Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
2
Replies

VPN Client for Linux fails while negotiating...

cdelcastillo
Level 1
Level 1

‎11-27-2001 01:15 PM - edited ‎02-21-2020 11:31 AM

I am having this problem.

I have a Dell Laptop running Red Hat 7.2

VPN Client 3.0.8

connecting to a PIX525 with 6.0.1.

I run the client and get the following:

Initializing the IPSec link.

Contacting the security gateway at xxx.xxx.xxx.xxx.xxx

Negotiating security policies.

Failed to contact the security gateway.

Now I know the last entry is incorrect, because when I look at the log I see that the pix has passed to the laptop an ip, domain name, dns ip address, etc.

It then receives the following error:

Error -1 obtaining host interfaces on the system while creating dynamic ACL entries

Failed to enumerate interfaces on the system

and finally:

API Failure - Function call IPSecDriverInitialize returned 1.

I know that everything else works because I can make the same connection with my Windows 2000 box and it works.

Any assistance would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

cjacinto
Cisco Employee
Cisco Employee

‎12-01-2001 07:37 PM

Check the following:

Make sure you are using the latest 3.5 client.

* You must run "/etc/rc.d/init.d/vpnclient_init start" before using the client

* This script will be run AUTOMATICALLY every time you reboot your computer.

Firewalls installed on a Linux box such as IpTables, Ipchaining.

You need to make sure that the following are allowed to pass through:

UDP port 500

UDP port 10,000 or whaterver port you are needing for Ipsec thru Nat functionality

IP protocol 50 (ESP)

Tip to check that Ipchains is setup on the Linux Box:

more /etc/sysconfig/ipchains

Look for

-A input -p udp -s 0/0 -d 0/0/ 0:1023 -j REJECT

-A input -p udp -s 0/0 -d

To make sure that UDP traffic is allowed through DELETE THESE lines and Stop Ipchaining and Restart with your changes:

/etc/init.d/ipchains stop

/etc/ini.d/ipchains start

0 Helpful

cdelcastillo
Level 1
Level 1
In response to cjacinto

‎12-14-2001 07:04 AM

Will attempt and post results.

0 Helpful
Customers Also Viewed These Support Documents