Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with Cisco VPN Client 5.0.0.06.0160 on Windows 7 x86

Status
Not open for further replies.

EddieBo83

Technical User
Sep 14, 2011
2
GB
Hi Guys,

I'm experiencing a problem authenticating it seems to our Cisco VPN 3000 box using VPN Client v5 on Win 7 x86 platform.

The Client errors with a Reason 427, I've pulled the log file from the client, Line 469 seems to be where the problem starts
(Delete Reason Code: 4 --> PEER_DELETE-IKE_DELETE_NO_ERROR.)

---

Cisco Systems VPN Client Version 5.0.06.0160
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600

439 11:24:55.106 09/14/11 Sev=Info/4 CM/0x63100002
Begin connection process

440 11:24:55.122 09/14/11 Sev=Info/4 CM/0x63100004
Establish secure connection

441 11:24:55.122 09/14/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "ip"

442 11:24:55.138 09/14/11 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with ip.

443 11:24:55.138 09/14/11 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation

444 11:24:55.138 09/14/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to ip

445 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ip

446 11:24:55.528 09/14/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?), VID(?)) from ip

447 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer

448 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH

449 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000001
Peer supports DPD

450 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T

451 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads

452 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text

453 11:24:55.528 09/14/11 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful

454 11:24:55.528 09/14/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to ip

455 11:24:55.528 09/14/11 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA

456 11:24:55.528 09/14/11 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xDC49, Remote Port = 0x1194

457 11:24:55.528 09/14/11 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end IS behind a NAT device

458 11:24:55.528 09/14/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

459 11:24:55.528 09/14/11 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

460 11:24:55.528 09/14/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

461 11:24:55.590 09/14/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ip

462 11:24:55.590 09/14/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from ip

463 11:24:55.590 09/14/11 Sev=Info/4 CM/0x63100015
Launch xAuth application

464 11:24:55.606 09/14/11 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 103h.

465 11:25:03.125 09/14/11 Sev=Info/4 CM/0x63100017
xAuth application returned

466 11:25:03.125 09/14/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to ip

467 11:25:03.437 09/14/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ip

468 11:25:03.437 09/14/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DWR) from ip

469 11:25:03.437 09/14/11 Sev=Info/4 IKE/0x63000081
Delete Reason Code: 4 --> PEER_DELETE-IKE_DELETE_NO_ERROR.

470 11:25:03.437 09/14/11 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=C6B747733E73D39B R_Cookie=FE131FF2765CCE8F

471 11:25:03.437 09/14/11 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=C6B747733E73D39B R_Cookie=FE131FF2765CCE8F) reason = PEER_DELETE-IKE_DELETE_NO_ERROR

472 11:25:04.295 09/14/11 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=C6B747733E73D39B R_Cookie=FE131FF2765CCE8F) reason = PEER_DELETE-IKE_DELETE_NO_ERROR

473 11:25:04.295 09/14/11 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "ip" because of "PEER_DELETE-IKE_DELETE_NO_ERROR"

474 11:25:04.295 09/14/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

475 11:25:04.295 09/14/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.

476 11:25:04.295 09/14/11 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

477 11:25:05.324 09/14/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

478 11:25:05.324 09/14/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

479 11:25:05.324 09/14/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

480 11:25:05.324 09/14/11 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped


---

I've looked at the log on the Concentrator which is showing
(IKE Received NULL Passcode string from the remote end!):

---

631 09/14/2011 12:48:47.950 SEV=4 IKE/0 RPT=19 ip
Group [group] User [user]
IKE Received NULL Passcode string from the remote end!

633 09/14/2011 12:48:48.050 SEV=4 AUTH/9 RPT=19 ip
Authentication failed: Reason = Logon Failure
handle = 62, server = server, user = user

635 09/14/2011 12:48:48.050 SEV=4 IKE/167 RPT=22 ip
Group [group] User [user]
Remote peer has failed user authentication -
check configured username and password

638 09/14/2011 12:48:48.050 SEV=5 IKE/194 RPT=27 ip
Group [group] User [user]
Sending IKE Delete With Reason message: No Reason Provided.


---

This all seems very odd as this token and user are working perfectly on an XP machine, ruling out username and password problems...I've ensured the correct case is being used for the username also.

Does anyone have any ideas, or know of any issues with using this version of the client on Windows 7 x86?

Thanks

Chris

 
Hi,

Looking at the Cisco site, any client 5 upwards is reported to work on all Windows 32 Bit Versions.

Can you recommend an alternative to use? I tried importing the same PCF file into the Shrewsoft client with no success either :(

Chris
 
Works fine for me...

Shoot a config over. I can convert the 3000 XML to IOS or ASA code to decipher much easier.

/ of all evil

10 ? "TIMMAY!!!"
20 goto 10
run
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!!!
TIMMAY!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top