After we upgraded the Concentrator's release from 3.6.1 to 3.6.3 we are no longer able to set up a VPN-session.

Hereby the logs from the Concentrator and the Cisco VPN Client.

For security reasons I've replaced the following info:

Concentrators IP-address = c.c.c.c

Client's ISP assigned IP-address = w.w.w.w.

Client's Concentratot assigned IP-address (from internal pool)=g.g.g.g

Primary DNS/WINS=d1.d1.d1.d1

Secondary DNS/WINS=d2.d2.d2.d2

Concentrator log:

183 10/08/2002 14:20:24.840 SEV=5 IP/49 RPT=5

Headend transmitting TCP SYN-ACK pkt to client w.w.w.w, TCP dest port 1677

184 10/08/2002 14:20:24.850 SEV=5 IP/50 RPT=9

Headend received TCP ACK pkt from client w.w.w.w, TCP source port 1677

185 10/08/2002 14:20:24.890 SEV=5 IP/50 RPT=10

Headend received TCP ACK pkt from client w.w.w.w, TCP source port 1677

186 10/08/2002 14:20:25.190 SEV=5 IP/41 RPT=5

TCP session established to client w.w.w.w, TCP source port 1677.

188 10/08/2002 14:20:37.170 SEV=4 IKE/52 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

User (testuser) authenticated.

189 10/08/2002 14:20:37.280 SEV=5 IKE/184 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

Client OS: WinNT

Client Application Version: 3.6.2 (Rel)

192 10/08/2002 14:20:37.620 SEV=4 IKE/119 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

PHASE 1 COMPLETED

193 10/08/2002 14:20:37.630 SEV=5 IKE/25 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

Received remote Proxy Host data in ID Payload:

Address g.g.g.g, Protocol 0, Port 0

196 10/08/2002 14:20:37.630 SEV=5 IKE/24 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

Received local Proxy Host data in ID Payload:

Address c.c.c.c, Protocol 0, Port 0

199 10/08/2002 14:20:37.630 SEV=5 IKE/66 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

IKE Remote Peer configured for SA: ESP-AES128-SHA

201 10/08/2002 14:20:37.630 SEV=4 IKE/0 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

All IPSec SA proposals found unacceptable!

202 10/08/2002 14:20:37.630 SEV=4 IKEDBG/0 RPT=5

QM FSM error (P2 struct &0x1d150bc, mess id 0xbac8f29)!

203 10/08/2002 14:20:37.630 SEV=4 IKEDBG/65 RPT=5 w.w.w.w

Group [TestGroup] User [testuser]

IKE QM Responder FSM error history (struct &0x1d150bc)

<state>, <event>:

QM_DONE, EV_ERROR

QM_BLD_MSG2, EV_NEGO_SA

QM_BLD_MSG2, EV_IS_REKEY

QM_BLD_MSG2, EV_CONFIRM_SA

209 10/08/2002 14:20:37.640 SEV=5 IP/43 RPT=5

Deleting TCP entry for device w.w.w.w on port 1677

Client's Log:

5 14:20:24.786 10/08/02 Sev=Info/6 DIALER/0x63300002

Initiating connection.

6 14:20:24.796 10/08/02 Sev=Info/4 CM/0x63100002

Begin connection process

7 14:20:24.796 10/08/02 Sev=Info/4 CM/0x63100004

Establish secure connection using Ethernet

8 14:20:24.796 10/08/02 Sev=Info/4 CM/0x63100026

Attempt connection with server "c.c.c.c"

9 14:20:24.796 10/08/02 Sev=Info/6 CM/0x63100033

Allocated local TCP port 1677 for TCP connection.

10 14:20:24.866 10/08/02 Sev=Info/4 CM/0x6310002D

TCP connection established on port 10001 with server "c.c.c.c"

11 14:20:24.996 10/08/02 Sev=Info/4 CM/0x63100026

Attempt connection with server "c.c.c.c"

12 14:20:24.996 10/08/02 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with c.c.c.c.

13 14:20:25.017 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID) to c.c.c.c

14 14:20:25.347 10/08/02 Sev=Info/6 IPSEC/0x6370001F

TCP SYN sent to c.c.c.c, src port 1677, dst port 10001

15 14:20:25.347 10/08/02 Sev=Info/6 IPSEC/0x6370001C

TCP SYN-ACK received from c.c.c.c, src port 10001, dst port 1677

16 14:20:25.347 10/08/02 Sev=Info/6 IPSEC/0x63700020

TCP ACK sent to c.c.c.c, src port 1677, dst port 10001

17 14:20:25.347 10/08/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

18 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = c.c.c.c

19 14:20:25.597 10/08/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, VID, VID, VID, VID) from c.c.c.c

20 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100

21 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

22 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 09002689DFD6B712

23 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

24 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100

25 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000001

Peer supports DPD

26 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000

27 14:20:25.597 10/08/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 1F07F70EAA6514D3B0FA96542A500306

28 14:20:25.617 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to c.c.c.c

29 14:20:25.778 10/08/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = c.c.c.c

30 14:20:25.778 10/08/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from c.c.c.c

31 14:20:25.778 10/08/02 Sev=Info/4 CM/0x63100015

Launch xAuth application

32 14:20:34.671 10/08/02 Sev=Info/4 CM/0x63100017

xAuth application returned

33 14:20:34.671 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to c.c.c.c

34 14:20:37.194 10/08/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = c.c.c.c

35 14:20:37.194 10/08/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from c.c.c.c

36 14:20:37.194 10/08/02 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Phase 1 SA in the system

37 14:20:37.194 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to c.c.c.c

38 14:20:37.204 10/08/02 Sev=Info/5 IKE/0x6300005D

Client sending a firewall request to concentrator

39 14:20:37.204 10/08/02 Sev=Info/5 IKE/0x6300005C

Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).

40 14:20:37.214 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to c.c.c.c

41 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = c.c.c.c

42 14:20:37.375 10/08/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from c.c.c.c

43 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = g.g.g.g

44 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = d1.d1.d1.d1

45 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = d2.d2.d2.d2

46 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = d1.d1.d1.d1

47 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(2) (a.k.a. WINS): , value = d2.d2.d2.d2

48 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = WARNING:

Any use of this system may be logged or monitored without further notice, and the resulting logs may be used as evidence in court.

If you are unauthorised to use this system disconnect now!

49 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

50 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000

51 14:20:37.375 10/08/02 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.3.Rel built by vmurphy on Oct 04 2002 16:23:00

52 14:20:37.425 10/08/02 Sev=Info/4 CM/0x63100019

Mode Config data received

53 14:20:37.465 10/08/02 Sev=Info/5 IKE/0x63000055

Received a key request from Driver for IP address c.c.c.c, GW IP = c.c.c.c

54 14:20:37.465 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to c.c.c.c

55 14:20:37.465 10/08/02 Sev=Info/5 IKE/0x63000055

Received a key request from Driver for IP address 10.10.10.255, GW IP = c.c.c.c

56 14:20:37.465 10/08/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to c.c.c.c

57 14:20:37.675 10/08/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = c.c.c.c

58 14:20:37.675 10/08/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from c.c.c.c

59 14:20:37.675 10/08/02 Sev=Info/5 IKE/0x63000044

RESPONDER-LIFETIME notify has value of 86400 seconds

60 14:20:37.675 10/08/02 Sev=Info/5 IKE/0x63000046

This SA has already been alive for 13 seconds, setting expiry to 86387 seconds from now

61 14:20:37.705 10/08/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = c.c.c.c

62 14:20:37.705 10/08/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from c.c.c.c

63 14:20:37.705 10/08/02 Sev=Info/5 IKE/0x6300003C

Received a DELETE payload for IKE SA with Cookies = 2CDEFD1BD3EFB19215350D42094312B8

64 14:20:37.705 10/08/02 Sev=Info/5 IKE/0x63000017

Marking IKE SA for deletion (COOKIES = 2CDEFD1BD3EFB192 15350D42094312B8) reason = DEL_REASON_PEER_DELETION

65 14:20:38.066 10/08/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

66 14:20:38.066 10/08/02 Sev=Info/6 IPSEC/0x6370002B

Sent 6 packets, 0 were fragmented.

67 14:20:38.066 10/08/02 Sev=Info/6 IPSEC/0x6370001D

TCP RST received from c.c.c.c, src port 10001, dst port 1677

68 14:20:38.366 10/08/02 Sev=Info/4 CM/0x63100012

Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_PEER_DELETION". 0 Phase 1 SA currently in the system

69 14:20:38.366 10/08/02 Sev=Info/5 CM/0x63100029

Initializing CVPNDrv

70 14:20:38.366 10/08/02 Sev=Info/4 CM/0x63100031

Resetting TCP connection on port 10001

71 14:20:38.366 10/08/02 Sev=Info/6 CM/0x63100034

Removed local TCP port 1677 for TCP connection.

72 14:20:38.416 10/08/02 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_IKE_RECEIVED_DELETE_NOTIFICATION" (15h).

73 14:20:39.418 10/08/02 Sev=Info/4 IPSEC/0x63700012

Delete all keys associated with peer c.c.c.c

74 14:20:39.418 10/08/02 Sev=Info/4 IPSEC/0x63700012

Delete all keys associated with peer c.c.c.c

75 14:20:39.418 10/08/02 Sev=Info/6 IPSEC/0x63700022

TCP RST sent to c.c.c.c, src port 1677, dst port 10001

76 14:20:39.418 10/08/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

77 14:20:39.418 10/08/02 Sev=Info/6 IPSEC/0x6370002B

Sent 4 packets, 0 were fragmented.

When I look at the SA configuration(s) active IKE proposals everything seems ok (hence everything worked fine with 3.6.1. Concentrator release).

Any suggestions would be much appreciated.

Marcel