Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accessing 506e with new vpn client versions

Status
Not open for further replies.
skappiris

skappiris

IS-IT--Management
Jan 31, 2005
4
US
Problem: I'm only able to access the PIX via Cisco vpn client ver. 3.6.6
I updated the IOS to 6.3(4) and still can't access via VPN with Cisco client ver. 4.0.5 or 4.6 (3.6.6 still works OK)
I get an error message: Reason 413
When I type in a bad password I do get an authentication error; so, it appears that the problem may be happening after the Radius authenticates.
From a previous FAQ I replaced the 'ISAKMP identity address' statement with 'ISAKMP identity hostname'to no avail.
Any help appreciated.
thanks.
Stan
 
Sort by date Sort by votes
Thanks for responding! Here's a partial script that contains some vpn code...what do you think I should change/add?
****
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication RADIUS
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Vgroup1 address-pool vpn-pool01
vpngroup Vgroup1 dns-server DNS-Server1
vpngroup Vgroup1 default-domain DOMAIN.com
vpngroup Vgroup1 split-tunnel outside_cryptomap_dyn_20
vpngroup Vgroup1 idle-time 3600
vpngroup Vgroup1 password *************
 
Upvote 0 Downvote
Thanks for the tip. Unfortunately, it didn't work. I'll keep plugging away...
 
Upvote 0 Downvote
Here's a piece of the vpn client log; does this help at all?

174 02:48:51.968 02/01/05 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=28BA72727E019D74 R_Cookie=EACB9C1C23374003) reason = DEL_REASON_IKE_NEG_FAILED

175 02:48:51.968 02/01/05 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

176 02:48:51.984 02/01/05 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
273
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
286
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
124
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
355
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
87
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top