From Cisco VPN client, trying to connect to Cisco VPN Concnetrator 3000. Negotiate the initial tunnel ok, and the user login window opens. I enter the credentials, and the credentials are accepted. The status information in the bottom of the window indicates that the client is negotiating security policies. Then the connection is closed with no error messages. Im assuming that I have not selected the appropriate check boxes when I set up the group. This is not a production system, and is just testing in a lab. What security policies must I check for the client to negotiate correctly?
The required policies would be dependent on how the VPN concentrator was configured. Do you have access to the concentrator to be able to see how the group is configured that you will be a member of and whether there is configuration of your individual ID and what policies are associated with it?
Yes I do. This is a lab, so I have full control over the concentrator. I have it set right now for the member to inheret the group policies. I have not been trained on the concentrator, nor am I security expert, so I am stumbling through this. Where would I go to set the security policy for the group and/or individual and what is the appropriate policy for a Cisco VPN client (default settings)
If you have set up your group to inherit policies from the base group then you would want to see what policies are set up for the base group: navigate in the concentrator to configuration, then to User Management, then to Base Group. The security policies are on the IPSec tab.
Went into base group -> IPSEC tab -> attributes. I tested using all of the following options individually (none - could not make connection to VPN conectrator, ESP-DES-MD5, ESP-3DES-MD5, ESP/IKE-3DES-MD5, ESP-3DES-NONE). In all cases (except for the none case) I got the same results. Login window opened up, I added my credentials, credentials were accepted, then the connected was closed. I included a capture of the VPN Client log file. Down at Number 33, it gives the message Delete Reason Code: 4->PEER_DELETE-IKE_DELETE_NO_ERROR. HTH
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...