04-16-2009 10:34 AM
Hi,
Whenever user trying to login into conceter getting the following errors on VPN concenters
40433 04/16/2009 10:57:47.480 SEV=5 IKEDBG/64 RPT=292 1.1.1.1
IKE Peer included IKE fragmentation capability flags:
Main Mode: True
Aggressive Mode: False
40435 04/16/2009 10:57:47.670 SEV=5 IKE/172 RPT=249 1.1.1.1
Group [H0u5t0N0]
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end is NOT behind a NAT device
40439 04/16/2009 10:57:53.030 SEV=4 IKE/52 RPT=212 1.1.1.1
Group [H0u5t0N0] User {xxxxxxxx]
User (xxxxxxx) authenticated.
40440 04/16/2009 10:57:53.200 SEV=5 IKE/184 RPT=211 1.1.1.1
Group [H0u5t0N0] User [sdziatkowiec]
Client Type: WinNT
Client Application Version: 5.0.00.0340
40442 04/16/2009 10:58:13.530 SEV=5 IKE/50 RPT=143 1.1.1.1
Group [H0u5t0N0] User [sdziatkowiec]
Connection terminated for peer xxxxxxxx.
Reason: Peer Terminate, Administratively Disconnected.
Remote Proxy N/A, Local Proxy N/A
40446 04/16/2009 10:59:00.480 SEV=4 IKE/136 RPT=139 1.1.1.1
Group [H0u5t0N0] User xxxxxx]
IKE session establishment timed out [AM_WAIT_DELETE], aborting!
At user end logs(Cisco VPN Client)
25 11:18:57.328 04/16/09 Sev=Info/4 IKE/0x6300002D
Phase-2 retransmission count exceeded: MsgID=6524FE77
26 11:18:57.328 04/16/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
27 11:18:57.328 04/16/09 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=4B4471259D1E22B4 R_Cookie=4545A9BBA00AE192) reason = DEL_REASON_IKE_NEG_FAILED
28 11:18:57.328 04/16/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
29 11:19:00.328 04/16/09 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=4B4471259D1E22B4 R_Cookie=4545A9BBA00AE192) reason = DEL_REASON_IKE_NEG_FAILED
30 11:19:00.328 04/16/09 Sev=Info/4 CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
31 11:19:00.328 04/16/09 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
32 11:19:00.843 04/16/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
33 11:19:00.843 04/16/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
34 11:19:00.843 04/16/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
35 11:19:00.843 04/16/09 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
04-17-2009 06:47 AM
Hi,
pl. give me the solution
Regards
sateesh
04-17-2009 10:58 AM
sateesh
From the message on the concentrator that the user is authenticated I would believe that it is getting part way through the negotiation, but then something fails.
I faced a situation recently that might be somewhat similar. We found that there was a small detail that was different in the way that the client was configured from the way that the concentrator was configured. Can you check the details of how your clients and concentrator are configured?
HTH
Rick
04-17-2009 12:26 PM
Hi,
After rebooting my concentrator its working fine. But in need small solution
I have 2 contrators at two diffrent locations(A & B), I want use one has Primary and otherone as secondary.
A -- Should be primary
B- should be secondary
There is tunnel beteen A and B
Config is same at both the ends includes redius,groups,access etc.
pl. let me know is there any possibility to the same.
Regards
sateesh
04-17-2009 12:36 PM
sateesh
Am I correct in assuming that your concentrator is one of the Cisco 3000 series of concentrators? If so I believe that there is a way to achieve what you describe. Have the users configure their client with the address of A as the concentrator. In the configuration of the groups on the concentrator there is an option to specify a backup concentrator and to push that information to the client. So configure A to specify B as the backup concentrator and to push that to the clients. When you do this the client will attempt to connec to A. If the connection to A fails then the client will attempt to connect to B.
HTH
Rick
04-17-2009 12:47 PM
Hi,
Could you pl. let me know the option where it is exactly as i have checked. But no luck.
Thanks in advance
Regards
sateesh
04-17-2009 01:00 PM
sateesh
In the concentrator, under configuration, choose the User Management tab, and then choose the Groups option. This should open a page which displays the groups that are configured. Choose the group that you want to configure and click on modify. This should open the configuration of the group. Click the Client Config tab which should bring up options about the client. One of these options is IPSec Backup Servers. In that option there is a pull down menu and you would select the option for Use List Below and input the address of the concentrator which will be the backup.
At that point the concentrator should begin to push to the clients the configured backup server. After you make the change remember to save the config.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: