Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client 4.6 Fails tunnel negotiation at first attempt

Our VPN solution uses a 2 stage authentication process. X.509 Certificate authentication, followed by Windows NT authetication via an ACS. For every user, the first connection attempt to the concentrator fails. Logs show the Certificate and Windows credentials have been succesfully authenticated. The second time the User tries the connection, the Tunnel sets up correctly. Has this problem been seen before? Can you please offer some advice as to how to resolve.

Many thanks

Tony

3 REPLIES
New Member

Re: VPN Client 4.6 Fails tunnel negotiation at first attempt

Unfortunately we are experiencing the same problem, even though we do not use certificates. We are also using the latest client (4.7) and the latest VPN Concentrator software (4.7.2). We have a TAC case open, so hopefully we can get a solution and I will share.

-john

New Member

Re: VPN Client 4.6 Fails tunnel negotiation at first attempt

Thanks for the response. We have now resolved our issue, the fix may not be the same for you. With the help of syslog output, We were able to determine the problem was with the address pool configuration on the Concentrator. We had configured the address pool with a starting address of x.x.x.0 the concentrator tried to allocate this address, then realised it is a broadcast address and removed the address temporarily from the pool. The next connection attempt was then succesfull for the same user. However subsequent users then went through the same cycle. We amended the address pool to have a starting address of x.x.x.1 this has cured the problem.

New Member

Re: VPN Client 4.6 Fails tunnel negotiation at first attempt

Thanks for the update. We were doing the same thing here. Everything is working now.

-John

119
Views
0
Helpful
3
Replies
CreatePlease login to create content