Link to home
Start Free TrialLog in
Avatar of jvleigh221
jvleigh221Flag for United States of America

asked on

Connection Problems with Cisco VPN Client and Windows Server 2000 as RADIUS

We have 2 users who regularly need to dial in to our network. They have XP Pro laptops with a Cisco VPN client and use dial-up networking through their ISP to connect through our firewall to the RADIUS server.
This has worked very well.
However, one of the users recieved a new laptop (Still XP Pro). We installed the VPN client, we set all the same settings that were on the former laptop. When connecting we get the following errors.

1      14:29:02.225  02/08/08  Sev=Warning/3      IKE/0xE3000056
The received HASH payload cannot be verified

2      14:29:02.225  02/08/08  Sev=Warning/2      IKE/0xE300007D
Hash verification failed... may be configured with invalid group password.

3      14:29:02.288  02/08/08  Sev=Warning/3      DIALER/0xE3300008
GI VPNStart callback failed "CM_IKE_ESTABLISH_FAIL" (3h).

To me this looked like a bad password issue. So we cleared the account from the old laptop and re-created it using the same settings we are using in the new laptop. It still worked on the old laptop. So, not a password issue....got to be something else.

Any ideas?

Thank you.
Avatar of debuggerau
debuggerau
Flag of Australia image

Have you tried reinstalling the client - uninstall and reinstall?

Does the new PC come with norton security or something similar?

Avatar of jvleigh221

ASKER

Old and New pc differ only in hardware. Both have our corporate defined set of security programs installed.
Both have firewall configurations defined by group policy.
I have typed and retype and then tried again resetting the client's configurations.
I have checked and double checked the password on other clients.
I have set up new connections on the old computer to test the group name and password.
Each time the old computer connects the new computer does not.

Now, in one bit of research I came across one item that I haven't compared. Local Policy.
Tomorrow I'm going to compare the two computers' Local Policies to see if there are any striking areas that may prevent the VPN connection.

This is the strangest thing. I also tried using my computer (Vista) no deal there either.

I may attempt resetting the VPN password, but I hate to risk the other users losing connection afterwards.

Thanks.
You are only adjusting the password in your pdm: VPN -> General -> Tunnel group -> IPSEC Tab -> Pre shared key
I hope.

The user details should be getting resolved from radius, but the group password protects the client install, so if a PC and client get stolen you can keep the user records in radius and just blow-away the group in the VPN host.

The location may be slightly different, I'm using 7.2 for reference, but the idea is the same...

Here are the current errors I'm getting from the Cisci VPN client log.
5      11:33:06.421  03/12/08  Sev=Warning/3      IKE/0xE3000057
The received HASH payload cannot be verified

6      11:33:06.421  03/12/08  Sev=Warning/2      IKE/0xE300007E
Hash verification failed... may be configured with invalid group password.

7      11:33:06.421  03/12/08  Sev=Warning/2      IKE/0xE300009B
Failed to authenticate peer (Navigator:904)

8      11:33:06.421  03/12/08  Sev=Warning/2      IKE/0xE30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2237)

I'm sitting here trying this on two machines. One works the other doesn't.
It's not the password. I just reset the VPN client password on the old machine and re-entered it. Worked perfect.
Tried the same password in the new machine. Error.
Both are identical in every way except one is a newer model laptop than the other.
I've checked everything I can think of. Still the same result. The new machine will not connect.

If I find the solution I will post it here.
ASKER CERTIFIED SOLUTION
Avatar of jvleigh221
jvleigh221
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial