https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359825#M822359 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>It's a new site-to-site VPN. I cleared the isakmp sa and tried to </P><P>telnet again, but I got the same error. I'm using a PIX 151e with 6.3 </P><P>OS. The other side is a Dlink DFL260 that I don't have access to.</P><P></P><P>What exactly does the "oak_conf_xauth" message mean?</P><P></P><P>Thanks for the reply and the help!</P><P></P><P>Tracy</P><P>---</P></BODY></HTML> Tue, 09 Feb 2010 22:58:21 GMT dsmhospital 2010-02-09T22:58:21Z https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359823#M822357 <P>I've created a VPN on a PIX 515e (6.3).&nbsp; When I telnet to the server on the remote network I get the "oak_conf_xauth" state when I sh isakmp sa.&nbsp; The isakmp entry is: isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255 no-xauth no-config-mode.&nbsp; I know the peer address and key are correct.</P><P></P><P>I've never seen this error message before, and there are no solutions on the Internet that I can find that adequately describes the message. Can anyone give me a concise explanation of what this error message means?</P> Mon, 11 Mar 2019 17:06:51 GMT https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359823#M822357 dsmhospital 2019-03-11T17:06:51Z https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359824#M822358 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>what version of OS are you running on your security appliance&nbsp; ? Is it a site-to-site VPN to another cisco device ?</P><P></P><P>since you have already given no-xauth &amp; no-config-mode, it shouldnt authenticate further.. Try clearing the ISAKMP SA, to renegotiate parameters between the end points.. what is the state on other side of the VPN end point ? clear isakmp sa..&nbsp; or you can probably remove the tunnel and recreate, which could sometimes solve this issue.. did u do you a debug crypto isakmp ? did it give you any indications ?</P><P><BR />Hope this helps.. all the best</P><P></P><P>Raj</P></BODY></HTML> Tue, 09 Feb 2010 21:17:06 GMT https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359824#M822358 sachinraja 2010-02-09T21:17:06Z https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359825#M822359 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>It's a new site-to-site VPN. I cleared the isakmp sa and tried to </P><P>telnet again, but I got the same error. I'm using a PIX 151e with 6.3 </P><P>OS. The other side is a Dlink DFL260 that I don't have access to.</P><P></P><P>What exactly does the "oak_conf_xauth" message mean?</P><P></P><P>Thanks for the reply and the help!</P><P></P><P>Tracy</P><P>---</P></BODY></HTML> Tue, 09 Feb 2010 22:58:21 GMT https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359825#M822359 dsmhospital 2010-02-09T22:58:21Z https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359826#M822360 <HTML><HEAD></HEAD><BODY><P>I havent seen this error before, but it might just be related to Extended authentication settings which is</P><P>normally used for telecommuter setup.. im not sure if this is documented in CCO.. what does debug crypto isakmp give ? Can you post that result please ?</P><P></P><P>someone internal in cisco can probably clarify this ... is this box on support ? You can open a TAC if it is...</P><P></P><P>Raj</P></BODY></HTML> Tue, 09 Feb 2010 23:18:39 GMT https://community.cisco.com/t5/network-security/oak-conf-xauth/m-p/1359826#M822360 sachinraja 2010-02-09T23:18:39Z