Re: oak_conf_xauth

dsmhospital · ‎02-09-2010

I've created a VPN on a PIX 515e (6.3). When I telnet to the server on the remote network I get the "oak_conf_xauth" state when I sh isakmp sa. The isakmp entry is: isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255 no-xauth no-config-mode. I know the peer address and key are correct.

I've never seen this error message before, and there are no solutions on the Internet that I can find that adequately describes the message. Can anyone give me a concise explanation of what this error message means?

sachinraja · ‎02-09-2010

Hi

what version of OS are you running on your security appliance ? Is it a site-to-site VPN to another cisco device ?

since you have already given no-xauth & no-config-mode, it shouldnt authenticate further.. Try clearing the ISAKMP SA, to renegotiate parameters between the end points.. what is the state on other side of the VPN end point ? clear isakmp sa.. or you can probably remove the tunnel and recreate, which could sometimes solve this issue.. did u do you a debug crypto isakmp ? did it give you any indications ?

Hope this helps.. all the best

Raj

dsmhospital · ‎02-09-2010

Hi,

It's a new site-to-site VPN. I cleared the isakmp sa and tried to

telnet again, but I got the same error. I'm using a PIX 151e with 6.3

OS. The other side is a Dlink DFL260 that I don't have access to.

What exactly does the "oak_conf_xauth" message mean?

Thanks for the reply and the help!

Tracy

---

sachinraja · ‎02-09-2010

I havent seen this error before, but it might just be related to Extended authentication settings which is

normally used for telecommuter setup.. im not sure if this is documented in CCO.. what does debug crypto isakmp give ? Can you post that result please ?

someone internal in cisco can probably clarify this ... is this box on support ? You can open a TAC if it is...

Raj