Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client second user access problem.


The problem we have is that we can only have one user VPN'ed at a time. What the second user gets in the VPN client log is:

1 18:29:59.766 05/01/03 Sev=Warning/2 IKE/0xE3000022

No private IP address was assigned by the peer

2 18:30:04.133 05/01/03 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_IKE_ESTABLISH_FAIL" (3h).

3 18:30:28.277 05/01/03 Sev=Warning/3 IKE/0xE3000061

The XAUTH authentication failed.

4 18:30:29.739 05/01/03 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_IKE_ESTABLISH_FAILED_AUTH" (19h).

Any ideas? This user can get in no problem if they are the first.


Re: VPN client second user access problem.

It looks like the vpn device (what device are you using?) isn't allocating an ip to the 2nd client. How many ip addresses do you have in the pool for client use?

New Member

Re: VPN client second user access problem.

I am using a Pix firewall, i have four users who will be assigned a vpn group to each one:

ip local pool vpnpool03

ip local pool vpnpool02

ip local pool vpnpool04

ip local pool vpnpool01

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto dynamic-map dynmap 20 set transform-set ESP-DES-MD5

crypto map ABCmap 20 ipsec-isakmp dynamic dynmap

crypto map ABCmap client configuration address initiate

crypto map ABCmap client authentication RADIUS

crypto map ABCmap interface outside

isakmp enable outside

isakmp key *** address netmask

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 5000

vpngroup vpngroup01 address-pool vpnpool01

vpngroup vpngroup01 dns-server

vpngroup vpngroup01 wins-server

vpngroup vpngroup01 default-domain

vpngroup vpngroup01 idle-time 1800

vpngroup vpngroup01 password ***

vpngroup vpngroup03 address-pool vpnpool03

vpngroup vpngroup03 dns-server

vpngroup vpngroup03 wins-server

vpngroup vpngroup03 default-domain

vpngroup vpngroup03 idle-time 1800

vpngroup vpngroup03 password ***

vpngroup vpngroup02 address-pool vpnpool02

vpngroup vpngroup02 dns-server

vpngroup vpngroup02 wins-server

vpngroup vpngroup02 default-domain

vpngroup vpngroup02 idle-time 1800

vpngroup vpngroup02 password ***

vpngroup vpngroup04 address-pool vpnpool04

vpngroup vpngroup04 dns-server

vpngroup vpngroup04 wins-server

vpngroup vpngroup04 default-domain

vpngroup vpngroup04 idle-time 1800

vpngroup vpngroup04 password ***

ca identity

ca configure ra 1 10 crloptional

Any ideas?