?
Solved

VPN Connection Woes

Posted on 2008-10-20
2
Medium Priority
?
592 Views
Last Modified: 2011-09-20
I am providing support for a client who recently started having problems with a vpn connection using Mobile User VPN 6.1.1. As far as I know nothing has changed about his environment. Here is what happens. He right clicks on the tray icon and clicks on connect.  The connection is made and he is prompted for his user name and password. The username and password seems to be accepted as there are no errors, but then instead of going forward a box pops up which says:  Unable to connect to My Connections\XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX.  Please check logs for further details.

Here is what the logs say (I x'ed out the external ip addresses for security purposes):

10-20: 14:55:50.467  
10-20: 14:55:50.507 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Initiating IKE Phase 1 (IP ADDR=65.213.205.34)
10-20: 14:55:50.547 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x)
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, VID 2x, NAT-D 2x, HASH)
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Peer is NAT-T draft-02 capable
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - NAT is detected for Client
10-20: 14:55:50.598 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Floating to IKE non-500 port
10-20: 14:55:50.628 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACTNAT-D 2x)
10-20: 14:55:50.628 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Established IKE SA
10-20: 14:55:50.638    MY COOKIE 33 c4 f7 7a f7 59 7a 43
10-20: 14:55:50.638    HIS COOKIE 16 75 5a 3c 27 c4 4 21
10-20: 14:55:50.668 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:55:50.668 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.
10-20: 14:56:00.802 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received DNS Address = IP ADDR=198.6.1.2
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received WINS Address = IP ADDR=xxx.xxx.xxx.xxx
10-20: 14:56:01.894 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received Private IP Address = IP ADDR=xxx.xxx.xxx.xxx
10-20: 14:56:01.894 Virtual Interface configured to NOT use Def GW
10-20: 14:56:02.595 Virtual Interface constructed for local interface xxx.xxx.xxx.xxx
10-20: 14:56:02.835 Virtual Interface added: xxx.xxx.xxx.xxx/255.255.0.0 on ISDN "SafeNet VA miniport".
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Received Private DNS Address = IP ADDR=198.6.1.2
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.
10-20: 14:56:02.895 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Initiating IKE Phase 2 with Client IDs (message id: 46F4EF20)
10-20: 14:56:02.895   Initiator = IP ADDR=xxx.xxx.xxx.xxx, prot = 0 port = 0
10-20: 14:56:02.895   Responder = IP ADDR=xxx.xxx.xxx.xxx, prot = 0 port = 0
10-20: 14:56:02.895 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
10-20: 14:56:02.935 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - RECEIVED<<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN)
10-20: 14:56:02.935 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Discarding IPSec SA negotiation (message id: 46F4EF20)
10-20: 14:56:02.975 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Discarding IKE SA negotiation
10-20: 14:56:02.985 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Deleting IKE SA (IP ADDR=65.213.205.34)
10-20: 14:56:02.985    MY COOKIE 33 c4 f7 7a f7 59 7a 43
10-20: 14:56:02.985    HIS COOKIE 16 75 5a 3c 27 c4 4 21
10-20: 14:56:02.985 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
10-20: 14:57:04.344 Interface lost: xxx.xxx.xxx.xxx


Any ideas?
0
Comment
Question by:schmad01
2 Comments
 
LVL 3

Expert Comment

by:jp10558
ID: 22761097
10-20: 14:56:02.855 My Connections\xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx - Unsupported AES proposal ignored.

Sounds like there is a misconfiguration at the server trying to use a different encryption version than the client... Maybe see if there is a client update to match any server updates that were made?
0
 

Accepted Solution

by:
schmad01 earned 0 total points
ID: 22780515
Found out that the client needed to be upgraded. It was not an encryption issue. Thanks anyway.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question