Urgent VPN Help

Unanswered Question
Feb 1st, 2008
User Badges:

VPN config:

vpngroup Admins-VPN address-pool Admins-VPN

vpngroup Admins-VPN dns-server

vpngroup Admins-VPN wins-server

vpngroup Admins-VPN default-domain abvalve.com

vpngroup Admins-VPN idle-time 1800

vpngroup Admins-VPN password ********

Client Errors:

trying to connect to my network over VPN this is what i get! we have a 506E

1 08:59:50.140 02/01/08 Sev=Warning/3 IKE/0xE3000057

The received HASH payload cannot be verified

2 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE300007E

Hash verification failed... may be configured with invalid group password.

3 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE300009B

Failed to authenticate peer (Navigator:904)

4 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE30000A7

Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)

any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danny Guillory Jr Fri, 02/01/2008 - 21:06
User Badges:

ok got the password matching and i can connect to the VPN now, but i cannot ping are log onto any of the servers in my network.

i cannot see anything on the inside my network!

ajagadee Fri, 02/01/2008 - 21:25
User Badges:
  • Cisco Employee,

Can you post a copy of your configuration along with information on what IP Addresses you are not able to access across the tunnel.



ajagadee Fri, 02/01/2008 - 22:21
User Badges:
  • Cisco Employee,

Couple of things, You are assigning IP Address to the VPN Clients from a pool which is part of the LAN behind the Pix. This is not a recommended configuration. Also, I dont see a NAT 0 command to bypass NAT for the VPN Clients. So, you could try

access-list inside_outbound_nat0_acl permit ip AB01-LF AB01-LF

After, applying the above ACL, your VPN Client still does not work. Then I would recommend that you configure a pool for the VPN Clients from a range of IP that is not part of your internal LAN. Example, and also configure NAT 0 to bypass NAT.

access-list inside_outbound_nat0_acl permit ip AB01-LF

Let me know if it works.



** Please rate all helpful posts **


This Discussion