Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Unable to negotiate a security policy

From Cisco VPN client, trying to connect to Cisco VPN Concnetrator 3000. Negotiate the initial tunnel ok, and the user login window opens. I enter the credentials, and the credentials are accepted. The status information in the bottom of the window indicates that the client is negotiating security policies. Then the connection is closed with no error messages. Im assuming that I have not selected the appropriate check boxes when I set up the group. This is not a production system, and is just testing in a lab. What security policies must I check for the client to negotiate correctly?

6 REPLIES
Hall of Fame Super Silver

Re: Unable to negotiate a security policy

Jeffrey

The required policies would be dependent on how the VPN concentrator was configured. Do you have access to the concentrator to be able to see how the group is configured that you will be a member of and whether there is configuration of your individual ID and what policies are associated with it?

HTH

Rick

New Member

Re: Unable to negotiate a security policy

Rick -

Yes I do. This is a lab, so I have full control over the concentrator. I have it set right now for the member to inheret the group policies. I have not been trained on the concentrator, nor am I security expert, so I am stumbling through this. Where would I go to set the security policy for the group and/or individual and what is the appropriate policy for a Cisco VPN client (default settings)

Jeff

Hall of Fame Super Silver

Re: Unable to negotiate a security policy

Jeff

If you have set up your group to inherit policies from the base group then you would want to see what policies are set up for the base group: navigate in the concentrator to configuration, then to User Management, then to Base Group. The security policies are on the IPSec tab.

HTH

Rick

New Member

Re: Unable to negotiate a security policy

Rick -

Went into base group -> IPSEC tab -> attributes. I tested using all of the following options individually (none - could not make connection to VPN conectrator, ESP-DES-MD5, ESP-3DES-MD5, ESP/IKE-3DES-MD5, ESP-3DES-NONE). In all cases (except for the none case) I got the same results. Login window opened up, I added my credentials, credentials were accepted, then the connected was closed. I included a capture of the VPN Client log file. Down at Number 33, it gives the message Delete Reason Code: 4->PEER_DELETE-IKE_DELETE_NO_ERROR. HTH

Jeff

Cisco Employee

Re: Unable to negotiate a security policy

Jeff,

Can you make sure that you have configured the VPN3000 to assign IP Addresses to the VPN Clients.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

Let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: Unable to negotiate a security policy

Arul - thanks, but thats not it. I have an address assigned in the user group

4630
Views
0
Helpful
6
Replies