04-17-2003 06:07 AM - edited 02-21-2020 12:29 PM
Hello everyone,
I am using Windows XP professional,and modified local security policy using MMC,I forgot where I modified,and having trouble accessing VPN using CISCO system VPN client,below is the VPN client log when I try to access our VPN server,now I want to reset local security policy ,is it possible,if so,how to?
BTW,if anyone here is familiar with CISCO VPN client,could you tell me where can I modify local security policy to make client work?
Thanks
Victor
Here is the CISCO VPN client log:
1 20:27:14.479 04/17/03 Sev=Info/6 DIALER/0x63300002
Initiating connection.
2 20:27:14.479 04/17/03 Sev=Info/4 CM/0x63100002
Begin connection process
3 20:27:14.629 04/17/03 Sev=Info/4 CM/0x63100003
Establish secure connection using dialup services
4 20:27:14.829 04/17/03 Sev=Info/4 PPP/0x63200015
Establish connection with client application
5 20:27:14.869 04/17/03 Sev=Info/4 PPP/0x6320001B
Processing dial command. Dialing "DUN:95700"
6 20:27:14.979 04/17/03 Sev=Info/4 PPP/0x63200002
PPP session is already up
7 20:27:14.979 04/17/03 Sev=Info/4 PPP/0x63200017
Terminate connection with client application
8 20:27:14.999 04/17/03 Sev=Info/4 CM/0x6310000B
PPP session established
9 20:27:14.999 04/17/03 Sev=Info/4 CM/0x63100025
Attempt connection with server "210.176.234.186"
10 20:27:14.999 04/17/03 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 210.176.234.186.
11 20:27:15.060 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID) to 210.176.234.186
12 20:27:15.490 04/17/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
13 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.176.234.186
14 20:27:15.741 04/17/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, VID, VID, VID, VID) from 210.176.234.186
15 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100
16 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
17 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 09002689DFD6B712
18 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100
19 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000001
Peer supports DPD
20 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000
21 20:27:15.741 04/17/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 1F07F70EAA6514D3B0FA96542A500306
22 20:27:15.751 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to 210.176.234.186
23 20:27:15.971 04/17/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.176.234.186
24 20:27:15.971 04/17/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 210.176.234.186
25 20:27:15.971 04/17/03 Sev=Info/4 CM/0x63100015
Launch xAuth application
26 20:27:20.608 04/17/03 Sev=Info/4 CM/0x63100016
xAuth application returned
27 20:27:20.608 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 210.176.234.186
28 20:27:21.038 04/17/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.176.234.186
29 20:27:21.038 04/17/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 210.176.234.186
30 20:27:21.038 04/17/03 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Phase 1 SA in the system
31 20:27:21.048 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 210.176.234.186
32 20:27:21.048 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 210.176.234.186
33 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.176.234.186
34 20:27:22.340 04/17/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 210.176.234.186
35 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 129.191.227.150
36 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK , value = 255.255.255.128
37 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 129.191.235.34
38 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 129.191.237.20
39 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 129.191.235.34
40 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = Authorized Users Only
Welcome to Storagetek Private Network
Connected via Hongkong
41 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
42 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = stortek.com
43 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_UDP_NAT_PORT, value = 0x00002710
44 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
45 20:27:22.340 04/17/03 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.1.Rel built by vmurphy on Aug 29 2002 18:34:44
46 20:27:22.340 04/17/03 Sev=Info/4 CM/0x63100018
Mode Config data received
47 20:27:22.360 04/17/03 Sev=Info/5 IKE/0x63000055
Received a key request from Driver for IP address 210.176.234.186, GW IP = 210.176.234.186
48 20:27:22.360 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 210.176.234.186
49 20:27:22.360 04/17/03 Sev=Info/5 IKE/0x63000055
Received a key request from Driver for IP address 10.10.10.255, GW IP = 210.176.234.186
50 20:27:22.360 04/17/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 210.176.234.186
51 20:27:22.500 04/17/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
52 20:27:23.051 04/17/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.176.234.186
53 20:27:23.051 04/17/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO (NOTIFY:INVALID_COOKIE) from 210.176.234.186
54 20:27:23.051 04/17/03 Sev=Warning/3 IKE/0xA300004A
Received a NOTIFY message with an invalid protocol id (0)
55 20:27:23.051 04/17/03 Sev=Info/5 IKE/0x63000049
Discarding IPsec SA negotiation, message id = C8AFE4
56 20:27:23.051 04/17/03 Sev=Info/5 IKE/0x63000017
Marking IKE SA for deletion (COOKIES = D06AC14DF515DC57 9FF65A8802F89BE6) reason = DEL_REASON_IKE_NEG_FAILED
57 20:27:23.502 04/17/03 Sev=Info/4 IPSEC/0x63700012
Delete all keys associated with peer 210.176.234.186
58 20:27:23.502 04/17/03 Sev=Info/4 IPSEC/0x63700012
Delete all keys associated with peer 210.176.234.186
59 20:27:26.506 04/17/03 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Phase 1 SA currently in the system
60 20:27:26.506 04/17/03 Sev=Info/5 CM/0x63100028
Initializing CVPNDrv
61 20:27:26.516 04/17/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
62 20:27:26.556 04/17/03 Sev=Warning/3 DIALER/0xE3300015
GI VPN start callback failed "CM_IKE_ESTABLISH_FAIL" (3h).
04-20-2003 09:25 PM
Hi,
Cisco's vpn client is pre-configured with all the valid proposals for IKE phase I and II, so you dont have to tweak anything.
Just make that you are vpn server supports IKE phase II atts, as u can see:
54 20:27:23.051 04/17/03 Sev=Warning/3 IKE/0xA300004A
Received a NOTIFY message with an invalid protocol id (0)
seems like that your IPSec SA failed to negotiate.
if its a router or pix, check transformset for ipsec.
thx
Afaq
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide