Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Concentrator to Watchguard Phase 1 fails

I am trying to setup a lan-lan between our VPNConcentrator and a Watchguard firewall it is failing on Phase 1

Phase 1 failure against global IKE proposal # 1:

Mismatched attr types for class Auth Method:

Rcv'd: Preshared Key

Cfg'd: XAUTH with Preshared Key (Initiator authenticated)

I am confused as to where the XAUTH error lies is it my end or the remote end?

Thanks

Roger

3 REPLIES
Bronze

Re: VPN Concentrator to Watchguard Phase 1 fails

The error means that the IKE policies are not matching on your end and the remote end. Also check the pre-shared key and make sure that they are the same. Following link may help you

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Hall of Fame Super Silver

Re: VPN Concentrator to Watchguard Phase 1 fails

Roger

The error message is indicating that XAUTH is configured on your side and not configured on the other side. It can work if both sides are configured for XAUTH or if both sides are not configured for XAUTH. The suggestion from Theo to check and make sure that the key configured on both sides is the same is a good suggestion. But I do not believe that you have gotten to that stage yet.

HTH

Rick

Silver

Re: VPN Concentrator to Watchguard Phase 1 fails

LAN-2-LAN IPSec VPN does NOT require XAUTH.

XAUTH is remote access VPN, NOT L2L vpn.

To fix this, go into the VPN concentrator, look at phase I proposal that is attached

to this VPN tunnel and you will see that

it has XAUTH associated to it. Click on the

drop down menu and select "no xauth" and

it will work after that.

Easy right?

CCIE Security

2442
Views
0
Helpful
3
Replies