Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems with vpn 4.0.x

Dear all

I have a problem with the vpn client 4.0.2 (D), 4.0.3(A). I can't use it, with a message error :

Sev=Warning/3 IKE/0xA300004B

Received a NOTIFY message with an invalid protocol id(0)

My configuration :

pix 515 E with ios 6.3.3 and vpn DES

For information, when i use the vpn client 3.5.1, i haven't problems,i can access the lan and make what i want !!

my configuration too :

sysopt connection permit-ipsec

crypto ipsec transform-set ciml_transform esp-des esp-sha-hmac

crypto dynamic-map ciml_dyn_map 10 set transform-set ciml_transform

crypto map ciml_map 10 ipsec-isakmp dynamic ciml_dyn_map

crypto map ciml_map interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup ciml_vpngroup address-pool vpn_ip_pool

vpngroup ciml_vpngroup dns-server 10.1.1.41

vpngroup ciml_vpngroup default-domain toto.tata

vpngroup ciml_vpngroup idle-time 1800

vpngroup ciml_vpngroup password ********

thanks !!

fx

2 REPLIES
Silver

Re: Problems with vpn 4.0.x

transform-set ciml_transform is using SHA for hashing, and your isakmp policy is using MD5. Try setting both to the same

New Member

Re: Problems with vpn 4.0.x

The combination of DES and SHA is not supported in the later versions of the VPN client. Select either DES & MD5 or 3DES & SHA for the transform set.

102
Views
0
Helpful
2
Replies