tries to establish a connection in aggressive mode, you should see a message like this in the logs:

"Unable to initiate or respond to fashion aggressive while disabled"

This command prevents Easy VPN Virtual Private Network (easy) clients to connect if they use of pre-shared keys because the easy VPN (hardware and software) customers use aggressive mode.

Federico.

Tags: Cisco Security

Similar Questions

IPsec VPN Client - aggressive mode

Hi all

I just got got off the phone with the customer who underwent a check sweep of security from a third-party vendor. One of the vulnerebilities mentioned in the report is this:

I know that only the IPsec VPN client using aggressive mode to negotiate Phase I. So my question is how to convince my customer to continue to use the IPsec VPN? Is this what can I do to reduce the risk of the use of this type of access remotely. In addition, am I saw the same problem, if I use SSL based VPN Client?

Kind regards

Marty

Hello

Ikev1 HUB in aggressive mode sends his PSK hash in the second package as well as its public DH value.

It is indeed a weakness of slope Protocol.

To be able to act on this, U will be on the path to capture this stream in order to the brute force of the hash [which is not obvious - but not impossible.

This issue is seriously attenuated by activating XAUTH [authentication].

Xauth happens after the DH, so under encryption.

Assuming that the strong password policy is in use, it is so very very very difficult to find the right combination of username/password.

Ikev2 is much safer in this respect and this is the right way.

See you soon,.

Olivier

Tunnel VPN site to Site - aggressive Mode

I searched the community for answers to this and that you have not found quite what I was looking for (or what seems logical). I have an ASA 5510 to A site with one website VPN tunnel to a SonicWall to site B. Which works very well. I need to create a tunnel for site C to site a using a tunnel of aggressive mode. I'm not quite sure how to do this. Any suggestion would be great!

NOTE: I have included the parts of the running configuration that seem relevant to me. If I missed something please let me know.

ASA Version 8.2 (1)

interface Ethernet0/0

nameif outside

security-level 0

IP 1.2.3.4 255.255.255.248

!

10.5.2.0 IP Access-list extended site_B 255.255.255.0 allow 10.205.2.0 255.255.255.128

access extensive list ip 10.5.2.0 site_C allow 255.255.255.0 10.205.2.128 255.255.255.128

dynamic-access-policy-registration DfltAccessPolicy

Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set esp-3des esp-sha-hmac 3des-sha1

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

crypto VPN 30 card matches the address site_B

card crypto VPN 30 peer set 4.3.2.1

crypto VPN 30 the transform-set 3des-sha1 value card

card crypto VPN 40 corresponds to the address site_C

card crypto VPN. 40 set peer 8.7.6.5

crypto VPN. 40 the transform-set 3des-sha1 value card

crypto ISAKMP allow outside

crypto ISAKMP policy 10

preshared authentication

3des encryption

sha hash

Group 2

life 86400

Crypto isakmp nat-traversal 30

crypto ISAKMP ipsec-over-tcp port 10000

attributes of Group Policy DfltGrpPolicy

Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

tunnel-group 4.3.2.1 type ipsec-l2l

4.3.2.1 tunnel-group ipsec-attributes

pre-shared-key *.

tunnel-group 8.7.6.5 type ipsec-l2l

IPSec-attributes tunnel-group 8.7.6.5

pre-shared-key *.

David,

Please try this:

clear crypto ipsec its peer site_c_IP

clear configure VPN 40 crypto card

card crypto VPN 10 corresponds to the address site_C

card crypto VPN 10 set peer 8.7.6.5

crypto VPN 10 the transform-set 3des-sha1 value card

debug logging in buffered memory

capture drop all circular asp type

capture capin interface inside the match ip 10.5.2.0 255.255.255.0 10.205.2.128 255.255.255.128

After generating the traffic and INTERNAL of the machine behind the ASA:

view Journal | 10.205.2 Inc.

See the fall of cap. 10.205.2 Inc.

view Cape capin

In case it does not work:

(a) show the crypto classic table ASP.

(b) details of vpn-framework for table ASP.

(c) show cry its site_c peer ipsec

(d) entry packet - trace within the icmp 10.5.2.15 8 0 10.205.2.130 detail

(e) see the crypto ipsec his

At the same time, please.

Let me know how it goes.

Thank you

Portu.

Please note all useful posts

Need for visibility on the IPsec protocol: aggressive Mode

Hello

I have a few doubts about VPN. I already went through a large number of documents. Everybody says something I don't agree with. So please don't view this kind of material in your answer.

Aggressive mode: what I know, there are 3 Exchange for aggressive mode. Initiator in the first message sends the ID parameters, DH, HIS (IP address, domain name FULL). Then the answering machine (2nd MSG) reacts with the SA settings, DH, ID, HASH_R, then the initiator (3rd MSG) responds with HASH_I and PHASE 1 is established here.

As the initiator and the responder IDs are sent in clear text, so we say that aggressive mode is not course.

DH is used to exchange keys between peers. DH, negotiates and then generate a SECRET_KEY which in turn, is used to encrypt the symmetric key. We have SA parameters for encryption, hash, authentication.

Here are my questions:

(a) all of ITS parameters, IDs, DH traded first and second messages. The third message from the initiator is to send to HASH_I. Now, I don't see at all any use of DH in this mode, no encryption (payload ISAKAMP is not encrypted). A single phase 1 aims to build a secure layer of management so that the PHASE connection 2 (data connection) may establish under a secure layer (PHASE 1). Now, I see that in aggressive mode we are not able to achieve this secure layer. So, what's the point of having encryption algorithms and DH in PHASE 1 if they are never used? Instead of skip PHASE 1 and we can have the PFS in Phase 2 for serving as a DH and we were hashing algorithms, encryption too.

(b) the PRE SHARED KEY is actually shared via connect using the DH? Or just a HASH of PRE-SHARED-KEY is generated and sent on the connection for authentication?

(c) why the aggressive mode can be used for dynamic addressing and not the main mode?

If please answer queries and correct me if I am wrong somewhere.

Thank you

Rakesh Kumar

(a). theoretically, jumping Phase 1 and done everything in Phase 2 (for aggressive mode only) would probably be a good idea to make it safer. However, this would require a complete redesign of the IKE protocol. As you probably already know, aggressive mode is used by default only for VPN remote access, and I've never seen used for a site to any of the customers that I came in contact. In aggressive mode, in my opinion, would be used only in situations where a large number of VPN tunnels are built and demolished all the time (as with RA VPN) to save on material resources. But... It is what it is, not a very safe to use method.

(b) the pre-shared key is used to create a hash and this hash is sent to the remote peer. If the remote peer can create the same hash using its own pre-shared key, then peers know they share the same secrets. The problem with aggressive mode is that the hash is sent in plain text format, so if an attacker is able to capture these data they could preform a brute force offline attack.

(c). I think that this has to do with the fact that the aggressive mode sends its identity in text clear and not must therefore not be pre-configured as a peer answer as it does with tunnels with addresses static at both ends.

--

Please do not forget to select a correct answer and rate useful posts

Anyconnect Ikev2 uses aggressive Mode

Hello world

I'm trying to fix the IKE Aggressive mode with vulnerabilities PSK on our Cisco ASA that runs old IPsec and Ikev2 Anyconnect VPN.

When I run the command

Crypto isakmp HS her

User using IPSEC VPN

IKEv1 SAs:

HIS active: 25
Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 25

1 peer IKE: 63.226.x.x
Type: user role: answering machine
Generate a new key: no State: AM_ACTIVE

Then, he tells me that this VPN client is using aggressive mode right?

User using IKEV2 anyconnect

Crypto isakmp HS her

17 peer IKE: 192.206.x.x
Type: user role: answering machine
Generate a new key: no State: AM_ACTIVE

IKEv2 SAs:

Session-id: 361, status: ACTIVE UP, IKE County: 1, number of CHILDREN: 1

Tunnel-id Local remote status role
x.x.x.x/4500 1696279645 192.206..x.x/33328 answering MACHINE READY
BA: AES - CBC, keysize: 256, Hash: SHA96, Grp:5 DH, Auth sign: RSA, Auth check: EAP
Duration of life/active: 86400/24756 sec
His child: local selector 0.0.0.0/0 - 255.255.255.255/65535
selector of distance 172.16..x.x.144/0 - 172.16.x.x/65535
SPI ESP/output: 0xa315b767/0xbec2f7cc

Need to know anyconnect ikev2 does not share any key of share pre then why the number of line 17 shows AM (aggressive mode)?

The ikev2 Protocol has nothing to do with the aggressive mode or main at all.

If you do a 'sh crypto isa"it will show you the the ikev1 and his ikev2.

If you still see a flow in the table, maybe it's a stuck session.

To disable the aggressive mode, enter the following command:

Crypto ikev1 am - disable

For example:

HostName (config) # crypto ikev1 am - disable

Aggressive mode IKE on VPN3K

Hello

I have VPN 3005 with 4.7.2 OS (a last to this day). I am trying to turn off the Mode aggressive treatment (stick to the main Mode only) for VPN clients to remove. Please note that remote VPN clients and NOT the LAN-to-LAN connections.

So far I don't see how this can be done.

TAC engineer is not to come up with more good responses.

In any case has an idea?

Thank you!

David

I don't think you can do the Remoting on VPN

the hub works with the main mode, unless

you decide to use the certificate instead of

pre-shared key:

"The Cisco VPN client uses main mode and aggressive mode pre-shared keys are used when the public key (PKI) infrastructure is used in Phase 1 of the tunnel negotiations. After wearing the Internet Security Association and Key Management Protocol (ISAKMP Security Association) Association Security upward for secure communications, Cisco VPN 3000 Concentrator prompts the user to specify the credentials of the user. In this phase, also known under the name X-Auth or extended authentication, the VPN 3000 Concentrator valid user on the database of authentication configured. If authentication success, the Cisco Concentrator sends a message of successful customer authentication. After X-Auth, the Cisco VPN client application configuration settings such as the assigned IP address, the domain name system (DNS) server IP address and the IP address of the Server Windows Internet Naming Service (WINS). During this phase, called mode-config, the VPN 3000 Concentrator sends the settings configured at the client. The final step for a VPN tunnel successful is negotiating the parameters of Phase 2.

IKE aggressive mode

We used to use IPSEC VPN, but now Anyconnect SSL VPN. We have a third sweep our external firewall, and they recommend that we disable aggressive Mode IKE. This is only used for IPSec VPN? Is it safe to remove our configuration on our ASA 5505?

crypto isakmp identity address

crypto ISAKMP allow outside

crypto ISAKMP policy 10

preshared authentication

3des encryption

sha hash

Group 2

life 86400

Thank you.

Hi Bill,

Aggressive mode (3 pkt Exchange) is only used for remote access IPsec. The site to site VPN using main mode (6 pkt Exchange). If you don't have any VPN site to site, you can disable these commands but if you have VPN site to site then removing these will break them.

There was nothing called aggressive mode in Anyconnect. AnyConnect uses a totally different protocol called SSL (port 443 TCP/UDP).

Hope that answers your question.

Thank you

Vishnu Sharma

Tunnel of IOS Interface IKE aggressive mode

I had a pen test scan on a few of my routers and she claims that IKE aggressive Mode of operation are my IOS routers.

I'm having a problem to know how to disable this option in the version of IOS 12.4 (24) T. I can find it on other platforms, but not of IOS. Can someone tell me please in the right direction?

Thank you

You can turn off with

disable ISAKMP aggressive mode crypto

VPN in transparent mode

Hello

Is it possible to run IPSEC and SSL VPN (without customer or anycoonet) while ASA in Transparent mode remotely? All NAT/PAT is the router before the ASA.

If so, any example config would be appreciated.

Reg,

Sushil

No, is VPN IPSEC or SSL are not supported when the ASA is in transparent mode.

Here is the URL for your reference:

http://www.Cisco.com/en/us/docs/security/ASA/asa82/configuration/guide/fwmode.html#wp1222826

Cisco RV220W IPSec VPN problem Local configuration for any config mode

Dear all,

I need help, I am currently evaluating RV220W for VPN usage but I'm stuck with the config somehow, it seems that there is a problem with the Mode-Config?

What needs to be changed or where is my fault?

I have installed IPSec according to the RV220W Administrator's Guide. Client's Mac with Mac Cisco IPSec VPN, I also tried NCP Secure Client.

I have 3 other sites where the config on my Mac works fine, but the Cisco VPN router is not.

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: remote for found identifier "remote.com" configuration

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: application received for the negotiation of the new phase 1: x.x.x.x [500]<=>2.206.0.67 [53056]

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: early aggressive mode.

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: RFC 3947

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received unknown Vendor ID

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: CISCO - UNITY

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: received Vendor ID: DPD

2013-03-07 01:55:49: [CiscoFirewall] [IKE] INFO: for 2.206.0.67 [53056], version selected NAT - T: RFC 39472013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: floating ports NAT - t with peer 2.206.0.67 [52149]

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: NAT - D payload is x.x.x.x [4500]

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: NAT - D payload does not match for 2.206.0.67 [52149]

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: NAT detected: Peer is behind a NAT device

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: request sending Xauth for 2.206.0.67 [52149]

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: ISAKMP Security Association established for x.x.x.x [4500] - 2.206.0.67 [52149] with spi: 1369a43b6dda8a7d:fd874108e09e207e

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: type of the attribute "ISAKMP_CFG_REPLY" from 2.206.0.67 [52149]

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: connection for the user "Testuser".

2013-03-07 01:55:50: [CiscoFirewall] [IKE] INFO: type of the attribute "ISAKMP_CFG_REQUEST" from 2.206.0.67 [52149]

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] WARNING: ignored attribute 5

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] WARNING: attribute ignored 28678

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] ERROR: local configuration for 2.206.0.67 [52149] has no config mode

2013-03-07 01:55:50: [CiscoFirewall] [IKE] WARNING: attribute ignored 28683

2013-03-07 01:56:07: [CiscoFirewall] [IKE] INFO: purged-with proto_id = ISAKMP and spi = 1369a43b6dda8a7d:fd874108e09e207e ISAKMP Security Association.

2013-03-07 01:56:08: [CiscoFirewall] [IKE] INFO: ISAKMP Security Association deleted for x.x.x.x [4500] - 2.206.0.67 [52149] with spi: 1369a43b6dda8a7d:fd874108e09e207e

Hi Mike, the built-in client for MAC does not work with the RV220W. The reason is, the MAC IPSec client is the same as the Cisco VPN 5.x client.

The reason that this is important is that the 5.x client work that on certain small business products include the SRP500 and SA500 series.

I would recommend that you search by using a client VPN as Greenbow or IPSecuritas.

-Tom
Please mark replied messages useful

Cisco VPN router to Juniper - need phase 1 Main Mode

Experts,

Hello, I did research throughout the day and I can't find the difference on how to configure the main mode of the phase 1 compared to the aggressive mode for phase 1.

I'm setting up a vpn to a device of Juniper tunnel.

The peer needs main mode for phase 1 in order to connect.

My questions:

1. How can I configure main mode and aggressive mode?

2. What is the default behavior for the tunnel VPN Lan2Lan.

Thanks for the help.

The command to disable the aggressive mode is:

disable ISAKMP aggressive mode crypto

OP:

What Juniper device you connect to? A GSU?

VPN works in Active Active Firewall failover mode?

I want to clarify these two things!
1. what VPN works in active/active mode failover mode?

2. what failover active/Pasive mode?

Kind regards!

Hello

With the help of an active/active failover means that firewalls will be in Multiple context mode. In other words the virtual firewall.

This means that you can ONLY use the L2L IPsec VPN connections on the virtual firewall if you run level software on the firewall 9.x. Any form of Client and clientless VPN is not supported in multiple context Mode right now.

Now with active / standby, it must make a distinction (if that is the word).

IF you run a pair of active failover / normal standby time of ASAs IS NOT in Multiple context mode, YOU CAN use any type of VPN support ASAs.

IF you run a pair of ASAs in several Mode of context and active / standby, you will naturally meet the limitation of VPN in Multiple Mode of context support and do WILL NOT be able to use any other VPN other than IPsec VPN L2L connections as long as you run the 9.x software that supports.

Hope this helps

-Jouni

Unable to connect to the client to site VPN

Hello

Suddenly this morning I couldn't connect to the VPN from my work. I did not update the operating system or any other application in my Mac. I checked with my VPN provider and all is well. I tried to connect to the VPN from another PC and the connection was successful.

It of weird, can you help me on this?

Thank you

My Info:

OS X El Capitan

Version 10.11.6 (15-1004)

Error log:

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: agreed to the takeover of vpn connection.

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IPSec to connect to the server 50.57.56.150

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: connection.

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IPSec Phase 1 started (initiated by me).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IKE Packet: forward the success. (Initiator, Aggressive Mode 1 message).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: > > > > > status of phase change = Phase 1 began by us

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: no message must be encrypted, 0x14a1, side 0 status

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IPSec to connect to the server 50.57.56.150

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: connection.

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IPSec Phase 1 started (initiated by me).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IKE Packet: forward the success. (Initiator, Aggressive Mode 1 message).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: > > > > > status of phase change = Phase 1 began by us

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: port 62465 anticipated, but 0

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IKEv1 Phase 1 AUTH: success. (Initiator, aggressive-Mode Message 2).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: > > > > > status of phase change = Phase 1 began with a peer

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IKE Packet: receive a success. (Initiator, Aggressive Mode 2 message).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: initiating IKEv1 Phase 1: success. (Initiator, aggressive Mode).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IKE Packet: forward the success. (Initiator, Aggressive Mode 3 message).

7 September 11:17:57 racoon Gerards-MacBook-Pro [680]: IPSec Phase 1 established (initiated by me).

7 September 11:18:05 racoon Gerards-MacBook-Pro [680]!: jumped to retransmit the frags: frag_flags 1, r-> sendbuf-> l 136, max 1280

7 September 11:18:05 racoon Gerards-MacBook-Pro [680]: retransmitted packet received from the 50.57.56.150 [500].

7 September 11:18:05 racoon Gerards-MacBook-Pro [680]: the packet is retransmitted by 50.57.56.150 [500].

7 September 11:18:13 racoon Gerards-MacBook-Pro [680]!: jumped to retransmit the frags: frag_flags 1, r-> sendbuf-> l 136, max 1280

7 September 11:18:13 racoon Gerards-MacBook-Pro [680]: retransmitted packet received from the 50.57.56.150 [500].

7 September 11:18:13 racoon Gerards-MacBook-Pro [680]: the packet is retransmitted by 50.57.56.150 [500].

7 September 11:18:21 racoon Gerards-MacBook-Pro [680]!: jumped to retransmit the frags: frag_flags 1, r-> sendbuf-> l 136, max 1280

7 September 11:18:21 racoon Gerards-MacBook-Pro [680]: retransmitted packet received from the 50.57.56.150 [500].

7 September 11:18:21 racoon Gerards-MacBook-Pro [680]: the packet is retransmitted by 50.57.56.150 [500].

7 September 11:18:27 racoon Gerards-MacBook-Pro [680]: IPSec disconnection from the server 50.57.56.150

7 September 11:18:27 racoon Gerards-MacBook-Pro [680]: IKE Packet: forward the success. (Information message).

7 September 11:18:27 racoon Gerards-MacBook-Pro [680]: IKEv1-Information Notice: pass success. (Delete the ISAKMP Security Association).

7 September 11:18:27 racoon Gerards-MacBook-Pro [680]: glob found no match for the path "/ var/run/racoon/*.conf".

7 September 11:18:27 racoon Gerards-MacBook-Pro [680]: IPSec disconnection from the server 50.57.56.150

September 7 11:18:27 Gerards-MacBook-Pro UserNotificationCenter [682]: * ATTENTION: the method in the class userSpaceScaleFactor NSWindow is discouraged on 10.7 and later versions. It should not be used in new applications. Use convertRectToBacking: instead.

7 September 11:18:29 racoon Gerards-MacBook-Pro [680]: connection.

7 September 11:18:29 racoon Gerards-MacBook-Pro [680]: unknown information exchange has received.

Establish a virtual private network connection-

VPN connection: An unexpected error has occurred.

I am suddenly unable to get my built-in VPN connection works on my iMac with OS X 10.11.5. I get the VPN connection message: an unexpected error has occurred. I have been using this VPN configuration to connect to work for several months with success.

But last week (and I do not know if it had nothing to do with it), I went on vacation and used a free wi - fi setup of Tim Hortons. I had a LOT of trouble getting the next login page, and I checked all playing with different settings of network without success. When a change did not work, I put it to its original setting. Finally, I learned to use Safari to access the free WiFi connection page of Tim. Then once connected, everything was OK.

But when I returned a week later and if necessary, to start my VPN connection to access the work, it wouldn't start. I checked and recheck all my settings preferably of different network, but did not find those who were wrong. I even deleted and re-entered my VPN service definition without solving the problem.

Thinking that the problem could be the newly installed ISP of Bell equipment (we went from Rogers while I was away), I used my BlackBerry smartphone (issued by my employer) to create a wi - fi hotspot and accessed to the internet using this connection which completely ignored my home ISP equipment. But still, I was unable to establish a VPN connection.

I then tried my iPad VPN connection, and it worked! Then, I defined a VPN service on the iMac to my wife and the iMac to my daughter and was able to successfully establish a VPN connection to my work very well, using exactly the same VPN configuration. This led me to the conclusion, it was a problem on my iMac (and not with my new ISP or VPN system of my work that had none of the changes you made), but I still can't find what is "broken". I run Onyx for my iMac OS X 10.11.5 and repaired permissions and clean the cache and all the rest she is doing to "solve" problems. But the problem persisted.

Is there a preference file corrupted somewhere (scan option is no longer on the current version of the Onyx for a reason any)?

I still have a network setting wrong somewhere I need to go back to the system is correct value?

Here is the attempt to VPN from the file system.log (with some hidden values in the case where they display my work VPN access):

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: NESMLegacySession [VPN works: 295091E5-xxxx-4B6A-xxxx-F7A7xxxxxxAA]: received an order to start SystemUIServer [257]

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: NESMLegacySession [VPN works: 295091E5-xxxx-4B6A-xxxx-F7A7xxxxxxAA]: changed to connecting status

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: IPSec connection to server nnn.nnn.n.n

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: phase 1 of the IPSec from.

26 June at 16:13:48 Myrons-iMac raccoon [520]: agreed to the takeover of vpn connection.

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: IPSec connection to server nnn.nnn.n.n

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: connection.

26 June at 16:13:48 Myrons-iMac raccoon [520]: IPSec Phase 1 started (initiated by me).

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: bind 1 (cannot assign requested address)

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: sendfromto failed

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: Phase 1 negotiation failed due to the error of sending. 94437eb7d5b1b6e8:0000000000000000

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: can not send packets

26 June at 16:13:48 - last message repeated 1 time-

26 June at 16:13:48 Myrons-iMac raccoon [520]: IKE Packet: send failed. (Initiator, aggressive Mode 1 Message).

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: Controller IPSec: IKE FAILED. Phase 1, assert 0

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: NESMLegacySession [VPN works: 295091E5-xxxx-4B6A-xxxx-F7A7xxxxxxAA]: status changed by disconnecting

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: IPSec disconnection from the server 142.201.5.6

26 June at 16:13:48 Myrons-iMac raccoon [520]: IPSec disconnection from the server nnn.nnn.n.n

26 June at 16:13:48 - last message repeated 3 times-

26 June at 16:13:48 Myrons-iMac nesessionmanager [439]: NESMLegacySession [VPN works: 295091E5-xxxx-4B6A-xxxx-F7A7xxxxxxAA]: status changed to offline, terminus right no

Any help or insight would be more useful and appreciated... so that I can work from home again.

Thank you

Myron VanderLaan

I finally found my VPN problem.

There is a 'racoon' file that is generated when I connect to the VPN to my work site.

I have created a modified version of this file so that my connection does not expire in 3600 seconds (changed in 24 hours).

Apparently, there are some slightly different settings (such as certain IP addresses other than VPN IP of my work) in this file under our new ISP Bell from the former FAI Rogers.

And if I connect to the WiFi Hotspot from my BlackBerry, it does not once again because these settings in the file are different again. I must return the file generated instead of my modified file.

Bad luck!

Unable to connect to the Cisco VPN you use native client: El Capitan

I'm unable to connect to the Cisco VPN using native client server Cisco OSX via IPSec. Before the upgrade for connections VPN El Capitan has worked without any problems. VPN uses the shared secret of group. It seems, I get the error "raccoon [2580] ': could not send message vpn_control: Broken pipe ' during the connection."

When I upgraded to El Capitan, VPN connection has stopped working. I tried to do the following:

* connect using the old work VPN connection: without success

Config: Hand [server address, account name],

AUTH settings [shared secret, the Group name].

Advanced [mode to use the passive FTP = TRUE]

errors:

"authd [124]: copy_rights: _server_authorize failed.

"raccoon [2580]: could not send message vpn_control: Broken pipe"

...

* Add new VPN connection using L2TP over IPSec: without success

Config: Hand [server address, account name],

Authentication settings [user authentication: password, identification of the Machine: Shared Secret].

Advanced [send all traffic on the VPN = TRUE]

errsors:

"pppd [2616]: password not found in the system keychain.

"authd [124]: copy_rights: _server_authorize failed.

...

* Add new connection using Cisco via IPSec VPN: without success

Main config: [server address, account name].

AUTH settings [shared secret, the Group name].

Advanced [mode to use the passive FTP = TRUE]

errors:

"authd [124]: copy_rights: _server_authorize failed.

"raccoon [2580]: could not send message vpn_control: Broken pipe"

VPN server is high and does not work and accepts connections, this problem is entirely on the client side.

I. Journal of Console app existing/Legacy VPN connection:

26/03/16 10:24:01, 000 syslogd [40]: sender ASL statistics

26/03/16 10:24:01, nesessionmanager 311 [2112]: NESMLegacySession [VPN_CONN_NAME$: B7816CCC-2D2C-4D6D - 83 D 9-B2C8B6EB8589]: received an order to start SystemUIServer [2346]

26/03/16 10:24:01, nesessionmanager 311 [2112]: NESMLegacySession [VPN_CONN_NAME$: B7816CCC-2D2C-4D6D - 83 D 9-B2C8B6EB8589]: changed to connecting status

26/03/16 10:24:01, nesessionmanager 313 [2112]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:24:01, 316 nesessionmanager [2112]: phase 1 of the IPSec from.

26/03/16 10:24:01, racoon 338 [2580]: agreed to the takeover of vpn connection.

26/03/16 10:24:01, racoon 338 [2580]: agreed to the takeover of vpn connection.

26/03/16 10:24:01, racoon 339 [2580]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 339 [2580]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 339 [2580]: connection.

26/03/16 10:24:01, racoon 339 [2580]: IPSec Phase 1 started (initiated by me).

26/03/16 10:24:01, racoon 339 [2580]: IPSec Phase 1 started (initiated by me).

26/03/16 10:24:01, racoon 349 [2580]: IKE Packet: forward the success. (Initiator, Aggressive Mode 1 message).

26/03/16 10:24:01, racoon 350 [2580]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:24:01, racoon 350 [2580]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:24:01, racoon 381 [2580]: no message must be encrypted, 0x14a1, side 0 status

26/03/16 10:24:01, racoon 381 [2580]: no message must be encrypted, 0x14a1, side 0 status

26/03/16 10:24:01, 381 nesessionmanager [2112]: Controller IPSec: IKE FAILED. phase 2, assert 0

26/03/16 10:24:01, 381 nesessionmanager [2112]: Controller IPSec: retry the aggressive mode IPSec with DH group 2

26/03/16 10:24:01, nesessionmanager 404 [2112]: phase 1 of the IPSec from.

26/03/16 10:24:01, racoon 404 [2580]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 404 [2580]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 405 [2580]: connection.

26/03/16 10:24:01, racoon 405 [2580]: IPSec Phase 1 started (initiated by me).

26/03/16 10:24:01, racoon 405 [2580]: IPSec Phase 1 started (initiated by me).

26/03/16 10:24:01, 407 raccoon [2580]: IKE Packet: forward the success. (Initiator, Aggressive Mode 1 message).

26/03/16 10:24:01, 407 raccoon [2580]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:24:01, 407 raccoon [2580]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:24:01, racoon 436 [2580]: port 62465 anticipated, but 0

26/03/16 10:24:01, racoon 436 [2580]: port 62465 anticipated, but 0

26/03/16 10:24:01, 463 raccoon [2580]: IKEv1 Phase 1 AUTH: success. (Initiator, aggressive-Mode Message 2).

26/03/16 10:24:01, 463 raccoon [2580]: > > > > > status of phase change = Phase 1 began with a peer

26/03/16 10:24:01, 463 raccoon [2580]: > > > > > status of phase change = Phase 1 began with a peer

26/03/16 10:24:01, 463 raccoon [2580]: IKE Packet: receive a success. (Initiator, Aggressive Mode 2 message).

26/03/16 10:24:01, 463 raccoon [2580]: initiating IKEv1 Phase 1: success. (Initiator, aggressive Mode).

26/03/16 10:24:01, 463 raccoon [2580]: IKE Packet: forward the success. (Initiator, Aggressive Mode 3 message).

26/03/16 10:24:01, 463 raccoon [2580]: IPSec Phase 1 established (initiated by me).

26/03/16 10:24:01, 463 raccoon [2580]: IPSec Phase 1 established (initiated by me).

26/03/16 10:24:01, 484 raccoon [2580]: IPSec Extended requested authentication.

26/03/16 10:24:01, 484 raccoon [2580]: IPSec Extended requested authentication.

26/03/16 10:24:01, nesessionmanager 485 [2112]: IPSec asking extended authentication.

[26/03/16 10:24:01, 494 nesessionmanager [2112]: NESMLegacySession[$VPN-CONN-NAME:B7816CCC-2D2C-4D6D-83D9-B2C8B6EB8589]: status changed by disconnecting

26/03/16 10:24:01, 495 nesessionmanager [2112]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 495 [2580]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 495 [2580]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 495 [2580]: IKE Packet: forward the success. (Information message).

26/03/16 10:24:01, racoon 495 [2580]: IKEv1-Information Notice: pass success. (Delete the ISAKMP Security Association).

26/03/16 10:24:01, racoon 495 [2580]: could not send message vpn_control: Broken pipe

26/03/16 10:24:01, racoon 495 [2580]: could not send message vpn_control: Broken pipe

[26/03/16 10:24:01, 496 nesessionmanager [2112]: NESMLegacySession[$VPN-CONN-NAME:B7816CCC-2D2C-4D6D-83D9-B2C8B6EB8589]: status changed to offline, last stop reason no

26/03/16 10:24:01, racoon 496 [2580]: glob found no match for the path "/ var/run/racoon/*.conf".

26/03/16 10:24:01, racoon 496 [2580]: glob found no match for the path "/ var/run/racoon/*.conf".

26/03/16 10:24:01, racoon 496 [2580]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:24:01, racoon 496 [2580]: IPSec disconnection from the server $VPN_SERVER_IP

$VPN_SERVER_IP

II. new VPN connection using L2TP over IPSec Console app log:

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextSetFillColorWithColor: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextSetStrokeColorWithColor: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextGetCompositeOperation: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextSetCompositeOperation: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextFillRects: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextSetCompositeOperation: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextClipToRect: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextGetShouldSmoothFonts: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextGetFontSmoothingStyle: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 293 com.apple.preference.network.remoteservice [2539]: CGContextGetFontAntialiasingStyle: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextSetFontSmoothingStyle: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextGetCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextGetDefaultUserSpaceToDeviceSpaceTransform: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextSaveGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextConcatCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextSaveGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextDrawImages: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextRestoreGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextRestoreGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextGetCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextGetShouldSmoothFonts: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextGetFontSmoothingStyle: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextSetFontSmoothingStyle: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, 294 com.apple.preference.network.remoteservice [2539]: CGContextSetFontSmoothingStyle: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextGetCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextGetDefaultUserSpaceToDeviceSpaceTransform: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextSaveGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, com.apple.preference.network.remoteservice [2539 295]: CGContextConcatCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextSaveGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextDrawImages: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextRestoreGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextRestoreGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextGetCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextGetCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextGetDefaultUserSpaceToDeviceSpaceTransform: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextSaveGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, com.apple.preference.network.remoteservice [2539 295]: CGContextConcatCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextSaveGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextDrawImages: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextRestoreGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextRestoreGState: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:26, [2539 295] com.apple.preference.network.remoteservice: CGContextGetCTM: context invalid 0x0. If you want to see the trail, please set CG_CONTEXT_SHOW_BACKTRACE environment variable.

26/03/16 10:37:28, [2539 339] com.apple.preference.network.remoteservice: error in CoreDragRemoveTrackingHandler:-1856

26/03/16 10:37:28, [2539 339] com.apple.preference.network.remoteservice: error in CoreDragRemoveReceiveHandler:-1856

26/03/16 10:37:28, com.apple.xpc.launchd [1 393]: (com.apple.SystemUIServer.agent [2346]) Service was released due to the signal: Broken pipe: 13

26/03/16 10:37:28, Spotlight 461 [459]: spot: logging agent

26/03/16 10:37:28, [2539 487] com.apple.preference.network.remoteservice: service - area of the one error ERROR = NEConfigurationErrorDomain Code = 9 "configuration is unchanged" UserInfo = {NSLocalizedDescription = configuration is unchanged}

26/03/16 10:37:28, [2539 487] com.apple.preference.network.remoteservice: service - area of the one error ERROR = NEConfigurationErrorDomain Code = 9 "configuration is unchanged" UserInfo = {NSLocalizedDescription = configuration is unchanged}

26/03/16 10:37:28, nesessionmanager 519 [2112]: NESMLegacySession [VPN_CONN_NAME$: 04c 10954-16 b 2 - 40BB - B3F1 - 9288F968029E]: received an order to start com.apple.preference.network.re [2539]

26/03/16 10:37:28, nesessionmanager 519 [2112]: NESMLegacySession [VPN_CONN_NAME$: 04c 10954-16 b 2 - 40BB - B3F1 - 9288F968029E]: changed to connecting status

26/03/16 10:37:28, com.apple.SecurityServer [75 536]: rules of problem opening the file "/ etc/authorization ': no such file or directory

26/03/16 10:37:28, com.apple.SecurityServer [75 536]: sandbox has denied authorizing the right "system.keychain.modify" customer "/ usr/libexec/nehelper" [184]

26/03/16 10:37:28, 536 pppd [2616]: NetworkExtension is the controller

26/03/16 10:37:28, 538 pppd [2616]: NetworkExtension is the controller

26/03/16 10:37:28, nehelper 540 [184]: 10954-16 b 2 - 40BB - B3F1 04c - 9288F968029E: cannot copy content, returned SecKeychainItemCopyContent user interaction is not allowed.

26/03/16 10:37:28, nehelper 540 [184]: 10954-16 b 2 - 40BB - B3F1 04c - 9288F968029E: SecKeychainItemFreeContent returned the user interaction is not allowed.

26/03/16 10:37:28, 570 pppd [2616]: password not found in the system keychain

26/03/16 10:37:28, 572 pppd [2616]: publish_entry SCDSet() failed: success!

26/03/16 10:37:28, 573 pppd [2616]: publish_entry SCDSet() failed: success!

26/03/16 10:37:28, 573 pppd [2616]: pppd 2.4.2 (Apple version 809.40.5) started by $VPN_SERVER_USER, uid 501

26/03/16 10:37:28, SystemUIServer 620 [2615]: [BluetoothHIDDeviceController] EventServiceConnectedCallback

26/03/16 10:37:28, SystemUIServer 620 [2615]: [BluetoothHIDDeviceController] EventServiceDisconnectedCallback

26/03/16 10:37:28, authd 720 [124]: copy_rights: _server_authorize failed

26/03/16 10:37:28, sandboxd 748 [120]: nehelper (184) ([184]) refuse the authorization-right-get system.keychain.modify

III. New connection of Cisco VPN through IPSec Console app log:

26/03/16 10:18:26, 917 WindowServer [172]: _CGXRemoveWindowFromWindowMovementGroup: 0x10d of window is not attached to the window 0x10f

26/03/16 10:19:43, 975 WindowServer [172]: _CGXRemoveWindowFromWindowMovementGroup: 0x10d of window is not attached to the window 0x10f

[26/03/16 10:19:56 nesessionmanager 265 [2112]: NESMLegacySession[$VPN-CONN-NAME:72874CC0-2A89-4B61-80F1-9BB4F3EA953B]: received an order to start SystemUIServer [2346]

[26/03/16 10:19:56 nesessionmanager 265 [2112]: NESMLegacySession[$VPN-CONN-NAME:72874CC0-2A89-4B61-80F1-9BB4F3EA953B]: changed to connecting status

26/03/16 10:19:56, nesessionmanager 267 [2112]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:19:56, nesessionmanager 270 [2112]: phase 1 of the IPSec from.

26/03/16 10:19:56, authd 284 [124]: copy_rights: _server_authorize failed

26/03/16 10:19:56, 295 raccoon [2576]: agreed to the takeover of vpn connection.

26/03/16 10:19:56, 295 raccoon [2576]: agreed to the takeover of vpn connection.

26/03/16 10:19:56, 295 raccoon [2576]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:19:56, 295 raccoon [2576]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:19:56, racoon 296 [2576]: connection.

26/03/16 10:19:56, racoon 296 [2576]: IPSec Phase 1 started (initiated by me).

26/03/16 10:19:56, racoon 296 [2576]: IPSec Phase 1 started (initiated by me).

26/03/16 10:19:56, racoon 308 [2576]: IKE Packet: forward the success. (Initiator, Aggressive Mode 1 message).

26/03/16 10:19:56, racoon 308 [2576]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:19:56, racoon 308 [2576]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:19:56, 352 raccoon [2576]: no message must be encrypted, 0x14a1, side 0 status

26/03/16 10:19:56, 352 raccoon [2576]: no message must be encrypted, 0x14a1, side 0 status

26/03/16 10:19:56, nesessionmanager 352 [2112]: Controller IPSec: IKE FAILED. phase 2, assert 0

26/03/16 10:19:56, nesessionmanager 353 [2112]: Controller IPSec: retry the aggressive mode IPSec with DH group 2

26/03/16 10:19:56, nesessionmanager 373 [2112]: phase 1 of the IPSec from.

26/03/16 10:19:56, 374 raccoon [2576]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:19:56, 374 raccoon [2576]: IPSec to connect to the server $VPN_SERVER_IP

26/03/16 10:19:56, 374 raccoon [2576]: connection.

26/03/16 10:19:56, 374 raccoon [2576]: IPSec Phase 1 started (initiated by me).

26/03/16 10:19:56, 374 raccoon [2576]: IPSec Phase 1 started (initiated by me).

26/03/16 10:19:56, racoon 376 [2576]: IKE Packet: forward the success. (Initiator, Aggressive Mode 1 message).

26/03/16 10:19:56, racoon 376 [2576]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:19:56, racoon 376 [2576]: > > > > > status of phase change = Phase 1 began by us

26/03/16 10:19:56, racoon 404 [2576]: port 62465 anticipated, but 0

26/03/16 10:19:56, racoon 404 [2576]: port 62465 anticipated, but 0

26/03/16 10:19:56, racoon 432 [2576]: IKEv1 Phase 1 AUTH: success. (Initiator, aggressive-Mode Message 2).

26/03/16 10:19:56, racoon 432 [2576]: > > > > > status of phase change = Phase 1 began with a peer

26/03/16 10:19:56, racoon 432 [2576]: > > > > > status of phase change = Phase 1 began with a peer

26/03/16 10:19:56, racoon 432 [2576]: IKE Packet: receive a success. (Initiator, Aggressive Mode 2 message).

26/03/16 10:19:56, racoon 432 [2576]: initiating IKEv1 Phase 1: success. (Initiator, aggressive Mode).

26/03/16 10:19:56, racoon 432 [2576]: IKE Packet: forward the success. (Initiator, Aggressive Mode 3 message).

26/03/16 10:19:56, 433 raccoon [2576]: IPSec Phase 1 established (initiated by me).

26/03/16 10:19:56, 433 raccoon [2576]: IPSec Phase 1 established (initiated by me).

26/03/16 10:19:56, racoon 453 [2576]: IPSec Extended requested authentication.

26/03/16 10:19:56, racoon 453 [2576]: IPSec Extended requested authentication.

26/03/16 10:19:56, 454 nesessionmanager [2112]: IPSec asking extended authentication.

[26/03/16 10:19:56, nesessionmanager 464 [2112]: NESMLegacySession[$VPN-CONN-NAME:72874CC0-2A89-4B61-80F1-9BB4F3EA953B]: status changed by disconnecting

26/03/16 10:19:56, nesessionmanager 464 [2112]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:19:56, racoon 465 [2576]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:19:56, racoon 465 [2576]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:19:56, racoon 465 [2576]: IKE Packet: forward the success. (Information message).

26/03/16 10:19:56, racoon 465 [2576]: IKEv1-Information Notice: pass success. (Delete the ISAKMP Security Association).

26/03/16 10:19:56, racoon 465 [2576]: could not send message vpn_control: Broken pipe

26/03/16 10:19:56, racoon 465 [2576]: could not send message vpn_control: Broken pipe

[26/03/16 10:19:56, nesessionmanager 465 [2112]: NESMLegacySession[$VPN-CONN-NAME:72874CC0-2A89-4B61-80F1-9BB4F3EA953B]: status changed to offline, last stop reason no

26/03/16 10:19:56, 466 raccoon [2576]: glob found no match for the path "/ var/run/racoon/*.conf".

26/03/16 10:19:56, 466 raccoon [2576]: glob found no match for the path "/ var/run/racoon/*.conf".

26/03/16 10:19:56, 466 raccoon [2576]: IPSec disconnection from the server $VPN_SERVER_IP

26/03/16 10:19:56, 466 raccoon [2576]: IPSec disconnection from the server $VPN_SERVER_IP

It seems that I solved the problem, but I'm not sure it helped.

After restart of the operating system, the two connections: old and new Cisco via IPSec connection, began to work.

VPN in aggressive mode

Similar Questions

Maybe you are looking for