09-12-2005 07:42 AM
I configured VPN 3020 using CA. Works fine untill authentication set to none under IPSec tab. When autehntication method set to Internal/RADIUS, VPN users no longer be able to connect, even they are not prompted for username password. If anyone could help, how to setup username password aythentication when using Certificates?
09-16-2005 06:12 AM
I am not sure about your requirement. I do not think you can use username/password using certificates. In fact, you use digital certificates in place of username/password authentication, which is much easier and secure.
09-16-2005 09:18 AM
Check the Concentrator logs. You will find why users can't no longer be able to connect.
09-19-2005 12:35 AM
Belwo are the Log messages when RADIUS is configured for user authentication:
8766 09/19/2005 09:43:29.070 SEV=8 IKEDBG/79 RPT=21260
Mismatched attr types for class DH Group:
Rcv'd: Oakley Group 2
Cfg'd: Oakley Group 5
8768 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21261
Phase 1 failure against global IKE proposal # 13:
Mismatched attr types for class Hash Alg:
Rcv'd: MD5
Cfg'd: SHA
8770 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21262
Phase 1 failure against global IKE proposal # 14:
Mismatched attr types for class Key Length:
Rcv'd: 256 Bits
Cfg'd: 192 Bits
8773 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21263
Phase 1 failure against global IKE proposal # 15:
Rcv'd Key Length attr class, but class is not cfg'd
8775 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21264
Phase 1 failure against global IKE proposal # 16:
Rcv'd Key Length attr class, but class is not cfg'd
8777 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21265
Phase 1 failure against global IKE proposal # 17:
Rcv'd Key Length attr class, but class is not cfg'd
8779 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21266
Phase 1 failure against global IKE proposal # 18:
Rcv'd Key Length attr class, but class is not cfg'd
8781 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21267
Proposal # 1, Transform # 9, Type ISAKMP, Id IKE
Parsing received transform:
Phase 1 failure against global IKE proposal # 1:
Mismatched attr types for class Key Length:
Rcv'd: 128 Bits
Cfg'd: 256 Bits
8786 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21268
Phase 1 failure against global IKE proposal # 2:
Rcv'd Key Length attr class, but class is not cfg'd
8788 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21269
Phase 1 failure against global IKE proposal # 3:
Rcv'd Key Length attr class, but class is not cfg'd
8790 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21270
Phase 1 failure against global IKE proposal # 4:
Rcv'd Key Length attr class, but class is not cfg'd
8792 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21271
Phase 1 failure against global IKE proposal # 5:
Rcv'd Key Length attr class, but class is not cfg'd
8794 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21272
Phase 1 failure against global IKE proposal # 6:
Rcv'd Key Length attr class, but class is not cfg'd
8796 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21273
Phase 1 failure against global IKE proposal # 7:
Rcv'd Key Length attr class, but class is not cfg'd
8798 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21274
Phase 1 failure against global IKE proposal # 8:
Rcv'd Key Length attr class, but class is not cfg'd
8800 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21275
Phase 1 failure against global IKE proposal # 9:
Rcv'd Key Length attr class, but class is not cfg'd
8802 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21276
Phase 1 failure against global IKE proposal # 10:
Mismatched attr types for class DH Group:
Rcv'd: Oakley Group 5
Cfg'd: Oakley Group 2
8805 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21277
Phase 1 failure against global IKE proposal # 11:
Mismatched attr types for class DH Group:
Rcv'd: Oakley Group 5
Cfg'd: Oakley Group 2
It never shows if problem is with RADIUS config,if ti set to none again,start working again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide