Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN client 3.6.3 connection message and windows domain login issue

What does this message mean? I got it from my cisco vpn client log viewer:

1 16:08:31.600 04/02/03 Sev=Warning/3 IKE/0xA3000058

Received malformed message or negotiation no longer active (message id: 0xE18FDD27)

It seems the vpn connection is set up already as I get the IP address 172.17.1.4 from my pix 506 firewall and I can ping my remote network (eg 192.168.1.3)

By the way, how can vpn client log into the windows domain? Will that be enough if I push the internal dns server to vpn client?

Thanks in advance

Richard

3 REPLIES
Cisco Employee

Re: VPN client 3.6.3 connection message and windows domain login

The message means the client received an IKE/IPSec packet that wasn't associated with a current tunnel/SA. Usually there nothing to wory bout, they occur every now and then as tunnels are renegotiated. If you only see them randomly and everything seems to be working fine, just ignore them.

As for logging into the internal Windows domain, for NT-based systems you need to enable the Start Before Logon option in the client (Options - Windows Logon Properties). This will bring up the tunnel BEFORE the Windows login is performed and will ensure the client can contact the remote domain. Also, make sure you pass the internal WINS server down to the client, not the DNS server.

New Member

Re: VPN client 3.6.3 connection message and windows domain login

Thank you so much for your kind reply.

Regards

Richard

New Member

Re: VPN client 3.6.3 connection message and windows domain login

On second thought, I want to ask you another question:

If the domain is a running on windows 2000 active directory structure, it seems that there is no need to set up a wins server, because according to microsoft, windows 2000 client will use dns server instead of wins to resolve every domain name. In this case, we usually do not set up wins server, so will that be enough for client to log in if I just push dns server to the vpn client?

Will try that anyway.

Thanks again.

Richard

99
Views
0
Helpful
3
Replies