Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

During ISAKMP Phase I receiving SDI status value: 23

I'm testing with VPN 3005 v3.6.3, VPN Client v3.6.2(B) and SecurID 5.0.1 (UNIX). When trying to authenticate user I receive following sequence early on in the EVent Log on the VPN 3005:

2588 11/07/2002 16:45:18.380 SEV=9 AUTHDBG/174 RPT=494

Ace Agent transmitting to server <IP>

2589 11/07/2002 16:45:22.380 SEV=8 AUTHDBG/180 RPT=265

AUTH_SendLockReq(1dd9f70, 0, 0)

2590 11/07/2002 16:45:22.380 SEV=8 AUTHDBG/178 RPT=219

Sdi_lock(1dd9f70)

2591 11/07/2002 16:45:22.380 SEV=5 AUTH/44 RPT=219

Unexpected SDI status value: 23

Anyone know where can lookup these SDI status values or what "23" means? This was asked in another query but never answered.

3 REPLIES
Cisco Employee

Re: During ISAKMP Phase I receiving SDI status value: 23

The message you are receiving indicate an unreachable SDI server. This would indicate a communication issues between the concentrator and the SDI server. Most likely SDI server is not responding.

hope this helps,

-Nairi

New Member

Re: During ISAKMP Phase I receiving SDI status value: 23

Yes I can verify it fails because of Authentication Error: Network Error received during test. The SDI server is on same network as public-side of VPN. I can validate a user (I.e., authenticate) when connecting SDI directly (I.e., telnet).

What I'm curious about is if there might be a protocol mismatch. Below is log from "test" sequence. What I'm curious about is what is mean't when the SDI server is "bound"? Is that some level of network connection?

1 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/1 RPT=39

AUTH_Open() returns 38

2 11/07/2002 17:23:59.320 SEV=7 AUTH/12 RPT=39

Authentication session opened: handle = 38

3 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/3 RPT=59

AUTH_PutAttrTable(38, 8da00c)

4 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/5 RPT=19

AUTH_Authenticate(38, 8efbf0, 6ba668)

5 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/59 RPT=285

AUTH_BindServer(1de6a54, 0, 0)

6 11/07/2002 17:23:59.320 SEV=9 AUTHDBG/69 RPT=285

Auth Server e3eaf4 has been bound to ACB 1de6a54, sessions = 1

7 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/65 RPT=285

AUTH_CreateTimer(1de6a54, 0, 0)

8 11/07/2002 17:23:59.320 SEV=9 AUTHDBG/72 RPT=285

Reply timer created: handle = 1C00018

9 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/179 RPT=285

AUTH_SyncToServer(1de6a54, 0, 0)

10 11/07/2002 17:23:59.320 SEV=8 AUTHDBG/177 RPT=235

Sdi_init(1de6a54)

11 11/07/2002 17:23:59.320 SEV=9 AUTHDBG/168 RPT=260

Ace Agent building time request pkt ...

12 11/07/2002 17:23:59.320 SEV=5 AUTH/63 RPT=466

No usable servers found, using default (idx: 0)

13 11/07/2002 17:23:59.320 SEV=5 AUTH/62 RPT=464

Load balancing retrying another server ...

14 11/07/2002 17:23:59.320 SEV=9 AUTHDBG/174 RPT=516

Ace Agent transmitting to server

15 11/07/2002 17:23:59.330 SEV=9 AUTHDBG/173 RPT=26

Ace Agent: load balancing initiating auto detection to server

16 11/07/2002 17:23:59.330 SEV=9 AUTHDBG/168 RPT=261

Ace Agent building time request pkt ...

17 11/07/2002 17:23:59.330 SEV=9 AUTHDBG/174 RPT=517

Ace Agent transmitting to server

18 11/07/2002 17:24:03.180 SEV=9 AUTHDBG/175 RPT=257

Retransmitting pkt to server , priority 0, idx 0

19 11/07/2002 17:24:03.180 SEV=9 AUTHDBG/174 RPT=518

Ace Agent transmitting to server

20 11/07/2002 17:24:03.180 SEV=5 AUTH/63 RPT=467

No usable servers found, using default (idx: 0)

21 11/07/2002 17:24:03.180 SEV=5 AUTH/62 RPT=465

Load balancing retrying another server ...

22 11/07/2002 17:24:03.180 SEV=9 AUTHDBG/175 RPT=258

Retransmitting pkt to server , priority 0, idx 0

23 11/07/2002 17:24:03.180 SEV=9 AUTHDBG/174 RPT=519

Ace Agent transmitting to server

24 11/07/2002 17:24:07.180 SEV=5 AUTH/78 RPT=51

Suspending server , idx 0, priority 0

25 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/180 RPT=279

AUTH_SendLockReq(1de6a54, 0, 0)

26 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/178 RPT=229

Sdi_lock(1de6a54)

27 11/07/2002 17:24:07.180 SEV=5 AUTH/44 RPT=229

Unexpected SDI status value: 23

28 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/57 RPT=229

AUTH_Error(1de6a54, 0, 0)

29 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/66 RPT=285

AUTH_DeleteTimer(1de6a54, 0, 0)

30 11/07/2002 17:24:07.180 SEV=9 AUTHDBG/74 RPT=285

Reply timer stopped: handle = 1C00018, timestamp = 2726470

31 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/58 RPT=279

AUTH_Callback(1de6a54, 0, 0)

32 11/07/2002 17:24:07.180 SEV=4 AUTH/9 RPT=3

Authentication failed: Reason = Network error

handle = 38, server = , user = sditest

34 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/2 RPT=39

AUTH_Close(38)

35 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/60 RPT=285

AUTH_UnbindServer(1de6a54, 0, 0)

36 11/07/2002 17:24:07.180 SEV=9 AUTHDBG/70 RPT=285

Auth Server e3eaf4 has been unbound from ACB 1de6a54, sessions = 0

37 11/07/2002 17:24:07.180 SEV=8 AUTHDBG/10 RPT=39

AUTH_Int_FreeAuthCB(1de6a54)

38 11/07/2002 17:24:07.180 SEV=7 AUTH/13 RPT=39

Authentication session closed: handle = 38

New Member

Re: During ISAKMP Phase I receiving SDI status value: 23

Have you any idea as to why you would see Unexpected SDI status value:23 when trying to intially communicate for the first time from a Cisco VPN3000 concentrator and a RSA 5.1 AceServer. The VPN concentrator states in the logs that it is attempting to get its xxxxxx.sdi file. It then gives the SDI status error message. The RSA server does see the traffic and notes that the authentication fails

459
Views
0
Helpful
3
Replies
CreatePlease to create content