Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
1
Replies

VPN Client xauth problem

csacontract
Level 1
Level 1

‎03-28-2006 09:20 PM

I have a problem with just one VPN Client user.

This user is on a Satellite link and has a direct connection to the internet with a Public IP Address. Up until yesterday the link VPN connection was working ok. But in the afternoon it failed, and we cannot get it to work.

We have two other systems behind a NAT firewall who can access the VPN fine using NAT-T. So it doesn't appear to be an issue with the configuration on the terminating VPN device (837 Router).

We have checked the preshared key, the Cisco VPN Service is running, MTU set correctly, ip address is ok etc etc.

When we do a debug on the 837, the one message that I see that appears to be describing the problem is this:

Xauth authentication by pre-shared key offered but does not match policy!

This follows the matching of what appears to be the correct transform-set (3des, md5).

I cannot find reference to that message anywhere.

Labels:
Preview file
8 KB
Preview file
21 KB
0 Helpful
1 Reply 1

ebreniz
Level 6
Level 6

‎04-03-2006 01:27 PM

Your config on the VPN gateway looks ok to me except for the username and password. If you have correct username and passowd configured on the 827, then I feel the configs are fine.

Where is the connection failing? Does the user see the XAUTH prompt for username and password?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents