Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco PIX 6.1(3)+VPN Client v 5.1.1 + Windows 2000 IAS

I have this message from the VPN client when i try to use the radius service in Windows 2000 IAS

1 19:11:43.240 04/05/02 Sev=Warning/3 DIALER/0xE3300015

GI VPN start callback failed "CM_PEER_NOT_RESPONDING" (16h).

2 19:12:41.080 04/05/02 Sev=Warning/3 IKE/0xE3000061

The XAUTH authentication failed.

3 19:12:43.490 04/05/02 Sev=Warning/3 DIALER/0xE3300015

GI VPN start callback failed "CM_IKE_ESTABLISH_FAILED_AUTH" (19h).

More details...

16 11:48:45.912 04/11/02 Sev=Info/5 IKE/0x63000001

Peer supports DPD

17 11:48:45.912 04/11/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 9CE54DF1854AE1EC65B86D066482607C

18 11:48:45.952 04/11/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to 63.69.10.244

19 11:48:46.302 04/11/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 63.69.10.244

20 11:48:46.302 04/11/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 63.69.10.244

21 11:48:46.302 04/11/02 Sev=Info/5 IKE/0x63000044

RESPONDER-LIFETIME notify has value of 86400 seconds

22 11:48:46.302 04/11/02 Sev=Info/5 IKE/0x63000046

This SA has already been alive for 2 seconds, setting expiry to 86398 seconds from now

23 11:48:46.312 04/11/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 63.69.10.244

24 11:48:46.312 04/11/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 63.69.10.244

25 11:48:46.312 04/11/02 Sev=Info/4 CM/0x63100015

Launch xAuth application

26 11:48:51.941 04/11/02 Sev=Info/4 CM/0x63100017

xAuth application returned

27 11:48:51.941 04/11/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 63.69.10.244

28 11:48:56.968 04/11/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0xAF08A8B6). Retry count: 1

29 11:48:56.968 04/11/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(Retransmission) to 63.69.10.244

30 11:49:01.975 04/11/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0xAF08A8B6). Retry count: 2

31 11:49:01.975 04/11/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(Retransmission) to 63.69.10.244

PIX LOG !!!!

ISAKMP (0): sending NOTIFY message 24576 protocol 1

ISAKMP/xauth: request attribute XAUTH_TYPE

ISAKMP/xauth: request attribute XAUTH_USER_NAME

ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD

ISAKMP (0:0): initiating peer config to 194.133.193.10. ID = 2794636524 (0xa692c

4ec)

crypto_isakmp_process_block: src 194.133.193.10, dest 63.69.10.244

ISAKMP_TRANSACTION exchange

ISAKMP (0:0): processing transaction payload from 194.133.193.10. message ID = 8

4

ISAKMP: Config payload CFG_REPLY

return status is IKMP_ERR_NO_RETRANS

crypto_isakmp_process_block: src 194.133.193.10, dest 63.69.10.244

ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.

crypto_isakmp_process_block: src 194.133.193.10, dest 63.69.10.244

ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.

crypto_isakmp_process_block: src 194.133.193.10, dest 63.69.10.244

ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.

return status is IKMP_NO_ERROR

ISAKMP (0:0): initiating peer config to 194.133.193.10. ID = 2274558752 (0x87930

320)

crypto_isakmp_process_block: src 194.133.193.10, dest 63.69.10.244

ISAKMP (0): processing DELETE payload. message ID = 1558240872

ISAKMP (0): deleting SA: src 194.133.193.10, dst 63.69.10.244

return status is IKMP_NO_ERR_NO_TRANS

ISADB: reaper checking SA 0x80dcaf78, conn_id = 0

ISADB: reaper checking SA 0x80e5ab70, conn_id = 0 DELETE IT!

i'm used this doc for the configuration

http://www.cisco.com/warp/customer/110/cvpn3k_pix_ias.html

Please I need HELP !

1 REPLY

Re: Cisco PIX 6.1(3)+VPN Client v 5.1.1 + Windows 2000 IAS

Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

152
Views
0
Helpful
1
Replies
CreatePlease to create content