Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Sample config for a cisco2600 to CVPNC 4.0.1 ?

Hi,

Does anyone has a sample config for the 2600 router with Cisco vpn client 4.0.1. I have this setup with 3.52 client, it works fine, but once i upgrade to 4.0.1 client, the tunnel just not establishing, the ATTS are always not matching, no matter what combo of SA i use. Any suggestion would be appreciate. thanks in advance.

4 REPLIES
Bronze

Re: Sample config for a cisco2600 to CVPNC 4.0.1 ?

Depending on the version of IOS router, you can enable AES encryption to see if that helps

crypto isakmp policy 10

encr aes

hash md5

authentication pre-share

Jazib

New Member

Re: Sample config for a cisco2600 to CVPNC 4.0.1 ?

Hi Jazib,

I just tried to use AES as encryption, Still not working, but I got a different message from the debug,

atts are acceptable this time, but i got these messages

"got callback 1

increment ing eror counter on sa: construct_fail_ag_int

received packet from xxx.xxx.xxx.xxx dprot 500 sport 500 global (R) AG_NO_STATE"

retransmitting phase 1 AG_NO_STATE....

does it ring any bell to you, is something is not correct here, if you want, i can send you a show run, also i have tested it with an old version of client, without AES, it was working fine!

let me know if you have any suggestion, thanks

Simon

Bronze

Re: Sample config for a cisco2600 to CVPNC 4.0.1 ?

It looks like router is retransmitting the packet, but getting any reply back. What do you see in the client logs with the severity set to high to all the classes

Jazib

New Member

Re: Sample config for a cisco2600 to CVPNC 4.0.1 ?

Hi Jazib,

thanks for your reply, i did what you tell me, change the severity to high to all of the classes on the client side, and this is what i have found,

6 09:42:22.180 05/28/03 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

7 09:42:22.180 05/28/03 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

8 09:42:22.180 05/28/03 Sev=Info/4 IPSEC/0x6370000D

Key(s) deleted by Interface (67.194.165.48)

9 09:42:27.274 05/28/03 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

10 09:42:27.274 05/28/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 216.98.115.37

11 09:42:28.352 05/28/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 216.98.115.37

12 09:42:28.352 05/28/03 Sev=Warning/2 IKE/0xE3000099

Invalid SPI size (PayloadNotify:116)

13 09:42:28.352 05/28/03 Sev=Info/4 IKE/0xE30000A4

Invalid payload: Stated payload length, 568, is not sufficient for Notification:(PayloadList:148)

14 09:42:28.352 05/28/03 Sev=Warning/3 IKE/0xA3000058

Received malformed message or negotiation no longer active (message id: 0x00000000)

15 09:42:32.759 05/28/03 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

16 09:42:32.759 05/28/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 216.98.115.37

17 09:42:37.760 05/28/03 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

still looks like to me that the router is not responding, and the client try to retransmitte the packet. any idea?

126
Views
0
Helpful
4
Replies
CreatePlease to create content