Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

7942G Phone VPN Authentication Issues

I have followed all of the documentation located here:

https://supportforums.cisco.com/docs/DOC-9124#/

I already have the AnyConnect client working properly. I have attempted to set up the phone connection using certificate authentication. I am using a seperate group policy with tunnel-all on it. DTLS is enabled. These are the messages that I am getting:

Status - 10:00:02a All Concentrators Failed

Phone - VPN Authentication failed.

Console Log -

8892: DBG 10:00:02.171244 VPNU: State AppsUp --> AppsUp

8893: DBG 10:00:02.171840 VPNU: SM wakeup - chld=0 tmr=0 io=1 res=0

8894: DBG 10:00:02.172428 VPNU: State AppsUp --> AppsUp

8895: NOT 10:00:02.180217 VPNC: vpnc_control: sending login cmd

8896: NOT 10:00:02.180958 VPNC: set_login_timer: timer set --> 30 sec

8897: NOT 10:00:02.181702 VPNC: protocol_handler: got login command

8898: NOT 10:00:02.182244 VPNC: set_login_state: LOGIN: 0 (NONE) --> 1 (TRYING)

8899: NOT 10:00:02.182771 VPNC: set_login_state: VPNC : 0 (Idle) --> 1 (LoggingIn)

8900: NOT 10:00:02.183351 VPNC: do_login: URL -> https://vpn.xxx.com/phone

8901: ERR 10:00:02.225875 VPNC: GETHOSTBYNAME: system problem with herror:1

8902: ERR 10:00:02.226512 VPNC: parse_url: gethostbyname failed <vpn.xxx.com>

8903: ERR 10:00:02.227056 VPNC: do_login: parse URL failed -> https://vpn.xxx.com/phone

8904: NOT 10:00:02.227575 VPNC: vpn_stop: de-activating vpn

8905: NOT 10:00:02.228072 VPNC: vpn_set_auto: auto -> auto

8906: NOT 10:00:02.228567 VPNC: vpn_set_active: activated -> de-activated

8907: NOT 10:00:02.229068 VPNC: set_login_state: LOGIN: 1 (TRYING) --> 3 (FAILED)

8908: NOT 10:00:02.229590 VPNC: set_login_state: VPNC : 1 (LoggingIn) --> 3 (LoginFailed)

8909: NOT 10:00:02.230185 VPNC: vpnc_send_notify: notify type: 1 [LoginFailed]

8910: NOT 10:00:02.230709 VPNC: vpnc_send_notify: notify code: 32 [DnsLookupErr]

8911: NOT 10:00:02.231221 VPNC: vpnc_send_notify: notify desc: [url hostname lookup err]

8912: NOT 10:00:02.231726 VPNC: vpnc_send_notify: sending signal 28 w/ value 13 to pid 20

8913: ERR 10:00:02.232321 VPNC: protocol_handler: login failed

8914: ERR 10:00:02.233275 VPNC: vpnc_recv_cmd_resp: cmd 0x00000300 [LOGIN], status: 0 [MCAPI_ERROR]

8915: NOT 10:00:02.234389 JVM:  --> Properties JNI: SignalApp() handling SIGIPCFG. msgCode=256 value=13

8916: ERR 10:00:02.250229 JVM:  --> IPCFG_VPN_NOTIF, SignalApp() handling SIGIPCFG. signal=0

8917: NOT 10:00:02.251709 JVM:  <-- Properties JNI: SignalApp()

8918: DBG 10:00:02.386775 VPNU: SM wakeup - chld=0 tmr=0 io=1 res=0

8919: DBG 10:00:02.390782 VPNU: State AppsUp --> AppsUp

8920: DBG 10:00:02.391406 VPNU: SM wakeup - chld=0 tmr=0 io=1 res=0

8921: DBG 10:00:02.391952 VPNU: State AppsUp --> AppsUp

8922: WRN 10:00:06.675159 JVM: Startup Module Loader|cip.sccp.SccpEnhancedAlarmInfo:setLastDeregistrationReason - new reason=LastTimeVPNConnectivityLost current=108,

8923: NOT 10:00:06.680650 JVM: Startup Module Loader|cip.midp.midletsuite.InstallerModule:? - propertyChanged - device.settings.security.vpn.mode value=false

8924: DBG 10:00:06.688020 VPNU: SM wakeup - chld=0 tmr=0 io=1 res=0

8925: DBG 10:00:06.689840 VPNU: saveBackupFile =>

8926: DBG 10:00:06.693081 VPNU: saveBackupFile <=

8927: DBG 10:00:06.693671 VPNU: saveDbFile saves a database

8928: DBG 10:00:06.705587 VPNU: mode changed

8929: DBG 10:00:06.762319 VPNU: sendConfigNotification: VPN state=3

8930: DBG 10:00:06.786876 VPNU: State AppsUp --> AppsUp

8931: DBG 10:00:06.787474 VPNU: SM wakeup - chld=0 tmr=0 io=0 res=1

8932: DBG 10:00:06.787991 VPNU: State AppsUp --> AppTerminate

8933: DBG 10:00:06.788484 VPNU: SM wakeup - chld=0 tmr=0 io=0 res=0

8934: NOT 10:00:06.789131 VPNU: Sending termination signals to apps

8935: DBG 10:00:06.794240 VPNU: Killing child /bin/vpnc, pid 11

Any ideas???

THANKS!!

2 REPLIES
New Member

7942G Phone VPN Authentication Issues

Did you ever get this resolved? I'm having the same problem with a setup of two 5510s in HA. Laptops connect flawlessly but IP phones don't even attempt to make a connection. WE had this working with local usernames in the ASA. At one point we even had the LDAP (Active Directory) user/pass method working. Getting certificate-only VPN working has been a allusive though.

--Athonia

Re: 7942G Phone VPN Authentication Issues

Looking at the log you have a hostname lookup failure, this would point to a dns problem resolving your domain on the certificate

Sent from Cisco Technical Support iPhone App

1208
Views
0
Helpful
2
Replies
CreatePlease to create content