CANNOT CONNECT VIA CISCO VPN CLIENT

Hi all

I am trying for hours to get a pc with cisco vpn client to connect on a remote site configured with easyvpn, i get the xauth screen and after it says not connected.

27    14:08:23.524  09/07/11  Sev=Info/5      IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.3(14)YT1, RELEASE SOFTWARE (fc1)
Synched to version 12.4(1.7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 07-Sep-05 16:58 by ealyon

828    14:08:23.524  09/07/11  Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

829    14:08:23.528  09/07/11  Sev=Info/4      CM/0x63100019
Mode Config data received

830    14:08:23.537  09/07/11  Sev=Info/4      IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.200.22, GW IP = 93.109.248.210, Remote IP = 0.0.0.0

831    14:08:23.537  09/07/11  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 93.109.248.210

832    14:08:23.594  09/07/11  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 93.109.248.210

833    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 93.109.248.210

834    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 93.109.248.210

835    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3C452402

836    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED

837    14:08:24.334  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

838    14:08:26.835  09/07/11  Sev=Info/4      IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED

839    14:08:26.835  09/07/11  Sev=Info/4      CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

840    14:08:26.835  09/07/11  Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

841    14:08:26.872  09/07/11  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

842    14:08:26.872  09/07/11  Sev=Info/4      IKE/0x63000001
IKE received signal to terminate VPN connection

843    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

844    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

845    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

846    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped



ANY IDEAS
giorgosy78Asked:
Who is Participating?
 
John MeggersConnect With a Mentor Network ArchitectCommented:
Nothing jumps out at me from the config as being wrong.  You definitely have ISAKMP profiles with DH group 2, so that doesn't seem to be the problem.  

Since you say xauth is failing, can you test from the router that you can authenticate the user by using the "test aaa..." command?  (See http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_t1.html#wp1060379)

If that passes, it means the username and password can authenticate, so something else must be happening.  At that point we will probably want to look at some aaa debugs.
0
 
John MeggersNetwork ArchitectCommented:
Please post your config.  Looks to me like your ISAKMP settings aren't matching what's required.  "DEL_REASON_IKE_NEG_FAILED"  My first guess would be the DH group being used.  EZVPN requires DH group 2.
0
 
fgasimzadeCommented:
DEL_REASON_IKE_NEG_FAILED - looks like config issue
0
 
giorgosy78Author Commented:
Please find atatched config and let me know pls what i may doing wrong.

Thanks for help
config.txt
0
 
giorgosy78Author Commented:
Hi and thanks for taking the time to look at the config. However since i needed to do this urgently i have setup PPTP VPN on Windows 2003 and passthrough it through the cisco router.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.