Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1031
Views
0
Helpful
0
Comments

Cisco VPN 3000 client is unable to connect to a concentrator with SDI authentication

TCC_2
Level 10
Level 10

on ‎06-22-2009 05:27 PM

Core issue

The Security Dynamics International (SDI) authentication may fail for a few reasons:

  • There is no connectivity between the server and the concentrator.
  • An SDI timeout has occured.
  • The SDI server is not defined as a group.
  • There is a mismatch in the Internet Key Exchange (IKE) proposal.

Resolution

If the SDI authentication fails, perform these checks:

  1. Make sure there is connectivity to the server. To do this, ping the server from the concentrator.
  2. Navigate to Configuration > System > Servers > Authentication and select the right server in order to test the username and password from the concentrator.
  3. Increase the SDI timeout from 10 to 15.
  4. Make sure the IKE proposal for the VPN client is at the top of the list.

For additional information on how to configure SDI authentication for VPN clients, refer to Configuring the Cisco VPN Client to VPN 3000 Concentrator with IPSec SDI Authentication 5.0 and Later.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents