Solved

CANNOT CONNECT VIA CISCO VPN CLIENT

Posted on 2011-09-07
5
1,634 Views
Last Modified: 2012-06-27
Hi all

I am trying for hours to get a pc with cisco vpn client to connect on a remote site configured with easyvpn, i get the xauth screen and after it says not connected.

27    14:08:23.524  09/07/11  Sev=Info/5      IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.3(14)YT1, RELEASE SOFTWARE (fc1)
Synched to version 12.4(1.7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 07-Sep-05 16:58 by ealyon

828    14:08:23.524  09/07/11  Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

829    14:08:23.528  09/07/11  Sev=Info/4      CM/0x63100019
Mode Config data received

830    14:08:23.537  09/07/11  Sev=Info/4      IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.200.22, GW IP = 93.109.248.210, Remote IP = 0.0.0.0

831    14:08:23.537  09/07/11  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 93.109.248.210

832    14:08:23.594  09/07/11  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 93.109.248.210

833    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 93.109.248.210

834    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 93.109.248.210

835    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3C452402

836    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED

837    14:08:24.334  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

838    14:08:26.835  09/07/11  Sev=Info/4      IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED

839    14:08:26.835  09/07/11  Sev=Info/4      CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

840    14:08:26.835  09/07/11  Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

841    14:08:26.872  09/07/11  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

842    14:08:26.872  09/07/11  Sev=Info/4      IKE/0x63000001
IKE received signal to terminate VPN connection

843    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

844    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

845    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

846    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped



ANY IDEAS
0
Comment
Question by:giorgosy78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36494930
Please post your config.  Looks to me like your ISAKMP settings aren't matching what's required.  "DEL_REASON_IKE_NEG_FAILED"  My first guess would be the DH group being used.  EZVPN requires DH group 2.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 36494954
DEL_REASON_IKE_NEG_FAILED - looks like config issue
0
 

Author Comment

by:giorgosy78
ID: 36495103
Please find atatched config and let me know pls what i may doing wrong.

Thanks for help
config.txt
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 36506140
Nothing jumps out at me from the config as being wrong.  You definitely have ISAKMP profiles with DH group 2, so that doesn't seem to be the problem.  

Since you say xauth is failing, can you test from the router that you can authenticate the user by using the "test aaa..." command?  (See http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_t1.html#wp1060379)

If that passes, it means the username and password can authenticate, so something else must be happening.  At that point we will probably want to look at some aaa debugs.
0
 

Author Comment

by:giorgosy78
ID: 36508270
Hi and thanks for taking the time to look at the config. However since i needed to do this urgently i have setup PPTP VPN on Windows 2003 and passthrough it through the cisco router.

Thanks
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question