We just recently upgraded our 3015 Concentrator to version 3.0.2 and started using the client version 3.0.1, and I have ran into an error that I can't figure out. The VPN client gets just past the point where it asks for the username/password then says that the peer has terminated the connection. The VPN client log says "Cannot match Policy Entry: local host=IPADDR=0.0.0.0 remote host=IP ADDR=0.0.0.0. The log on the VPN concentrator says "Received unsupported transaction mode attribute:5" I assume there is a rule or policy setting that I am missing somewhere, but I can't tell where. Can anyone tell me what the "Received unsupported transaction mode attribute" error means?
I think it is because of the active IKE Proposals you have in your concentrator. The client may be looking at all the proposals in the list before it finds the one it can use. Check your sa (sa's) and see what ike proposal (proposal's) it is using, then go to your ike prosal list and remove the unused proposals. Hope this helps.
Thanks for the response. I checked the SA's and realized I wasn't using the correct one for my IPSec group. I changed that and now I can make a connection with Windows ME just fine, but I still cant connect with the 3.0.2 client on Windows2000. Now on the VPN Concentrator I get a "Duplicate first packet detected!" error message. Anyone have any idea what that message means?
I found out that it was the firewall/IDS software I had installed on my computer. I thought I was turning it off before, but I was just turning off the alert notification and managment software running in the system tray rather than stopping the firewall itself.
We are connecting to a VPN3060 and get the message 'Duplicate first packet detected' everytime. While troubleshooting we noticied this was the case evertime when the group information was correct. When we purposely mistyped the group information we would get messages about invalid groups/passwords.
The concentrator messages are not getting back to the client, the client times out and resends the request. Hence the dup packet detected errors at the concentrator. Common problems are on the client side network (router, fw, etc...) or client has firewall software running and not properly config'd to allow the connection. Let us know what you find.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...