Have a Cisco 1841 with a few different VPN Groups setup. Using Group authentication we have several different clients connecting but for some reason 2 of the clients will no longer connect. VPN will establish PHASE 1 but not completely connect.
If we use another groups name and key on the same pc that tried to login and failed it will work. Only 2 of the groups aren't working. Also, if we try the groupname and password on a different pc with the VPN Client it will also fail but try a different groupname and key and it will work.
Only resolution, I have found is to completely delete and rename the group.
The following is some logs from the client:
27 01:06:22.046 03/18/08 Sev=Info/4 CM/0x63100002
Begin connection process
28 01:06:22.062 03/18/08 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully
29 01:06:22.062 03/18/08 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
30 01:06:22.062 03/18/08 Sev=Info/4 CM/0x63100024
Attempt connection with server "A.A.A.A"
31 01:06:23.062 03/18/08 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with A.A.A.A.
32 01:06:23.078 03/18/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to A.A.A.A
33 01:06:23.078 03/18/08 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
34 01:06:23.078 03/18/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
35 01:06:23.218 03/18/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = A.A.A.A
36 01:06:23.218 03/18/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from A.A.A.A
37 01:06:23.218 03/18/08 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
38 01:06:23.218 03/18/08 Sev=Info/5 IKE/0x63000001
Peer supports DPD
39 01:06:23.218 03/18/08 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
40 01:06:23.218 03/18/08 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
41 01:06:23.218 03/18/08 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
42 01:06:23.234 03/18/08 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
43 01:06:23.265 03/18/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
ACT, NAT-D, NAT-D, VID(?), VID(Unity)) to A.A.A.A
44 01:06:23.265 03/18/08 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
45 01:06:23.265 03/18/08 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
46 01:06:23.265 03/18/08 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
47 01:06:23.265 03/18/08 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
48 01:06:23.281 03/18/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = A.A.A.A
49 01:06:23.281 03/18/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
E) from A.A.A.A
50 01:06:23.281 03/18/08 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
51 01:06:23.281 03/18/08 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now
52 01:06:23.281 03/18/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = A.A.A.A
53 01:06:23.281 03/18/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from A.A.A.A
54 01:06:23.281 03/18/08 Sev=Info/4 CM/0x63100015
Launch xAuth application
55 01:06:25.671 03/18/08 Sev=Info/4 CM/0x63100017
xAuth application returned
56 01:06:25.671 03/18/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to A.A.A.A
57 01:06:25.718 03/18/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = A.A.A.A
58 01:06:25.718 03/18/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from A.A.A.A
59 01:06:25.718 03/18/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to A.A.A.A
60 01:06:25.718 03/18/08 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
61 01:06:25.734 03/18/08 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
62 01:06:25.734 03/18/08 Sev=Info/5 IKE/0x6300005D
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).
63 01:06:25.734 03/18/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to A.A.A.A
64 01:06:25.765 03/18/08 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = A.A.A.A
65 01:06:25.765 03/18/08 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from A.A.A.A
66 01:06:25.765 03/18/08 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=8EBF772F4BE25714 R_Cookie=71A5E4ED3B7C6A23
67 01:06:25.765 03/18/08 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=8EBF772F4BE25714
R_Cookie=71A5E4ED3B7C6A23)
reason = PEER_DELETE-IKE_DELETE_UNS
PECIFIED
68 01:06:26.656 03/18/08 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=8EBF772F4BE25714
R_Cookie=71A5E4ED3B7C6A23)
reason = PEER_DELETE-IKE_DELETE_UNS
PECIFIED
69 01:06:26.656 03/18/08 Sev=Info/4 CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "PEER_DELETE-IKE_DELETE_UN
SPECIFIED"
. 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
70 01:06:26.656 03/18/08 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
71 01:06:26.656 03/18/08 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
Start Free Trial
