giorgosy78
asked on
CANNOT CONNECT VIA CISCO VPN CLIENT
Hi all
I am trying for hours to get a pc with cisco vpn client to connect on a remote site configured with easyvpn, i get the xauth screen and after it says not connected.
27 14:08:23.524 09/07/11 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.3(14)YT1, RELEASE SOFTWARE (fc1)
Synched to version 12.4(1.7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 07-Sep-05 16:58 by ealyon
828 14:08:23.524 09/07/11 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
829 14:08:23.528 09/07/11 Sev=Info/4 CM/0x63100019
Mode Config data received
830 14:08:23.537 09/07/11 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.200.22, GW IP = 93.109.248.210, Remote IP = 0.0.0.0
831 14:08:23.537 09/07/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 93.109.248.210
832 14:08:23.594 09/07/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 93.109.248.210
833 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 93.109.248.210
834 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 93.109.248.210
835 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3C452402
836 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED
837 14:08:24.334 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
838 14:08:26.835 09/07/11 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=F329FBBD10609C2F R_Cookie=AD3F799962747F6A) reason = DEL_REASON_IKE_NEG_FAILED
839 14:08:26.835 09/07/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED ". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
840 14:08:26.835 09/07/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
841 14:08:26.872 09/07/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
842 14:08:26.872 09/07/11 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
843 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
844 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
845 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
846 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
ANY IDEAS
I am trying for hours to get a pc with cisco vpn client to connect on a remote site configured with easyvpn, i get the xauth screen and after it says not connected.
27 14:08:23.524 09/07/11 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M),
Synched to version 12.4(1.7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 07-Sep-05 16:58 by ealyon
828 14:08:23.524 09/07/11 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
829 14:08:23.528 09/07/11 Sev=Info/4 CM/0x63100019
Mode Config data received
830 14:08:23.537 09/07/11 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.200.22, GW IP = 93.109.248.210, Remote IP = 0.0.0.0
831 14:08:23.537 09/07/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 93.109.248.210
832 14:08:23.594 09/07/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 93.109.248.210
833 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN)
834 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 93.109.248.210
835 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3C452402
836 14:08:23.594 09/07/11 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=F329FBBD10609C2F
837 14:08:24.334 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
838 14:08:26.835 09/07/11 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=F329FBBD10609C2F
839 14:08:26.835 09/07/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED
840 14:08:26.835 09/07/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
841 14:08:26.872 09/07/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
842 14:08:26.872 09/07/11 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
843 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
844 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
845 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
846 14:08:26.974 09/07/11 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
ANY IDEAS
Please post your config. Looks to me like your ISAKMP settings aren't matching what's required. "DEL_REASON_IKE_NEG_FAILED " My first guess would be the DH group being used. EZVPN requires DH group 2.
DEL_REASON_IKE_NEG_FAILED - looks like config issue
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi and thanks for taking the time to look at the config. However since i needed to do this urgently i have setup PPTP VPN on Windows 2003 and passthrough it through the cisco router.
Thanks
Thanks