Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


I've created a VPN on a PIX 515e (6.3).  When I telnet to the server on the remote network I get the "oak_conf_xauth" state when I sh isakmp sa.  The isakmp entry is: isakmp key ******** address netmask no-xauth no-config-mode.  I know the peer address and key are correct.

I've never seen this error message before, and there are no solutions on the Internet that I can find that adequately describes the message. Can anyone give me a concise explanation of what this error message means?

Everyone's tags (4)

Re: oak_conf_xauth


what version of OS are you running on your security appliance  ? Is it a site-to-site VPN to another cisco device ?

since you have already given no-xauth & no-config-mode, it shouldnt authenticate further.. Try clearing the ISAKMP SA, to renegotiate parameters between the end points.. what is the state on other side of the VPN end point ? clear isakmp sa..  or you can probably remove the tunnel and recreate, which could sometimes solve this issue.. did u do you a debug crypto isakmp ? did it give you any indications ?

Hope this helps.. all the best


New Member

Re: oak_conf_xauth


It's a new site-to-site VPN. I cleared the isakmp sa and tried to

telnet again, but I got the same error. I'm using a PIX 151e with 6.3

OS. The other side is a Dlink DFL260 that I don't have access to.

What exactly does the "oak_conf_xauth" message mean?

Thanks for the reply and the help!



Re: oak_conf_xauth

I havent seen this error before, but it might just be related to Extended authentication settings which is

normally used for telecommuter setup.. im not sure if this is documented in CCO.. what does debug crypto isakmp give ? Can you post that result please ?

someone internal in cisco can probably clarify this ... is this box on support ? You can open a TAC if it is...