Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IKE/65 VPN Error

Config;

Client -> Aironet 1100 -> 2621 -> internet ->2621 ->3030

Client is a XP laptop with Service pack1 - Dell True Mobility PC Card with Cisco VPN Client 3.5.1

Aironet 1100 is using MAC filtering from a RADIUS and WEP

No special features on either 2621

3030 is running v.3.6.3

Client on a hardwire works fine. I have roughly 200 users using this fine.

Only in the situation of a wireless connection. Linksys or Cisco do I have problems. Here are the logs from both the 3030 and a client during a connection. It locks up when it says "Securing Communication Channel..."

The authentication works fine.

VPN 3030

49687 04/09/2003 11:15:58.490 SEV=5 IKE/184 RPT=1644 x.x.x.x

Group [yyyy] User [zzzz]

Client OS: N/A

Client Application Version: 3.5.1 (Rel)

49689 04/09/2003 11:16:31.460 SEV=4 IKEDBG/65 RPT=286 x.x.x.x

Group [yyyy] User [zzzz]

IKE TM V6 FSM error history (struct &0x96a82dc)

<state>, <event>:

TM_DONE, EV_ERROR

TM_WAIT_QM_MSG, EV_TIMEOUT

TM_WAIT_QM_MSG, NullEvent

TM_SND_REPLY, EV_SND_MSG

49694 04/09/2003 11:16:31.460 SEV=4 IKEDBG/65 RPT=287 x.x.x.x

Group [yyyy] User [zzzz]

IKE AM Responder FSM error history (struct &0xd34e92c)

<state>, <event>:

AM_DONE, EV_ERROR

AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL

AM_TM_INIT_MODECFG_V6H, NullEvent

AM_TM_INIT_MODECFG, EV_WAIT

Client

1 11:15:28.071 04/09/03 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

2 11:15:39.718 04/09/03 Sev=Warning/3 IKE/0xE300006F

Cannot match Policy Entry:

local host=IP ADDR=0.0.0.0, lcl_port = 0

remote host=IP ADDR=0.0.0.0, dst_port = 0

3 11:15:39.718 04/09/03 Sev=Warning/3 IKE/0xA3000001

Failed to initiate negotiation.

4 11:15:39.718 04/09/03 Sev=Warning/3 IKE/0xE3000002

Function initialize_qm failed with an error code of 0x00000000(INITIATE:811)

5 11:15:39.718 04/09/03 Sev=Warning/3 IKE/0xE300006F

Cannot match Policy Entry:

local host=IP ADDR=0.0.0.0, lcl_port = 0

remote host=IP ADDR=0.0.0.0, dst_port = 0

6 11:15:39.718 04/09/03 Sev=Warning/3 IKE/0xA3000001

Failed to initiate negotiation.

7 11:15:39.718 04/09/03 Sev=Warning/3 IKE/0xE3000002

Function initialize_qm failed with an error code of 0x00000000(INITIATE:811)

8 11:15:40.129 04/09/03 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

9 11:15:47.790 04/09/03 Sev=Warning/3 IKE/0xA3000057

Received malformed message or negotiation no longer active (message id: 0xEBC98F29)

10 11:15:55.831 04/09/03 Sev=Warning/3 IKE/0xA3000057

Received malformed message or negotiation no longer active (message id: 0xEBC98F29)

11 11:16:03.683 04/09/03 Sev=Warning/3 IKE/0xA3000057

Received malformed message or negotiation no longer active (message id: 0xEBC98F29)

12 11:16:08.600 04/09/03 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

Thanks for any help.

Tom Holden

2 REPLIES
Cisco Employee

Re: IKE/65 VPN Error

Hi Tom,

Actually this is a known issue with the Client version that you are running and was fixed from v3.5.3 client and above:

CSCdx88008

Externally found severe defect: Resolved (R)

Cannot match policy entry - WIN2000 and XP without Novell client

Reason:

This bug occurs because Deterministic Network Enhancer (DNE) is not bound

to the NIC.

Work-around:

Make sure that DNE is bound to all NICs on the system. If you go to Network Connection Property page, then select the NIC/Connection, right-click

and go to Properties. This will bring you to the property page of the connection. You need to make sure that the checkbox nest to "Deterministic Network Enhancer" is checked. For an ethernet NIC, you will find it under "General" Tab of the property page. For all other NICs, it should be under "Networking" Tab. Hitting OK after that should bind DNE to the NIC.

You can upgrade to the v3.5.3 or higher of the client and all should be well.

Hope this helps,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933

-=-=-=-

New Member

Re: IKE/65 VPN Error

Aamir,

Thank you for the work around. I also found that uninstalling and then installing while the wireless card was installed also works.

I do have one user that has 3.6.1 and XP. That this happens to. I just found out that he is using AOL 8.0 Broadband at home. Re-installing doesn't help him. Any suggestions. I remember a Caveat in the docs, I'm going to search there, too.

Thanks again,

Tom

993
Views
0
Helpful
2
Replies