Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6271
Views
0
Helpful
6
Replies

Unable to negotiate a security policy

jeffrey.girard
Level 1
Level 1

‎10-26-2006 06:34 AM - edited ‎03-09-2019 04:41 PM

From Cisco VPN client, trying to connect to Cisco VPN Concnetrator 3000. Negotiate the initial tunnel ok, and the user login window opens. I enter the credentials, and the credentials are accepted. The status information in the bottom of the window indicates that the client is negotiating security policies. Then the connection is closed with no error messages. Im assuming that I have not selected the appropriate check boxes when I set up the group. This is not a production system, and is just testing in a lab. What security policies must I check for the client to negotiate correctly?

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎10-26-2006 06:57 AM

Jeffrey

The required policies would be dependent on how the VPN concentrator was configured. Do you have access to the concentrator to be able to see how the group is configured that you will be a member of and whether there is configuration of your individual ID and what policies are associated with it?

HTH

Rick

HTH

Rick
0 Helpful

jeffrey.girard
Level 1
Level 1
In response to Richard Burts

‎10-26-2006 07:11 AM

Rick -

Yes I do. This is a lab, so I have full control over the concentrator. I have it set right now for the member to inheret the group policies. I have not been trained on the concentrator, nor am I security expert, so I am stumbling through this. Where would I go to set the security policy for the group and/or individual and what is the appropriate policy for a Cisco VPN client (default settings)

Jeff

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jeffrey.girard

‎10-26-2006 09:26 AM

Jeff

If you have set up your group to inherit policies from the base group then you would want to see what policies are set up for the base group: navigate in the concentrator to configuration, then to User Management, then to Base Group. The security policies are on the IPSec tab.

HTH

Rick

HTH

Rick
0 Helpful

jeffrey.girard
Level 1
Level 1
In response to Richard Burts

‎10-27-2006 09:16 AM

Rick -

Went into base group -> IPSEC tab -> attributes. I tested using all of the following options individually (none - could not make connection to VPN conectrator, ESP-DES-MD5, ESP-3DES-MD5, ESP/IKE-3DES-MD5, ESP-3DES-NONE). In all cases (except for the none case) I got the same results. Login window opened up, I added my credentials, credentials were accepted, then the connected was closed. I included a capture of the VPN Client log file. Down at Number 33, it gives the message Delete Reason Code: 4->PEER_DELETE-IKE_DELETE_NO_ERROR. HTH

Jeff

Preview file
5 KB
0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎10-26-2006 06:11 PM

Jeff,

Can you make sure that you have configured the VPN3000 to assign IP Addresses to the VPN Clients.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

Let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

0 Helpful

jeffrey.girard
Level 1
Level 1
In response to ajagadee

‎10-27-2006 09:08 AM

Arul - thanks, but thats not it. I have an address assigned in the user group

0 Helpful
Customers Also Viewed These Support Documents