×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

The user receives a GI VPN START CALLBACK error message on Cisco VPN Client

Document

Wed, 07/22/2009 - 19:32
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue


The message indicates that the Cisco VPN Client does not get a reply from the Concentrator  or that the Cisco VPN Client software version is incompatible with the VPN server.

Resolution


In many situations upgrading the Cisco VPN Client to 3.5.2 or later resolves the problem. 


To resolve the issue, perform these steps:


  1. Enable debugs on the VPN Server (PIX/VPN Concentrator or Cisco IOS® router).


    If the VPN Server is a Cisco VPN 3000 Concentrator, enable these classes with severity to log 1-13:


    • IKE

    • IKEDBG

    • IPSEC

    • IPSECDBG


    To enable these, go to Configuration > System > Events > Classes.....


    Note: If there are no messages from the Client, the VPN Client is not communicating with the VPN server.


  2. Make sure that the ISP or any other intermediate device is not blocking User Datagram Protocol (UDP) port 500 use for the Internet Security Association and Key Management Protocol (ISAKMP) negotiation. Also verify that these devices are configured to allow Encapsulating Security Payload (ESP) and Authentication Header (AH).


    These are the ports and protocols necessary for IPSec:


    • ESP. IP Protocol 50

    • AH  Protocol. IP Protocol 51

    • UDP port 500 for ISAKMP

  3. Ensure that the VPN server or any intermediate device is enabled for Port Address Translation (PAT).

    Based on the debug messages from the VPN Concentrator Client, make sure that VPN server and VPN Client are not misconcfigured. Check for group name and user name mismatch, as well as encryption and authentication parameters.


If the problem persisits, contact the Technical Assistance Center (TAC).


For more information, refer to these documents:


Loading.

Actions

This Document

Related Content