09-18-2005 12:33 PM - edited 02-21-2020 01:58 PM
Hi All!
I inherited a (Windows 2000, XP) network with a Cisco router configured for VPN connections.
Several (original) users have no problems connecting to our LAN using their (before my time) preconfigured connections. However when I try to configure additional notebooks with the same settings (Installing Client V. 4.0.1; Setting: Connection Entry, Host, Name, Password; Transport tab) they all receive the following error message:
=========================
VPN Client
Secure VPN Connection terminated locally by the Client
Reason: The remote peer is no longer responding.
=========================
I checked all settings on both (connecting and erroring out) machines (networking, services), and they are the same; Disabled firewalls on the client side; Tried several ISPs.
I am not a Cisco guy, and didnt touch the router yet.
Please let me know if there is a solution to my problem.
Thanks in advance for your help.
John
09-18-2005 01:12 PM
John,
The VPN client error message can be generated when the client side group authentication settings are not correct i.e. wrong password and or username!
Let me know how you get on.
Jay
09-18-2005 05:47 PM
Thanks a lot for your reply Jay.
All clients share the same user name and password, and it work just fine for the originally configured/installed clients.
Thanks again,
John
09-18-2005 08:13 PM
are we talking about group username/password and individual username/password or just group username/password
09-18-2005 09:00 PM
I was referring to the Name and Password fields under Authentication tab of the Cisco VPN Client. All computers use the same. Thank you.
09-19-2005 05:58 PM
one thing to verify is the inbound acl on the router. although it's not very common, but i know that some companys will restrict the remote vpn access by obtaining staff home internet ip.
another thing to verify is the group username/password. i understand that the doco you've got has already outlined the group username/password, however we shouldn't eliminate the possibility. to verify, put in the group username/password you've got onto those pc that can connect.
09-25-2005 10:35 PM
just wondering how you go
10-03-2005 10:59 PM
Thanks again for all your replies, and sorry for my delayed respond.
I found an old laptop with preconfigured VPN client, and successfully connected to the network. Then I installed the client on fresh XP SP2 box, and started comparing installations and make adjustments ...
Here's what I did:
- Installed default (Cisco) VPN client.
- Created a new connection with Host IP address (our router).
- Under Authentication tab selected Group Authentication, and populated Name, Password and Confirm Password fields with the information I had.
- Copied ABC.pcf file (located in c:\Program Files\Cisco Systems\VPN Client\Profiles) from the old (connecting) laptop to the new machine.
- Made sure that Cisco Systems, Inc. VPN Service and IPSEC Services Windows services are Automatic and Started.
Only after that I was able to connect using the new laptop (BTW, it was not a member of the Windows Domain, just a Workgroup).
When I clicked Connect button of the VPN Client, "VPN Client | User Authentication for "ABC VPN" dialog box popped up asking for Username and Password. I tried several accounts, and one of them worked (the same happened on the old laptop).
All this gives me an impression that the router (2621MX) authenticates twice – first time by that "Group Authentication", and then against some hard coded list of users/passwords. And neither of the mechanisms is linked to our Windows Domain users' accounts.
Is it so? Do you recognize the pattern?
It works, but I do need to add/remove users. If possible, would you let me know how to do that?
Thank you,
John
10-03-2005 11:34 PM
the router authenticates remote vpn user by first the group name and group password. if and only if it passes, then router will prompt for individual username and password.
to verify the group name and group password, look for the commands below from the router config:
crypto isakmp client configuration group vpnclient
key abc123
pool vpnpool
acl 101
with the sample config above, the group name is vpnclient and the group password is abc123.
to create a new remote vpn user,
router>en
router#conf t
router(config)#username
to delete a user,
router>en
router#conf t
router(config)#no username
10-04-2005 09:06 PM
Cool. Thank you JACKKO. I will try that.
10-13-2005 07:40 PM
just wondering how you go.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: