Solved

CANNOT CONNECT VIA CISCO VPN CLIENT

Posted on 2011-09-07
5
1,580 Views
Last Modified: 2012-06-27
Hi all

I am trying for hours to get a pc with cisco vpn client to connect on a remote site configured with easyvpn, i get the xauth screen and after it says not connected.

27    14:08:23.524  09/07/11  Sev=Info/5      IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.3(14)YT1, RELEASE SOFTWARE (fc1)
Synched to version 12.4(1.7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 07-Sep-05 16:58 by ealyon

828    14:08:23.524  09/07/11  Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

829    14:08:23.528  09/07/11  Sev=Info/4      CM/0x63100019
Mode Config data received

830    14:08:23.537  09/07/11  Sev=Info/4      IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.200.22, GW IP = 93.109.248.210, Remote IP = 0.0.0.0

831    14:08:23.537  09/07/11  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 93.109.248.210

832    14:08:23.594  09/07/11  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 93.109.248.210

833    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 93.109.248.210

834    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 93.109.248.210

835    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3C452402

836    14:08:23.594  09/07/11  Sev=Info/4      IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED

837    14:08:24.334  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

838    14:08:26.835  09/07/11  Sev=Info/4      IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED

839    14:08:26.835  09/07/11  Sev=Info/4      CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

840    14:08:26.835  09/07/11  Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

841    14:08:26.872  09/07/11  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

842    14:08:26.872  09/07/11  Sev=Info/4      IKE/0x63000001
IKE received signal to terminate VPN connection

843    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

844    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

845    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

846    14:08:26.974  09/07/11  Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped



ANY IDEAS
0
Comment
Question by:giorgosy78
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36494930
Please post your config.  Looks to me like your ISAKMP settings aren't matching what's required.  "DEL_REASON_IKE_NEG_FAILED"  My first guess would be the DH group being used.  EZVPN requires DH group 2.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 36494954
DEL_REASON_IKE_NEG_FAILED - looks like config issue
0
 

Author Comment

by:giorgosy78
ID: 36495103
Please find atatched config and let me know pls what i may doing wrong.

Thanks for help
config.txt
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 36506140
Nothing jumps out at me from the config as being wrong.  You definitely have ISAKMP profiles with DH group 2, so that doesn't seem to be the problem.  

Since you say xauth is failing, can you test from the router that you can authenticate the user by using the "test aaa..." command?  (See http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_t1.html#wp1060379)

If that passes, it means the username and password can authenticate, so something else must be happening.  At that point we will probably want to look at some aaa debugs.
0
 

Author Comment

by:giorgosy78
ID: 36508270
Hi and thanks for taking the time to look at the config. However since i needed to do this urgently i have setup PPTP VPN on Windows 2003 and passthrough it through the cisco router.

Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't ping New Linux Servers 40 66
Cisco ASA 3 27
Switch ports not working 8 34
Multiple MPLS Circuits Connecting to LAN 3 29
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question