01-28-2004 01:30 AM - edited 02-21-2020 01:01 PM
Hi,
Is there anyone who can help me? I have a problem connecting with a vpn client 4.0.3 to a 3005 concentrator. Every time I try to connect the client stops with the: Remote peer no longer responding message. When I look in the event log of the concentrator I get the followong messages:
28095 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34221
Proposal # 1, Transform # 10, Type ISAKMP, Id IKE
Parsing received transform:
Phase 1 failure against global IKE proposal # 1:
Rcv'd Key Length attr class, but class is not cfg'd
28099 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34222
Phase 1 failure against global IKE proposal # 2:
Rcv'd Key Length attr class, but class is not cfg'd
28101 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34223
Phase 1 failure against global IKE proposal # 3:
Rcv'd Key Length attr class, but class is not cfg'd
28103 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34224
Phase 1 failure against global IKE proposal # 4:
Rcv'd Key Length attr class, but class is not cfg'd
28105 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34225
Phase 1 failure against global IKE proposal # 5:
Rcv'd Key Length attr class, but class is not cfg'd
28107 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34226
Phase 1 failure against global IKE proposal # 6:
Mismatched attr types for class Hash Alg:
Rcv'd: MD5
Cfg'd: SHA
28109 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34227
Phase 1 failure against global IKE proposal # 7:
Rcv'd Key Length attr class, but class is not cfg'd
28111 01/28/2004 10:10:24.640 SEV=8 IKEDBG/0 RPT=34228
Phase 1 failure against global IKE proposal # 8:
Rcv'd Key Length attr class, but class is not cfg'd
28113 01/28/2004 10:10:24.650 SEV=8 IKEDBG/0 RPT=34229
Phase 1 failure against global IKE proposal # 9:
Rcv'd Key Length attr class, but class is not cfg'd
28115 01/28/2004 10:10:24.650 SEV=8 IKEDBG/0 RPT=34230
Phase 1 failure against global IKE proposal # 10:
Rcv'd Key Length attr class, but class is not cfg'd
28117 01/28/2004 10:10:24.650 SEV=12 IKEDECODE/0 RPT=17136
IKE Decode of received SA attributes follows:
0000: 80010007 80020002 80040002 80030001 ................
0010: 800B0001 000C0004 0020C49B 800E0080 ......... ......
The pre shared keys on the client and the concentrator are identical. All the necessary IKE proposals are active and I have tested it with 3.6.3 client and 4.0.3 client.
The strange thing is when I set the authentication to "None" on the concentrator, a tunnel is established, but when I select "RADIUS"or "Internal" tunnel setup fails, and I get the above shown messages.
Is there anyone who is familiar with this problem or anyone who can point me in the right direction where to look?
01-28-2004 05:33 PM
You are configured for SHA but the other end is using MD5?
--------
Mismatched attr types for class Hash Alg:
Rcv'd: MD5
Cfg'd: SHA
01-29-2004 01:33 AM
The concentrator is configured to use MD5. De client should have no problem accepting this. The error you pasted in your message occurs several times when trying to connect. Every time there are other values. See below the result of 1 connection attempt:
Mismatched attr types for class Hash Alg:
Rcv'd: SHA
Cfg'd: MD5
Mismatched attr types for class Hash Alg:
Rcv'd: MD5
Cfg'd: SHA
Mismatched attr types for class Key Length:
Rcv'd: 256 Bits
Cfg'd: 128 Bits
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide