Cisco Support Community
Community Member

VPN Client xauth problem

I have a problem with just one VPN Client user.

This user is on a Satellite link and has a direct connection to the internet with a Public IP Address. Up until yesterday the link VPN connection was working ok. But in the afternoon it failed, and we cannot get it to work.

We have two other systems behind a NAT firewall who can access the VPN fine using NAT-T. So it doesn't appear to be an issue with the configuration on the terminating VPN device (837 Router).

We have checked the preshared key, the Cisco VPN Service is running, MTU set correctly, ip address is ok etc etc.

When we do a debug on the 837, the one message that I see that appears to be describing the problem is this:

Xauth authentication by pre-shared key offered but does not match policy!

This follows the matching of what appears to be the correct transform-set (3des, md5).

I cannot find reference to that message anywhere.


Re: VPN Client xauth problem

Your config on the VPN gateway looks ok to me except for the username and password. If you have correct username and passowd configured on the 827, then I feel the configs are fine.

Where is the connection failing? Does the user see the XAUTH prompt for username and password?

CreatePlease to create content