Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
5
Replies

Problem with VPNClient 3.7 in Mac10.2

vkarthik
Level 1
Level 1

‎12-14-2002 05:40 AM - edited ‎03-09-2019 01:24 AM

Hi,

I've installed the Cisco VPNClient 3.7 in MacOS10.2. I've created a new connection profile with the necessary parameters mainly like VPN Server IP, Preshared Key. I've connected My Mac10.2 using Dialup and I tried to connect the VPN. It says "Remote Peer is no longer responding".

But When I tried using VPNClient 3.5 in another Mac10.1 machine the vpn connectivity is working without any problem with the same connection profile parameters (Checked my profile of sample.pcf files in both the machines).

Its produces the following log messages while I connecting the Client 3.7 in Mac10.2, Please suggest me what could be the cause of failure.

196 15:12:21.519 12/14/2002 Sev=Info/4 CM/0x43100002

Begin connection process

197 15:12:21.522 12/14/2002 Sev=Info/4 CM/0x43100004

Establish secure connection using Ethernet

198 15:12:21.522 12/14/2002 Sev=Info/4 CM/0x43100026

Attempt connection with server "x.x.x.x"

199 15:12:21.523 12/14/2002 Sev=Info/6 IKE/0x4300003B

Attempting to establish a connection with

x.x.x.x.

200 15:12:22.233 12/14/2002 Sev=Info/4 IKE/0x43000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID,

VID) to x.x.x.x

201 15:12:22.235 12/14/2002 Sev=Info/4

IPSEC/0x43700009

IPSec driver already started

202 15:12:22.235 12/14/2002 Sev=Info/4

IPSEC/0x43700014

Deleted all keys

203 15:12:22.884 12/14/2002 Sev=Info/5 IKE/0x4300002F

Received ISAKMP packet: peer = x.x.x.x

204 15:12:22.885 12/14/2002 Sev=Info/4 IKE/0x43000014

RECEIVING <<< ISAKMP OAK INFO

(NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

205 15:12:22.885 12/14/2002 Sev=Info/5 IKE/0x4300004A

Discarding IKE SA negotiation

206 15:12:27.239 12/14/2002 Sev=Info/4 CM/0x43100014

Unable to establish Phase 1 SA with server

"x.x.x.x" because of

"DEL_REASON_PEER_NOT_RESPONDING"

207 15:12:27.239 12/14/2002 Sev=Info/4 CM/0x43100011

Attempt connection with backup server

"x.x.x.x"

208 15:12:27.239 12/14/2002 Sev=Info/4 CM/0x43100026

Attempt connection with server "x.x.x.x"

209 15:12:27.240 12/14/2002 Sev=Info/6 IKE/0x4300003B

Attempting to establish a connection with

x.x.x.x.

210 15:12:27.454 12/14/2002 Sev=Info/4 IKE/0x43000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID,

VID) to x.x.x.x

211 15:12:27.833 12/14/2002 Sev=Info/4

IPSEC/0x43700009

IPSec driver already started

212 15:12:27.833 12/14/2002 Sev=Info/4

IPSEC/0x43700014

Deleted all keys

213 15:12:28.118 12/14/2002 Sev=Info/5 IKE/0x4300002F

Received ISAKMP packet: peer = x.x.x.x

214 15:12:28.118 12/14/2002 Sev=Info/4 IKE/0x43000014

RECEIVING <<< ISAKMP OAK INFO

(NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

215 15:12:28.118 12/14/2002 Sev=Info/5 IKE/0x4300004A

Discarding IKE SA negotiation

216 15:12:32.696 12/14/2002 Sev=Info/4 CM/0x43100014

Unable to establish Phase 1 SA with server

"x.x.x.x" because of

"DEL_REASON_PEER_NOT_RESPONDING"

217 15:12:32.696 12/14/2002 Sev=Info/4 CM/0x43100011

Attempt connection with backup server

"x.x.x.x"

218 15:12:32.696 12/14/2002 Sev=Info/4 CM/0x43100026

Attempt connection with server "x.x.x.x"

219 15:12:32.697 12/14/2002 Sev=Info/6 IKE/0x4300003B

Attempting to establish a connection with

x.x.x.x.

220 15:12:32.889 12/14/2002 Sev=Info/4 IKE/0x43000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID,

VID) to x.x.x.x

221 15:12:33.256 12/14/2002 Sev=Info/4

IPSEC/0x43700009

IPSec driver already started

222 15:12:33.256 12/14/2002 Sev=Info/4

IPSEC/0x43700014

Deleted all keys

223 15:12:33.621 12/14/2002 Sev=Info/5 IKE/0x4300002F

Received ISAKMP packet: peer = x.x.x.x

224 15:12:33.621 12/14/2002 Sev=Info/4 IKE/0x43000014

RECEIVING <<< ISAKMP OAK INFO

(NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

225 15:12:33.621 12/14/2002 Sev=Info/5 IKE/0x4300004A

Discarding IKE SA negotiation

226 15:12:38.197 12/14/2002 Sev=Info/4 CM/0x43100014

Unable to establish Phase 1 SA with server

"x.x.x.x" because of

"DEL_REASON_PEER_NOT_RESPONDING"

227 15:12:38.197 12/14/2002 Sev=Info/4 CM/0x4310000C

All connection attempts with backup server failed

228 15:12:38.197 12/14/2002 Sev=Info/5 CM/0x43100027

Initializing CVPNDrv

229 15:12:38.749 12/14/2002 Sev=Info/4

IPSEC/0x43700009

IPSec driver already started

230 15:12:38.749 12/14/2002 Sev=Info/4

IPSEC/0x43700014

Deleted all keys

Thanks and Regards,

Karthikeyan V

Labels:
0 Helpful
5 Replies 5

jfrahim
Level 5
Level 5

‎12-14-2002 08:28 PM

Hi Karthikeyan

Seems like your concentrator is not accepting something in the proposal. Can you enable the following events in your concentrator and see what's happening:

204 15:12:22.885 12/14/2002 Sev=Info/4 IKE/0x43000014

RECEIVING <<< ISAKMP OAK INFO

(NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

Enable:

IKE 1-9

IKEDBG 1-9

IKEDECODE 1-13

Jazib

0 Helpful

vkarthik
Level 1
Level 1
In response to jfrahim

‎12-15-2002 04:15 AM

Unfortunately I'm using PIX515 Firewall as my VPN Gateway.

When I tried with VPNClient 3.5 in Mac10.1 with the same profile parameters, Its working fine. Will VPNClient 3.6 supports Mac10.2.

When I look into the log messages it says the following message,

197 15:12:21.522 12/14/2002 Sev=Info/4 CM/0x43100004

Establish secure connection using Ethernet

In my Mac m/c its having one ethernet net and one dialup, Why It should say the "using Ethernet".

If there is a problem in PIX, it should have not worked with other version of Mac10.1 with VPNClient 3.5. Even If there is a problem in Cisco VPNClient 3.7 configuration, I don't know the configuration other than the profile parameters in that(I'm using the same profile parameters in the another working profile).

I can give you the log messages of PIX if you prefer.

Thanks, Karthikeyan V

0 Helpful

jfrahim
Level 5
Level 5
In response to vkarthik

‎12-15-2002 07:13 PM

The following messge is just an informational message:

197 15:12:21.522 12/14/2002 Sev=Info/4 CM/0x43100004

Establish secure connection using Ethernet

Even if you use a dialup, wireless connection, it will stil say "using ethernet"

Anyway, can you send me the logs from the pix side "debug cry isa, and debug cry ip"

Thanks

Jazib

0 Helpful

vkarthik
Level 1
Level 1
In response to jfrahim

‎12-16-2002 09:53 AM

I can get you only by tomorrow evening. I've seen the following in cisco.com website,

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/36client.htm

Note The VPN Client still supports DES/MD5; however, support for DES/SHA is no longer available. Because of the latter, Release 3.6 VPN Clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN Client must either connect to a different group or the administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration. The VPN Client Administrator Guide lists all the supported encryption configurations.

I've installed 3.6, 3.6.1 and 3.6.2 in Mac 10.2.

I've configured "sha" in my cisco pix 515 fw. Should I test by changing that into md5. Anyhow i'll post you the debug messages to you by tomorrow.

Thanks for your information, Karthikeyan V

0 Helpful

vkarthik
Level 1
Level 1
In response to jfrahim

‎12-23-2002 11:48 PM

Finally I finished the task and the problem with the modification of sha to md5 in my pix515 firewall and its realy only with the vpnclient 3.6.x and above(3.7).

Thanks for your guidance and help.

Karthikeyan V

karthik@unityindia.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents