Solved

VPN Connection Woes

Posted on 2008-10-20
2
578 Views
Last Modified: 2011-09-20
I am providing support for a client who recently started having problems with a vpn connection using Mobile User VPN 6.1.1. As far as I know nothing has changed about his environment. Here is what happens. He right clicks on the tray icon and clicks on connect.  The connection is made and he is prompted for his user name and password. The username and password seems to be accepted as there are no errors, but then instead of going forward a box pops up which says:  Unable to connect to My Connections\XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX.  Please check logs for further details.

Here is what the logs say (I x'ed out the external ip addresses for security purposes):

10-20: 14:55:50.467  
10-20: 14:55:50.507 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Initiating IKE Phase 1 (IP ADDR=65.213.205.34)
10-20: 14:55:50.547 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x)
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, VID 2x, NAT-D 2x, HASH)
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Peer is NAT-T draft-02 capable
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - NAT is detected for Client
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Floating to IKE non-500 port
10-20: 14:55:50.628 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACTNAT-D 2x)
10-20: 14:55:50.628 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Established IKE SA
10-20: 14:55:50.638    MY COOKIE 33 c4 f7 7a f7 59 7a 43
10-20: 14:55:50.638    HIS COOKIE 16 75 5a 3c 27 c4 4 21
10-20: 14:55:50.668 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:55:50.668 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.
10-20: 14:56:00.802 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received DNS Address = IP ADDR=198.6.1.2
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received WINS Address = IP ADDR=xxx.xxx.xxx.xxx
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received Private IP Address = IP ADDR=xxx.xxx.xxx.xxx
10-20: 14:56:01.894 Virtual Interface configured to NOT use Def GW
10-20: 14:56:02.595 Virtual Interface constructed for local interface xxx.xxx.xxx.xxx
10-20: 14:56:02.835 Virtual Interface added: xxx.xxx.xxx.xxx/255.255.0.0 on ISDN "SafeNet VA miniport".
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received Private DNS Address = IP ADDR=198.6.1.2
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.
10-20: 14:56:02.895 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Initiating IKE Phase 2 with Client IDs (message id: 46F4EF20)
10-20: 14:56:02.895   Initiator = IP ADDR=xxx.xxx.xxx.xxx, prot = 0 port = 0
10-20: 14:56:02.895   Responder = IP ADDR=xxx.xxx.xxx.xxx, prot = 0 port = 0
10-20: 14:56:02.895 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
10-20: 14:56:02.935 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN)
10-20: 14:56:02.935 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Discarding IPSec SA negotiation (message id: 46F4EF20)
10-20: 14:56:02.975 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Discarding IKE SA negotiation
10-20: 14:56:02.985 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Deleting IKE SA (IP ADDR=65.213.205.34)
10-20: 14:56:02.985    MY COOKIE 33 c4 f7 7a f7 59 7a 43
10-20: 14:56:02.985    HIS COOKIE 16 75 5a 3c 27 c4 4 21
10-20: 14:56:02.985 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
10-20: 14:57:04.344 Interface lost: xxx.xxx.xxx.xxx


Any ideas?
0
Comment
Question by:schmad01
2 Comments
 
LVL 3

Expert Comment

by:jp10558
ID: 22761097
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.

Sounds like there is a misconfiguration at the server trying to use a different encryption version than the client... Maybe see if there is a client update to match any server updates that were made?
0
 

Accepted Solution

by:
schmad01 earned 0 total points
ID: 22780515
Found out that the client needed to be upgraded. It was not an encryption issue. Thanks anyway.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

775 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question