Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3519
Views
5
Helpful
0
Comments

The user receives the Xauth required but selected Proposal does not support xauth , Check priorities of ike xauth proposals in ike proposal list error message in the logs of VPN 3000 series Concentrator

TCC_2
Level 10
Level 10

on ‎06-22-2009 05:13 PM

Core issue

This error message appears when a wrong proposal is chosen for an Internet Security Association and Key Management Protocol (ISAKMP) proposal.

Resolution

As a workaround, either disable Xauth or change the Cisco VPN Client proposal.

To disable extended authentication (Xauth) on a VPN Concentrator, perform these steps:

1. Select Configuration > User Management > Groups > Modify.

2.  Go to the IPSec tab.

3.  Confirm that None is selected under the Authentication box. This disallows any sort of Xauth.

4. Select Configuration > Tunneling and Security > IPsec > IKE Proposals.

5.  Check the Cisco VPN Client proposal. The Authentication Mode box should only read "Pre-share Key." This also disallows Xauth for the Clients.

6.  Try to connect to the VPN Client, and verify that the VPN Concentrator does not ask for Xauth.

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents