I inherited a (Windows 2000, XP) network with a Cisco router configured for VPN connections.
Several (original) users have no problems connecting to our LAN using their (before my time) preconfigured connections. However when I try to configure additional notebooks with the same settings (Installing Client V. 4.0.1; Setting: Connection Entry, Host, Name, Password; Transport tab) they all receive the following error message:
Secure VPN Connection terminated locally by the Client
Reason: The remote peer is no longer responding.
I checked all settings on both (connecting and erroring out) machines (networking, services), and they are the same; Disabled firewalls on the client side; Tried several ISPs.
I am not a Cisco guy, and didnt touch the router yet.
Please let me know if there is a solution to my problem.
Thanks in advance for your help.
The VPN client error message can be generated when the client side group authentication settings are not correct i.e. wrong password and or username!
Let me know how you get on.
Thanks a lot for your reply Jay.
All clients share the same user name and password, and it work just fine for the originally configured/installed clients.
I was referring to the Name and Password fields under Authentication tab of the Cisco VPN Client. All computers use the same. Thank you.
one thing to verify is the inbound acl on the router. although it's not very common, but i know that some companys will restrict the remote vpn access by obtaining staff home internet ip.
another thing to verify is the group username/password. i understand that the doco you've got has already outlined the group username/password, however we shouldn't eliminate the possibility. to verify, put in the group username/password you've got onto those pc that can connect.
Thanks again for all your replies, and sorry for my delayed respond.
I found an old laptop with preconfigured VPN client, and successfully connected to the network. Then I installed the client on fresh XP SP2 box, and started comparing installations and make adjustments ...
Here's what I did:
- Installed default (Cisco) VPN client.
- Created a new connection with Host IP address (our router).
- Under Authentication tab selected Group Authentication, and populated Name, Password and Confirm Password fields with the information I had.
- Copied ABC.pcf file (located in c:\Program Files\Cisco Systems\VPN Client\Profiles) from the old (connecting) laptop to the new machine.
- Made sure that Cisco Systems, Inc. VPN Service and IPSEC Services Windows services are Automatic and Started.
Only after that I was able to connect using the new laptop (BTW, it was not a member of the Windows Domain, just a Workgroup).
When I clicked Connect button of the VPN Client, "VPN Client | User Authentication for "ABC VPN" dialog box popped up asking for Username and Password. I tried several accounts, and one of them worked (the same happened on the old laptop).
All this gives me an impression that the router (2621MX) authenticates twice – first time by that "Group Authentication", and then against some hard coded list of users/passwords. And neither of the mechanisms is linked to our Windows Domain users' accounts.
Is it so? Do you recognize the pattern?
It works, but I do need to add/remove users. If possible, would you let me know how to do that?
the router authenticates remote vpn user by first the group name and group password. if and only if it passes, then router will prompt for individual username and password.
to verify the group name and group password, look for the commands below from the router config:
crypto isakmp client configuration group vpnclient
with the sample config above, the group name is vpnclient and the group password is abc123.
to create a new remote vpn user,
to delete a user,