Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Easy VPN SDM and Cisco Client

Status
Not open for further replies.
stevetotaro

stevetotaro

IS-IT--Management
Jul 25, 2003
36
0
0
US
I am trying to setup a Cisco 1721 Easy VPN server through SDM with clients connecting via the Cisco VPN Client. I cannot get it working and have tried everything I can think of. I think the problem is with "NOTIFY:NO_PROPOSAL_CHOSEN" Does anyone have any idea what is wrong. Below is the log output from the client.


Cisco Systems VPN Client Version 4.0.4 (Rel)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.2195

1385 11:39:27.256 01/02/05 Sev=Info/4 CM/0x63100002
Begin connection process

1386 11:39:27.266 01/02/05 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

1387 11:39:27.266 01/02/05 Sev=Info/4 CM/0x63100024
Attempt connection with server "x.x.x.x"

1388 11:39:28.277 01/02/05 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.

1389 11:39:28.287 01/02/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to x.x.x.x

1390 11:39:28.287 01/02/05 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

1391 11:39:28.287 01/02/05 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

1392 11:39:28.938 01/02/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x

1393 11:39:28.938 01/02/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x

1394 11:39:28.938 01/02/05 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer

1395 11:39:28.938 01/02/05 Sev=Info/5 IKE/0x63000001
Peer supports DPD

1396 11:39:28.938 01/02/05 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code Only

1397 11:39:28.938 01/02/05 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH

1398 11:39:28.938 01/02/05 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T

1399 11:39:28.948 01/02/05 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful

1400 11:39:28.948 01/02/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x

1401 11:39:28.948 01/02/05 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA

1402 11:39:28.948 01/02/05 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194

1403 11:39:28.948 01/02/05 Sev=Info/5 IKE/0x63000071
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device

1404 11:39:28.948 01/02/05 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

1405 11:39:28.948 01/02/05 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

1406 11:39:28.948 01/02/05 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator

1407 11:39:28.948 01/02/05 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).

1408 11:39:28.948 01/02/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

1409 11:39:28.998 01/02/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x

1410 11:39:28.998 01/02/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

1411 11:39:28.998 01/02/05 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds

1412 11:39:28.998 01/02/05 Sev=Info/5 IKE/0x63000046
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now

1413 11:39:28.998 01/02/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x

1414 11:39:28.998 01/02/05 Sev=Warning/3 IKE/0xA3000029
No keys are available to decrypt the received ISAKMP payload

1415 11:39:28.998 01/02/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Opaque) from x.x.x.x

1416 11:39:29.028 01/02/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x

1417 11:39:29.028 01/02/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

1418 11:39:29.028 01/02/05 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.10.33

1419 11:39:29.028 01/02/05 Sev=Warning/3 IKE/0xE3000084
The length, 0, of the Mode Config option, INTERNAL_IPV4_NETMASK, is invalid

1420 11:39:29.028 01/02/05 Sev=Info/5 IKE/0xA3000016
MODE_CFG_REPLY: The received (32767) attribute and value (2) is not supported

1421 11:39:29.028 01/02/05 Sev=Info/5 IKE/0xA3000017
MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-1062729183) is not supported

1422 11:39:29.028 01/02/05 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

1423 11:39:29.028 01/02/05 Sev=Info/5 IKE/0xA3000015
MODE_CFG_REPLY: Received MODECFG_UNITY_SPLITDNS_NAME attribute with no data

1424 11:39:29.038 01/02/05 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value =
Cisco IOS Software, C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(2)XE, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.3(3.5)T
TAC Support: Copyright (c) 1986-2003 by Cisco Systems, Inc.
Compiled Tue 18-Nov-03 19:00 by ealyon

1425 11:39:29.038 01/02/05 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

1426 11:39:29.038 01/02/05 Sev=Info/4 CM/0x63100019
Mode Config data received

1427 11:39:29.038 01/02/05 Sev=Info/4 IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.10.33, GW IP = x.x.x.x, Remote IP = 0.0.0.0

1428 11:39:29.038 01/02/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x

1429 11:39:29.118 01/02/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x

1430 11:39:29.118 01/02/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

1431 11:39:29.118 01/02/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.x

1432 11:39:29.118 01/02/05 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=DBEB6925

1433 11:39:29.118 01/02/05 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=C36F7E24C171F15B R_Cookie=8AF08B8573A7179C) reason = DEL_REASON_IKE_NEG_FAILED

1434 11:39:29.679 01/02/05 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

1435 11:39:32.183 01/02/05 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=C36F7E24C171F15B R_Cookie=8AF08B8573A7179C) reason = DEL_REASON_IKE_NEG_FAILED

1436 11:39:32.183 01/02/05 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

1437 11:39:32.183 01/02/05 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

1438 11:39:32.183 01/02/05 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

1439 11:39:32.193 01/02/05 Sev=Info/4 IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully

1440 11:39:32.683 01/02/05 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

1441 11:39:32.683 01/02/05 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

1442 11:39:32.683 01/02/05 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

1443 11:39:32.683 01/02/05 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
 
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
306
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
197
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
126
Joon Smith
Joon Smith
Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
620
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top