Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3005: Cannot obtain IP address

I'm having _one_ user that can't connect to a VPN3005 box.. from the same user's station, with the same vpn client (3.6.2b), we can connect with another user token/profile fine...

The VPN3005 talks to a Cisco ACS 2.6 via TACACS+, which in turn talks to a SecureID server.. The logs in the ACS say everything passed, but this shows up in the VPN3005 logs:

23286 03/13/2003 15:57:29.160 SEV=5 IKEDBG/64 RPT=2033 ###.###.###.###

IKE Peer included IKE fragmentation capability flags:

Main Mode: True

Aggressive Mode: False

23288 03/13/2003 15:57:42.940 SEV=4 IKE/52 RPT=2937 ###.###.###.###

Group [GROUPNAME] User [USERNAME]

User (elord) authenticated.

23289 03/13/2003 15:57:43.070 SEV=5 IKE/184 RPT=2934 ###.###.###.###

Group [GROUPNAME] User [USERNAME]

Client OS: Win9x

Client Application Version: 3.6.2 (B)

23291 03/13/2003 15:57:43.070 SEV=5 IKE/132 RPT=40 ###.###.###.###

Group [GROUPNAME] User [USERNAME]

Cannot obtain an IP address for remote peer

23292 03/13/2003 15:57:43.070 SEV=4 IKEDBG/65 RPT=808 ###.###.###.###

Group [GROUPNAME] User [USERNAME]

IKE TM V6 FSM error history (struct &0x1c73f6c)

<state>, <event>:

TM_DONE, EV_ERROR

TM_BLD_REPLY, EV_IP_FAIL

TM_BLD_REPLY, NullEvent

TM_BLD_REPLY, EV_GET_IP

23297 03/13/2003 15:57:43.070 SEV=4 IKEDBG/65 RPT=809 ###.###.###.###

Group [GROUPNAME] User [USERNAME]

IKE AM Responder FSM error history (struct &0x1e08078)

<state>, <event>:

AM_DONE, EV_ERROR_CONT

AM_DONE, EV_ERROR

AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL

AM_TM_INIT_MODECFG_V6H, Null

Anything to be found in those messages ? searches turn up empty...

I've also checked that noone else has been assigned that IP (IPs are static and manually assigned to each user).. and everybody else in the same group on the acs connects fine..

The VPN3005 is running Version 3.6.7.Rel Dec 18 2002 14:24:06

I'm out of ideas, right now I'll just wait for an off peak period and try to reboot it......

Thanks for any info/suggestions !

1 REPLY
Bronze

Re: VPN3005: Cannot obtain IP address

Hi,

Can same user connect when you assign client an IP address from VPN3K itself.

Error message simpy states , that :

A request for an IP address for a remote access

client from the internal utility that provides these addresses

could not be satisfied.

Thx

Afaq

246
Views
0
Helpful
1
Replies
CreatePlease to create content