Cisco Support Community

Cisco VPN 3000 client is unable to connect to a concentrator with SDI authentication

Core issue

The Security Dynamics International (SDI) authentication may fail for a few reasons:

  • There is no connectivity between the server and the concentrator.
  • An SDI timeout has occured.
  • The SDI server is not defined as a group.
  • There is a mismatch in the Internet Key Exchange (IKE) proposal.


If the SDI authentication fails, perform these checks:

  1. Make sure there is connectivity to the server. To do this, ping the server from the concentrator.
  2. Navigate to Configuration > System > Servers > Authentication and select the right server in order to test the username and password from the concentrator.
  3. Increase the SDI timeout from 10 to 15.
  4. Make sure the IKE proposal for the VPN client is at the top of the list.

For additional information on how to configure SDI authentication for VPN clients, refer to Configuring the Cisco VPN Client to VPN 3000 Concentrator with IPSec SDI Authentication 5.0 and Later.