Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

snow leopard built in vpn client not working

Hi,

on my MAC, snow leopard built in vpn client no connecting with Cisco router acting as VPN server,

here is error log i get, can any one help? though i have these policies confgured on my router, but still it fails:S

Sep 13 16:04:03.211: ISAKMP (0:191): Checking ISAKMP transform 1 against priority 99 policy
Sep 13 16:04:03.211: ISAKMP:      life type in seconds
Sep 13 16:04:03.211: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.211: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.211: ISAKMP:      keylength of 256
Sep 13 16:04:03.211: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.211: ISAKMP:      hash SHA
Sep 13 16:04:03.211: ISAKMP:      default group 2
Sep 13 16:04:03.211: ISAKMP (0:191): Hash algorithm offered does not match policy!
Sep 13 16:04:03.211: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.211: ISAKMP (0:191): Checking ISAKMP transform 2 against priority 99 policy
Sep 13 16:04:03.211: ISAKMP:      life type in seconds
Sep 13 16:04:03.211: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.211: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.211: ISAKMP:      keylength of 128
Sep 13 16:04:03.211: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.211: ISAKMP:      hash SHA
Sep 13 16:04:03.211: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Hash algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 3 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.215: ISAKMP:      keylength of 256
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Xauth authentication by pre-shared key offered but does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 4 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.215: ISAKMP:      keylength of 128
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Proposed key length does not match policy
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 5 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption 3DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash SHA
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 6 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption 3DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 7 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash SHA
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 8 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 0

ROUTER

crypto isakmp policy 99
encr aes 256
hash md5
authentication pre-share
group 2

2 REPLIES

Re: snow leopard built in vpn client not working

The issue is related to "Xauth authentication by pre-shared key offered but does not match policy!"

Can you paste your configuration?

New Member

Re: snow leopard built in vpn client not working

It is likely that your Cisco is configured for L2TP/IPSec, not IPSec-ra with xauth, so you need to configure the OSX client that way too.

(Or is that log from the client?  In which case, vice-versa.)

697
Views
0
Helpful
2
Replies
CreatePlease to create content