Urgent VPN Help

Unanswered Question
Feb 1st, 2008

VPN config:

vpngroup Admins-VPN address-pool Admins-VPN

vpngroup Admins-VPN dns-server 10.9.2.5 10.9.2.6

vpngroup Admins-VPN wins-server 10.9.2.6

vpngroup Admins-VPN default-domain abvalve.com

vpngroup Admins-VPN idle-time 1800

vpngroup Admins-VPN password ********

Client Errors:

trying to connect to my network over VPN this is what i get! we have a 506E

1 08:59:50.140 02/01/08 Sev=Warning/3 IKE/0xE3000057

The received HASH payload cannot be verified

2 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE300007E

Hash verification failed... may be configured with invalid group password.

3 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE300009B

Failed to authenticate peer (Navigator:904)

4 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE30000A7

Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)

any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danny Guillory Jr Fri, 02/01/2008 - 21:06

ok got the password matching and i can connect to the VPN now, but i cannot ping are log onto any of the servers in my network.

i cannot see anything on the inside my network!

ajagadee Fri, 02/01/2008 - 21:25

Can you post a copy of your configuration along with information on what IP Addresses you are not able to access across the tunnel.

Regards,

Arul

ajagadee Fri, 02/01/2008 - 22:21

Couple of things, You are assigning IP Address to the VPN Clients from a pool which is part of the LAN behind the Pix. This is not a recommended configuration. Also, I dont see a NAT 0 command to bypass NAT for the VPN Clients. So, you could try

access-list inside_outbound_nat0_acl permit ip AB01-LF 255.255.255.0 AB01-LF 255.255.255.0

After, applying the above ACL, your VPN Client still does not work. Then I would recommend that you configure a pool for the VPN Clients from a range of IP that is not part of your internal LAN. Example, 172.16.1.0/24 and also configure NAT 0 to bypass NAT.

access-list inside_outbound_nat0_acl permit ip AB01-LF 255.255.255.0 172.16.1.0 255.255.255.0

Let me know if it works.

Regards,

Arul

** Please rate all helpful posts **

Actions

This Discussion