Remote Access VPN using Cisco 3005

Unanswered Question
Mar 19th, 2007

We have a 3005 VPN Concentrator terminating all of our remote access VPNs. One of the internal domain controllers went down which serves as DHCP/DNS servers for remote access VPN users. I changed the settings in numerous locations within the Concentrator configuration which has the new servers but users are still unable to connect. It gets stuck on "Negotiating Security Policy". I have confirmed from the VPN log that users are being authenticated properly. The log shows:

"Connection terminated for peer mblanchfield.

Reason: Peer Terminate, Administratively Disconnected."

"DHCP discover timeout: no response from polled servers"

"Received unsupported transaction mode attribute: 5"

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kamal Malhotra Mon, 03/19/2007 - 11:22

Hi Mark,

Please make sure that when you goto Configuration | System | Address Management | Assignment, 'Use DHCP' is checked. When you goto Configuration | System | Servers | DHCP, you have the correct DHCP IP. Please also make sure that this server is pingable from the concentrator.

HTH,

Please rate if it helps,

Regards,

Kamal

mark.blanchfield Mon, 03/19/2007 - 11:38

Kamal,

Hi. Thanks for the response. The servers are correct and I can ping the DHCP server. The logs are vague as far as what this might be. Here is more output from the log:

367 03/19/2007 13:28:14.770 SEV=6 IKE/201 RPT=4 66.153.244.7

Group [WaveL!nk1] User [mblanchfield]

Duplicate Phase 2 packet detected. No last packet to retransmit.

369 03/19/2007 13:28:20.280 SEV=5 IKE/50 RPT=2 66.153.244.7

Group [WaveL!nk1] User [mblanchfield]

Connection terminated for peer mblanchfield.

Reason: Peer Terminate, Administratively Disconnected.

Remote Proxy N/A, Local Proxy N/A

373 03/19/2007 13:28:22.560 SEV=3 DHCPDBG/39 RPT=2

DHCP discover timeout: no response from polled servers (xid 2251547051)

374 03/19/2007 13:28:22.560 SEV=5 IP/43 RPT=2

Deleting TCP entry for device 66.153.244.7 on port 18387

mark.blanchfield Mon, 03/19/2007 - 12:25

The issue is resolved. I had the incorrect DHCP servers in there. When I changed them, it started working. Thanks.

Actions

This Discussion