Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
4411
Views
0
Helpful
0
Comments

Unable to connect VPN client to PIX/ASA and the "Sev=Warning/2 IKE/0xE300007E Hash verification failed... may be configured with invalid group password" error message appears in the VPN client logs

TCC_2
Level 10
Level 10

on ‎06-17-2009 10:13 PM

Core issue

This issue usually occurs because of these two reasons:

  1. Mismatch in group name and password on Cisco VPN client
  2. Dynamic map not properly configured on headend device

Resolution

In order to resolve this issue, make sure this is properly configured:

  1. The group name and password on Cisco VPN client must match with the group name and password configured on the headend device.
  2. Dynamic map must be configured and binded to outside interface. Refer to How to configure dynamic maps in a PIX 500 series Firewall with software version PIX 7.x ? in order to learn more about dynamic maps.

Note: With Cisco VPN client version 4.6.x  and later, the maximum pre-shared key length for the VPN Client is 128 characters. The previous limit was 32 characters. The increased key size works only with central-site devices that support 128 characters, for example, an ASA device.

If the central-site device does not support 128 characters, for example, a VPN 3000 Concentrator, you receive the same log messages as if the pre-shared key were wrong:

386 15:39:39.010  03/30/05 Sev=Warning/3 IKE/0xE3000056
The received HASH payload cannot be verified

387 15:39:39.010  03/30/05  Sev=Warning/2 IKE/0xE300007D
Hash verification failed... may be configured with invalid group password.

Client Location on Network with PIX

Outside

VPN Protocols

Pre-shared key

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents