ISA KMP /VPN client issue

From: Barry Nolan (bnolan@euro.banta.com)
Date: Thu Jul 10 2003 - 05:16:01 GMT-3

• Next message: DBL: "lab 16th july in brussels"
• Previous message: wing_lam@jossynergy.com: "Inteface drop and CAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
    I am trying to use a cisco vpnclient, version 3.5x to connect to an IOS
router, not a vpn concentrator.
No external authentication. The connection is failing aggressive mode
negotiation.
I've tried the Doc cd and the cisco website. Does anyone have any info on
the following error
btw the client and the router are on the same LAN segment, no fw or
filtering.
Jul 10 07:47:44: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode
fail
ed with peer at 10.xx.xx.xx

Debug as follows;

Jul 10 07:47:44: ISAKMP (0:0): received packet from 10.xx.xx.xx (N) NEW SA
Jul 10 07:47:44: ISAKMP: local port 500, remote port 500
Jul 10 07:47:44: ISAKMP (0:6): processing SA payload. message ID = 0
Jul 10 07:47:44: ISAKMP (0:6): processing ID payload. message ID = 0
Jul 10 07:47:44: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode
fail
ed with peer at 10.xx.xx.xx
Jul 10 07:47:44: ISAKMP (0:6): incrementing error counter on sa:
reset_retransmi
ssion
Jul 10 07:47:46: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
Jul 10 07:47:46: ISAKMP (0:6): incrementing error counter on sa: retransmit
phas
e 1
Jul 10 07:47:46: ISAKMP (0:6): no outgoing phase 1 packet to retransmit.
AG_NO_S
TATE
Jul 10 07:47:49: ISAKMP (0:0): received packet from 10.xx.xx.xx(N) NEW SA
Jul 10 07:47:49: ISAKMP: local port 500, remote port 500
Jul 10 07:47:49: ISAKMP (0:7): processing SA payload. message ID = 0
Jul 10 07:47:49: ISAKMP (0:7): processing ID payload. message ID = 0
Jul 10 07:47:49: ISAKMP (0:7): incrementing error counter on sa:
reset_retransmi
ssion
Jul 10 07:47:50: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
Jul 10 07:47:50: ISAKMP (0:7): incrementing error counter on sa: retransmit
phas
e 1
Jul 10 07:47:50: ISAKMP (0:7): no outgoing phase 1 packet to retransmit.
AG_NO_S
TATE
Jul 10 07:47:54: ISAKMP (0:0): received packet from 10.xx.xx.xx(N) NEW SA
Jul 10 07:47:54: ISAKMP: local port 500, remote port 500
Jul 10 07:47:59: ISAKMP (0:0): received packet from 10.xx.xx.xx(N) NEW SA
Jul 10 07:47:59: ISAKMP: local port 500, remote port 500

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

• Next message: DBL: "lab 16th july in brussels"
• Previous message: wing_lam@jossynergy.com: "Inteface drop and CAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:34 GMT-3