02-01-2008 10:54 AM - edited 02-21-2020 03:31 PM
VPN config:
vpngroup Admins-VPN address-pool Admins-VPN
vpngroup Admins-VPN dns-server 10.9.2.5 10.9.2.6
vpngroup Admins-VPN wins-server 10.9.2.6
vpngroup Admins-VPN default-domain abvalve.com
vpngroup Admins-VPN idle-time 1800
vpngroup Admins-VPN password ********
Client Errors:
trying to connect to my network over VPN this is what i get! we have a 506E
1 08:59:50.140 02/01/08 Sev=Warning/3 IKE/0xE3000057
The received HASH payload cannot be verified
2 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE300007E
Hash verification failed... may be configured with invalid group password.
3 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE300009B
Failed to authenticate peer (Navigator:904)
4 08:59:50.140 02/01/08 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)
any ideas?
02-01-2008 12:01 PM
I believe it means that you have a password mismatch. The group password on the ASA/pix is different than the group password in the vpn client.
02-01-2008 09:06 PM
ok got the password matching and i can connect to the VPN now, but i cannot ping are log onto any of the servers in my network.
i cannot see anything on the inside my network!
02-01-2008 09:25 PM
Can you post a copy of your configuration along with information on what IP Addresses you are not able to access across the tunnel.
Regards,
Arul
02-01-2008 09:57 PM
02-01-2008 10:21 PM
Couple of things, You are assigning IP Address to the VPN Clients from a pool which is part of the LAN behind the Pix. This is not a recommended configuration. Also, I dont see a NAT 0 command to bypass NAT for the VPN Clients. So, you could try
access-list inside_outbound_nat0_acl permit ip AB01-LF 255.255.255.0 AB01-LF 255.255.255.0
After, applying the above ACL, your VPN Client still does not work. Then I would recommend that you configure a pool for the VPN Clients from a range of IP that is not part of your internal LAN. Example, 172.16.1.0/24 and also configure NAT 0 to bypass NAT.
access-list inside_outbound_nat0_acl permit ip AB01-LF 255.255.255.0 172.16.1.0 255.255.255.0
Let me know if it works.
Regards,
Arul
** Please rate all helpful posts **
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide