Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client second user access problem.

Hi,

The problem we have is that we can only have one user VPN'ed at a time. What the second user gets in the VPN client log is:

1 18:29:59.766 05/01/03 Sev=Warning/2 IKE/0xE3000022

No private IP address was assigned by the peer

2 18:30:04.133 05/01/03 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_IKE_ESTABLISH_FAIL" (3h).

3 18:30:28.277 05/01/03 Sev=Warning/3 IKE/0xE3000061

The XAUTH authentication failed.

4 18:30:29.739 05/01/03 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_IKE_ESTABLISH_FAILED_AUTH" (19h).

Any ideas? This user can get in no problem if they are the first.

2 REPLIES
Silver

Re: VPN client second user access problem.

It looks like the vpn device (what device are you using?) isn't allocating an ip to the 2nd client. How many ip addresses do you have in the pool for client use?

New Member

Re: VPN client second user access problem.

I am using a Pix firewall, i have four users who will be assigned a vpn group to each one:

ip local pool vpnpool03 172.16.1.3

ip local pool vpnpool02 172.16.1.2

ip local pool vpnpool04 172.16.1.4

ip local pool vpnpool01 172.16.1.1

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto dynamic-map dynmap 20 set transform-set ESP-DES-MD5

crypto map ABCmap 20 ipsec-isakmp dynamic dynmap

crypto map ABCmap client configuration address initiate

crypto map ABCmap client authentication RADIUS

crypto map ABCmap interface outside

isakmp enable outside

isakmp key *** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 5000

vpngroup vpngroup01 address-pool vpnpool01

vpngroup vpngroup01 dns-server 11.131.0.16 11.131.0.14

vpngroup vpngroup01 wins-server 11.131.0.20 11.131.0.16

vpngroup vpngroup01 default-domain abc.co.za

vpngroup vpngroup01 idle-time 1800

vpngroup vpngroup01 password ***

vpngroup vpngroup03 address-pool vpnpool03

vpngroup vpngroup03 dns-server 11.131.0.16 11.131.0.14

vpngroup vpngroup03 wins-server 11.131.0.20 11.131.0.16

vpngroup vpngroup03 default-domain ABC.co.za

vpngroup vpngroup03 idle-time 1800

vpngroup vpngroup03 password ***

vpngroup vpngroup02 address-pool vpnpool02

vpngroup vpngroup02 dns-server 11.131.0.16 11.131.0.14

vpngroup vpngroup02 wins-server 11.131.0.20 11.131.0.16

vpngroup vpngroup02 default-domain ABC.co.za

vpngroup vpngroup02 idle-time 1800

vpngroup vpngroup02 password ***

vpngroup vpngroup04 address-pool vpnpool04

vpngroup vpngroup04 dns-server 11.131.0.16 11.131.0.14

vpngroup vpngroup04 wins-server 11.131.0.20 11.131.0.16

vpngroup vpngroup04 default-domain ABC.co.za

vpngroup vpngroup04 idle-time 1800

vpngroup vpngroup04 password ***

ca identity na.abc.co.za 11.13.0.16:/certsrv/mscep/mscep.dll

ca configure na.abc.co.za ra 1 10 crloptional

Any ideas?

136
Views
0
Helpful
2
Replies