Solved

Cisco VPN - ASA 5505 Setup - SW error occured, hash verification failed

Posted on 2010-09-08
6
3,773 Views
Last Modified: 2012-06-27
Hi All,

So my client needs this VPN setup..like RIGHT AWAY and this is a first for me.

I inherited this Cisco ASA 5505 device and was told that there was working VPN on it.  The one person who used to VPN in was using the Cisco Easy Connect client (which I cannot find an executable for or logi to cisco to get)

So here is what I have done.. I have logged into the ASA 5505 and run the IPSec Remote Access Wizard for a Remote Gateway.  I also installed the Cisco VPN Client on my Windows 7 (Version 5)

In the VPN Client I entered the router WAN IP.  When I try and connect it says contacting the sexurity gateway for about 2 seconds and then fails.  In the VPN client log I get this


23     08:20:53.872  09/08/10  Sev=Warning/2      IKE/0xE300009B
Failed to authenticate peer (Navigator:915)

24     08:20:53.872  09/08/10  Sev=Warning/2      IKE/0xE30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2263)

25     08:21:36.203  09/08/10  Sev=Warning/3      IKE/0xE3000057
The received HASH payload cannot be verified

26     08:21:36.203  09/08/10  Sev=Warning/2      IKE/0xE300007E
Hash verification failed... may be configured with invalid group password.

27     08:21:36.203  09/08/10  Sev=Warning/2      IKE/0xE300009B
Failed to authenticate peer (Navigator:915)

28     08:21:36.204  09/08/10  Sev=Warning/2      IKE/0xE30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2263)

29     08:21:38.246  09/08/10  Sev=Warning/3      IKE/0xE3000057
The received HASH payload cannot be verified

30     08:21:38.247  09/08/10  Sev=Warning/2      IKE/0xE300007E
Hash verification failed... may be configured with invalid group password.

31     08:21:38.248  09/08/10  Sev=Warning/2      IKE/0xE300009B
Failed to authenticate peer (Navigator:915)

32     08:21:38.250  09/08/10  Sev=Warning/2      IKE/0xE30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2263)


I need to get this up and running asap, please help!!
0
Comment
Question by:btny
6 Comments
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
0
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
hope that helps :-)
0
 

Author Comment

by:btny
Comment Utility
Thanks I followed this guide to set it up using asdm
I will review it again but does this help with the errors I'm getting?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Expert Comment

by:Mystique_87
Comment Utility
hi btny,

check if the tunnel group attributes are entered correctly in the VPN server and the same are entered in the connection profile of the client software, including the lower case or upper case in which the config is entered
0
 
LVL 9

Expert Comment

by:Donboo
Comment Utility
This "Hash verification failed... may be configured with invalid group password." indicate that the group password on the client and the group password on the ASA are not matching. pucnh them in again or simplify them by using "1234" as a test.
0
 

Accepted Solution

by:
btny earned 0 total points
Comment Utility
Thanks all for the support but the problem here was that the SSL was going over 443 and they had OWA which also used 443.

Along with a cisco tech we changed teh VPn SSL to 4433!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now