Solved

VPN Connection Woes

Posted on 2008-10-20
2
576 Views
Last Modified: 2011-09-20
I am providing support for a client who recently started having problems with a vpn connection using Mobile User VPN 6.1.1. As far as I know nothing has changed about his environment. Here is what happens. He right clicks on the tray icon and clicks on connect.  The connection is made and he is prompted for his user name and password. The username and password seems to be accepted as there are no errors, but then instead of going forward a box pops up which says:  Unable to connect to My Connections\XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX.  Please check logs for further details.

Here is what the logs say (I x'ed out the external ip addresses for security purposes):

10-20: 14:55:50.467  
10-20: 14:55:50.507 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Initiating IKE Phase 1 (IP ADDR=65.213.205.34)
10-20: 14:55:50.547 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x)
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, VID 2x, NAT-D 2x, HASH)
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Peer is NAT-T draft-02 capable
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - NAT is detected for Client
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Floating to IKE non-500 port
10-20: 14:55:50.628 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACTNAT-D 2x)
10-20: 14:55:50.628 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Established IKE SA
10-20: 14:55:50.638    MY COOKIE 33 c4 f7 7a f7 59 7a 43
10-20: 14:55:50.638    HIS COOKIE 16 75 5a 3c 27 c4 4 21
10-20: 14:55:50.668 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:55:50.668 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.
10-20: 14:56:00.802 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received DNS Address = IP ADDR=198.6.1.2
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received WINS Address = IP ADDR=xxx.xxx.xxx.xxx
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received Private IP Address = IP ADDR=xxx.xxx.xxx.xxx
10-20: 14:56:01.894 Virtual Interface configured to NOT use Def GW
10-20: 14:56:02.595 Virtual Interface constructed for local interface xxx.xxx.xxx.xxx
10-20: 14:56:02.835 Virtual Interface added: xxx.xxx.xxx.xxx/255.255.0.0 on ISDN "SafeNet VA miniport".
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received Private DNS Address = IP ADDR=198.6.1.2
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.
10-20: 14:56:02.895 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Initiating IKE Phase 2 with Client IDs (message id: 46F4EF20)
10-20: 14:56:02.895   Initiator = IP ADDR=xxx.xxx.xxx.xxx, prot = 0 port = 0
10-20: 14:56:02.895   Responder = IP ADDR=xxx.xxx.xxx.xxx, prot = 0 port = 0
10-20: 14:56:02.895 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
10-20: 14:56:02.935 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN)
10-20: 14:56:02.935 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Discarding IPSec SA negotiation (message id: 46F4EF20)
10-20: 14:56:02.975 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Discarding IKE SA negotiation
10-20: 14:56:02.985 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Deleting IKE SA (IP ADDR=65.213.205.34)
10-20: 14:56:02.985    MY COOKIE 33 c4 f7 7a f7 59 7a 43
10-20: 14:56:02.985    HIS COOKIE 16 75 5a 3c 27 c4 4 21
10-20: 14:56:02.985 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
10-20: 14:57:04.344 Interface lost: xxx.xxx.xxx.xxx


Any ideas?
0
Comment
Question by:schmad01
2 Comments
 
LVL 3

Expert Comment

by:jp10558
Comment Utility
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.

Sounds like there is a misconfiguration at the server trying to use a different encryption version than the client... Maybe see if there is a client update to match any server updates that were made?
0
 

Accepted Solution

by:
schmad01 earned 0 total points
Comment Utility
Found out that the client needed to be upgraded. It was not an encryption issue. Thanks anyway.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now