I've created a VPN on a PIX 515e (6.3). When I telnet to the server on the remote network I get the "oak_conf_xauth" state when I sh isakmp sa. The isakmp entry is: isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255 no-xauth no-config-mode. I know the peer address and key are correct.
I've never seen this error message before, and there are no solutions on the Internet that I can find that adequately describes the message. Can anyone give me a concise explanation of what this error message means?
what version of OS are you running on your security appliance ? Is it a site-to-site VPN to another cisco device ?
since you have already given no-xauth & no-config-mode, it shouldnt authenticate further.. Try clearing the ISAKMP SA, to renegotiate parameters between the end points.. what is the state on other side of the VPN end point ? clear isakmp sa.. or you can probably remove the tunnel and recreate, which could sometimes solve this issue.. did u do you a debug crypto isakmp ? did it give you any indications ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...