Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Mismatched attr types for class .....

Hi there,

I am using Cisco VPN Client 3.5.2 to VPN to a 3005 Concentrator that is setup authenticate externally through MS IAS server. The problem happens Sometimes when I VPN, the VPN client shows:

"Initializing the connection...

Contacting the gateway at 12.151.151.10...

Authenticating user..."

Then I fill in the username and password then the client sits on "authenticating users" for a while.. and it either completes the VPN Process or sometimes it terminates saying connection terminated by peer... Why is it taking that long to authenticate? And why is it failing with the IKE proposals?

Here is the debug log (I can't post it all because of the limitation on the message size)

Part of the debug shows:

22344 07/30/2003 12:27:33.790 SEV=8 AUTHDBG/2 RPT=125 AUTH_Close(979)

22345 07/30/2003 12:27:33.790 SEV=9 IKEDBG/0 RPT=10590 12.100.100.67 Group [groupHS] processing IKE SA

22346 07/30/2003 12:27:33.790 SEV=8 IKEDBG/0 RPT=10591 Proposal # 1, Transform # 1, Type ISAKMP, Id IKE Parsing received transform: Phase 1 failure against global IKE proposal # 1: Mismatched attr types for class Hash Alg: Rcv'd: SHA Cfg'd: MD5

22349 07/30/2003 12:27:33.790 SEV=8 IKEDBG/0 RPT=10592 Phase 1 failure against global IKE proposal # 2: Mismatched attr types for class Hash Alg: Rcv'd: SHA Cfg'd: MD5

22351 07/30/2003 12:27:33.790 SEV=8 IKEDBG/0 RPT=10593 Phase 1 failure against global IKE proposal # 3: Mismatched attr types for class DH Group: Rcv'd: Oakley Group 2 Cfg'd: Oakley Group 1

22353 07/30/2003 12:27:33.790 SEV=8 IKEDBG/0 RPT=10594 Phase 1 failure against global IKE proposal # 4: Mismatched attr types for class DH Group: Rcv'd: Oakley Group 2 Cfg'd: Oakley Group 1

22355 07/30/2003 12:27:33.790 SEV=8 IKEDBG/0 RPT=10595 Phase 1 failure against global IKE proposal # 5: Mismatched attr types for class DH Group: Rcv'd: Oakley Group 2 Cfg'd: Oakley Group 7

22357 07/30/2003 12:27:33.790 SEV=8 IKEDBG/0 RPT=10596 Phase 1 failure against global IKE proposal # 6: Mismatched attr types for class Hash Alg: Rcv'd: SHA Cfg'd: MD5

22359 07/30/2003 12:27:33.790 SEV=7 IKEDBG/28 RPT=37 12.100.100.67 Group [groupHS] IKE SA Proposal # 1, Transform # 2 acceptable Matches global IKE entry #

and

22412 07/30/2003 12:27:41.710 SEV=8 AUTHDBG/67 RPT=4 AUTH_TimeOut(1d756c8, 0, 0)

22413 07/30/2003 12:27:41.710 SEV=9 AUTHDBG/75 RPT=4 Reply timer expired: handle = 9E5F0029, timestamp = 611882323

22414 07/30/2003 12:27:41.710 SEV=8 AUTHDBG/64 RPT=204 AUTH_StartTimer(1d756c8, 0, 0)

22415 07/30/2003 12:27:41.710 SEV=9 AUTHDBG/73 RPT=203 Reply timer started: handle = 9E5F0029, timestamp = 611882323, timeout = 4000

22416 07/30/2003 12:27:41.710 SEV=8 AUTHDBG/62 RPT=203 AUTH_SndRequest(1d756c8, 0, 0)

22417 07/30/2003 12:27:41.710 SEV=8 AUTHDBG/31 RPT=190 Radius_Decode(1c35384, 90)

22418 07/30/2003 12:27:41.710 SEV=8 AUTHDBG/28 RPT=97 Radius_Xmt(1d756c8)

22419 07/30/2003 12:27:41.710 SEV=9 AUTHDBG/71 RPT=199 xmit_cnt = 2

22420 07/30/2003 12:27:42.700 SEV=6 IKE/0 RPT=5 12.100.100.67 Group [groupHS] User [maher] Duplicate Phase 2 packet detected!

22421 07/30/2003 12:27:42.700 SEV=6 IKE/0 RPT=6 TM received unexpected event EV_START_XAUTH in state TM_START

22422 07/30/2003 12:27:45.610 SEV=8 AUTHDBG/30 RPT=111 Radius_Match(1d756c8, 1be5284), id = 0x3E, rcvd = 0x3E

22423 07/30/2003 12:27:45.610 SEV=8 AUTHDBG/63 RPT=211 AUTH_RcvReply(1d756c8, 0, 0)

22424 07/30/2003 12:27:45.610 SEV=8 AUTHDBG/31 RPT=191 Radius_Decode(1be5284, 88)

22425 07/30/2003 12:27:45.610 SEV=8 AUTHDBG/29 RPT=91 Radius_Rcv(1d756c8)

22426 07/30/2003 12:27:45.610 SEV=9 AUTHDBG/32 RPT=72 Radius: Discarding unknown Vendor Specific Attribute: vid = 311, type = 7

22427 07/30/2003 12:27:45.610 SEV=9 AUTHDBG/32 RPT=73 Radius: Discarding unknown Vendor Specific Attribute: vid = 311, type = 8

22428 07/30/2003 12:27:45.610 SEV=8 AUTHDBG/66 RPT=194 AUTH_DeleteTimer(1d756c8, 0, 0)

22429 07/30/2003 12:27:45.610 SEV=9 AUTHDBG/74 RPT=193 Reply timer stopped: handle = 9E5F0029, timestamp = 611882713

22430 07/30/2003 12:27:45.610 SEV=8 AUTHDBG/58 RPT=194 AUTH_Callback(1d756c8, 0, 0)

22431 07/30/2003 12:27:45.610 SEV=6 AUTH/4 RPT=36 12.100.100.67 Authentication successful: handle = 980, server = 172.16.10.39, user = maher

Thanks

1 REPLY
Community Member

Re: Mismatched attr types for class .....

Here is another debug log that happened when the VPN Client reported the connection was terminated by remote peer. The user I am using is MAHER and the IP Address I am using is 12.151.129.13. The IAS servers IP Address is 172.16.10.39. It seems that COncentrator can't locate the IAS sometimes!

40426 07/30/2003 14:30:52.350 SEV=6 IKE/0 RPT=8 12.151.129.13 Group [groupHS] User [maher] Duplicate Phase 2 packet detected!

40427 07/30/2003 14:30:52.350 SEV=6 IKE/0 RPT=9 TM received unexpected event EV_START_XAUTH in state TM_START

40428 07/30/2003 14:30:53.070 SEV=8 IKEDBG/0 RPT=19712 204.210.200.3 RECEIVED Message (msgid=bb644786) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 76

40430 07/30/2003 14:30:53.070 SEV=9 IKEDBG/0 RPT=19713 204.210.200.3 Group [groupHS] User [ecote] processing hash

40431 07/30/2003 14:30:53.070 SEV=9 IKEDBG/0 RPT=19714 204.210.200.3 Group [groupHS] User [ecote] Processing Notify payload

40432 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/67 RPT=7 AUTH_TimeOut(1dddf98, 0, 0)

40433 07/30/2003 14:30:55.320 SEV=9 AUTHDBG/75 RPT=7 Reply timer expired: handle = A09D0027, timestamp = 612621684

40434 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/57 RPT=3 AUTH_Error(1dddf98, 0, 0)

40435 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/15 RPT=2 AUTH_MgmtServerOffline(e5b2bc, 8949820)

40436 07/30/2003 14:30:55.320 SEV=4 AUTH/15 RPT=3 Server name = 172.16.10.39, type = RADIUS, group = groupHS, status = Not-in-service

40438 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/66 RPT=296 AUTH_DeleteTimer(1dddf98, 0, 0)

40439 07/30/2003 14:30:55.320 SEV=9 AUTHDBG/74 RPT=295 Reply timer stopped: handle = A09D0027, timestamp = 612621684

40440 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/58 RPT=296 AUTH_Callback(1dddf98, 0, 0)

40441 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/60 RPT=294 AUTH_UnbindServer(1dddf98, 0, 0)

40442 07/30/2003 14:30:55.320 SEV=9 AUTHDBG/70 RPT=294 Auth Server e5b2bc has been unbound from ACB 1dddf98, sessions = 0

40443 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/59 RPT=318 AUTH_BindServer(1dddf98, 0, 0)

40444 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/57 RPT=4 AUTH_Error(1dddf98, 0, 0)

40445 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/58 RPT=297 AUTH_Callback(1dddf98, 0, 0)

40446 07/30/2003 14:30:55.320 SEV=4 AUTH/9 RPT=2 12.151.129.13 Authentication failed: Reason = No active server found handle = 26, server = 172.16.10.39, user = maher

40448 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/4 RPT=164 AUTH_GetAttrTable(26, 73d0d8)

40449 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/2 RPT=196 AUTH_Close(26)

40450 07/30/2003 14:30:55.320 SEV=4 IKE/167 RPT=3 12.151.129.13 Group [groupHS] User [maher] Remote peer has failed user authentication - check configured username and password

40452 07/30/2003 14:30:55.320 SEV=4 IKEDBG/68 RPT=8 12.151.129.13 Group [groupHS] User [maher] IKE TM V6 FSM error history (struct &0x1c2e87c) , : TM_DONE, EV_ERROR TM_AUTH, EV_AUTH_FAIL TM_AUTH, NullEvent TM_AUTH, EV_RESEND_MSG

40455 07/30/2003 14:30:55.320 SEV=4 IKEDBG/65 RPT=9 12.151.129.13 Group [groupHS] User [maher] IKE AM Responder FSM error history (P1 struct &0x1ee99e4) , : AM_FREE, NullEvent AM_PROC_MSG3, EV_TEST_V6 AM_PROC_MSG3, EV_DSID_OK AM_PROC_MSG3, NullEvent

40458 07/30/2003 14:30:55.320 SEV=9 IKEDBG/0 RPT=19715 12.151.129.13 Group [groupHS] User [maher] IKE SA AM:d1caaf88 terminating: flags 0x0105c001, refcnt 0, tuncnt 0

40460 07/30/2003 14:30:55.320 SEV=9 IKEDBG/0 RPT=19716 sending delete message

40461 07/30/2003 14:30:55.320 SEV=9 IKEDBG/0 RPT=19717 12.151.129.13 Group [groupHS] User [maher] constructing blank hash

40462 07/30/2003 14:30:55.320 SEV=9 IKEDBG/0 RPT=19718 constructing delete payload

40463 07/30/2003 14:30:55.320 SEV=9 IKEDBG/0 RPT=19719 12.151.129.13 Group [groupHS] User [maher] constructing qm hash

40464 07/30/2003 14:30:55.320 SEV=8 IKEDBG/0 RPT=19720 12.151.129.13 SENDING Message (msgid=e9763269) with payloads : HDR + HASH (8) + DELETE (12) total length : 76

40466 07/30/2003 14:30:55.320 SEV=8 AUTHDBG/10 RPT=196 AUTH_Int_FreeAuthCB(1dddf98)

40467 07/30/2003 14:30:55.320 SEV=7 AUTH/13 RPT=196 Authentication session closed: handle = 26

40468 07/30/2003 14:30:56.890 SEV=8 IKEDBG/0 RPT=19721 151.199.25.199 RECEIVED Message (msgid=36406dd4) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 76

40470 07/30/2003 14:30:56.890 SEV=9 IKEDBG/0 RPT=19722 151.199.25.199 Group [groupHS] User [camelot\bcverniero] processing hash

40471 07/30/2003 14:30:56.890 SEV=9 IKEDBG/0 RPT=19723 151.199.25.199 Group [groupHS] User [camelot\bcverniero] Processing Notify payload

40472 07/30/2003 14:30:57.370 SEV=6 IKE/38 RPT=4 12.151.129.13 Header invalid, missing SA payload! (next payload = 8)

537
Views
0
Helpful
1
Replies
CreatePlease to create content