Hi,

I have setup a PIX 515 running v803 for remote access from a VPN client. I cyrrently have site-to-site VPN's which have been setup and work fine. Currently, when i connect using the VPN client (v5), although Phase 1 completes Phase 2 does not, I just get IKE negotiation failed.

crypto dynamic-map vpnmap_dynmap 5 set transform-set TRANS_ESP_3DES_MD5

crypto dynamic-map vpnmap_dynmap 15 set transform-set ESP-3DES-SHA

crypto dynamic-map vpnmap_dynmap 30 set transform-set ESP-DES-MD5

crypto dynamic-map vpnmap_dynmap 40 set transform-set ESP-DES-SHA

crypto dynamic-map vpnmap_dynmap 50 set pfs

crypto dynamic-map vpnmap_dynmap 50 set transform-set ESP-3DES-SHA

crypto map vpnmap 65535 ipsec-isakmp dynamic vpnmap_dynmap

crypto isakmp enable outside

crypto map vpnmap interface outside

group-policy client_vpn_access internal

group-policy client_vpn_access attributes

vpn-tunnel-protocol IPSec

dns-server value 10.1.1.1

tunnel-group client_vpn_access type remote-access

tunnel-group client_vpn_access general-attributes

default-group-policy client_vpn_access

address-pool client_vpn_access

tunnel-group client_vpn_access ipsec-attributes

pre-shared-key presharedkey

#### Log from Cisco VPN Client v5 ####

445 21:12:12.686 07/18/08 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

467 21:12:12.766 07/18/08 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

470 21:12:12.766 07/18/08 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=29790EF2FE6728A8 R_Cookie=D4C90BEBCF7838BE) reason = DEL_REASON_IKE_NEG_FAILED

545 21:46:40.379 07/18/08 Sev=Info/4 CM/0x63100012

Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

Please can you help.

Thanks