Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Concentrator / MovianVPN / SDI

Just a quick question to see if anyone has been able to make the "title" work.

I have a VPN Concentrator running code 3.6.5. An IPaQ PocketPC running the latest movianVPN software. The IPaQ does authenticate when I use an internal user account. I can use the VPN Concentrator to test the account for authentication against the SDI server (pre5.0).

What I have not been able to do is to get the movianVPN client to use the SDI server for authentication.

It passes Phase 1 without any difficulty. Below are the logs from the concentrator. I was receiving similiar errors when configuring the VPN Concentrator to use the DHCP server to grant leases but was able to correct that error. This one I am still mulling about.

2986 03/12/2003 21:49:26.480 SEV=4 IKE/167 RPT=16 159.18.12.102

Group [testing] User [kgraham]

Remote peer has failed user authentication -

check configured username and password

2989 03/12/2003 21:49:26.480 SEV=4 IKEDBG/65 RPT=33 159.18.12.102

Group [testing] User [kgraham]

IKE TM not V6 FSM error history (struct &0x72a7b7c)

<state>, <event>:

TM_DONE, EV_ERROR

TM_AUTH, EV_AUTH_FAIL

TM_AUTH, NullEvent

TM_AUTH, EV_DO_AUTH

2993 03/12/2003 21:49:26.480 SEV=4 IKEDBG/65 RPT=34 159.18.12.102

Group [testing] User [kgraham]

IKE AM Responder FSM error history (struct &0x9da79a4)

<state>, <event>:

AM_DONE, EV_ERROR

AM_TM_PEND_QM, EV_TM_FAIL

AM_TM_PEND_QM, NullEvent

AM_TM_PEND_QM, EV_START_TM

Any help would be appreciated.

Kim

2 REPLIES
Bronze

Re: VPN Concentrator / MovianVPN / SDI

Hi,

Does that same account (SDI userid/PIN) work from a PC, or does the "Test" work from the concentrator itself?

You can try tweaking the timeout/retries on the vpn3k for SDI server to see if that helps, if it doesn't, try sniffing the Authentication session b/w vpn3k and SDI to see where its failing, or SDI server logs can also be a good starting point for troubleshooting.

V3.6.7+ codes are better for SDI auth, as several issues have been fixed.

Thanks,

Afaq

New Member

Re: VPN Concentrator / MovianVPN / SDI

Thank you for taking the time to reply Afaq.

Yes the SDI/userid/PIN do function from the laptop with the air card to the vpn concentrator. The SDI/userid/Pin also work from the concentrator. The only part that did not function as per expected is the IPaQ/SDI/userid/PIn combination.

Today I will be working with the person responsible for the SDI server so we can view the transactions as they happen, SDI server monitor window, VPN Concentrator Live event monitor and the IPaQ log window. Hopefully we will be able to establish what may not be working correctly.

In advance I recreated the user and group for the IPaQ incase there was something I did not catch the first time around. I used the movianVPN / VPN concentrator instructions off of there site and some documents I received from Cisco on the subject.

I will let you know how it goes.

Kim

159
Views
0
Helpful
2
Replies