Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
2
Replies

VPN Concentrator / MovianVPN / SDI

kim.graham
Level 1
Level 1

‎03-12-2003 07:46 PM - edited ‎02-21-2020 12:24 PM

Just a quick question to see if anyone has been able to make the "title" work.

I have a VPN Concentrator running code 3.6.5. An IPaQ PocketPC running the latest movianVPN software. The IPaQ does authenticate when I use an internal user account. I can use the VPN Concentrator to test the account for authentication against the SDI server (pre5.0).

What I have not been able to do is to get the movianVPN client to use the SDI server for authentication.

It passes Phase 1 without any difficulty. Below are the logs from the concentrator. I was receiving similiar errors when configuring the VPN Concentrator to use the DHCP server to grant leases but was able to correct that error. This one I am still mulling about.

2986 03/12/2003 21:49:26.480 SEV=4 IKE/167 RPT=16 159.18.12.102

Group [testing] User [kgraham]

Remote peer has failed user authentication -

check configured username and password

2989 03/12/2003 21:49:26.480 SEV=4 IKEDBG/65 RPT=33 159.18.12.102

Group [testing] User [kgraham]

IKE TM not V6 FSM error history (struct &0x72a7b7c)

<state>, <event>:

TM_DONE, EV_ERROR

TM_AUTH, EV_AUTH_FAIL

TM_AUTH, NullEvent

TM_AUTH, EV_DO_AUTH

2993 03/12/2003 21:49:26.480 SEV=4 IKEDBG/65 RPT=34 159.18.12.102

Group [testing] User [kgraham]

IKE AM Responder FSM error history (struct &0x9da79a4)

<state>, <event>:

AM_DONE, EV_ERROR

AM_TM_PEND_QM, EV_TM_FAIL

AM_TM_PEND_QM, NullEvent

AM_TM_PEND_QM, EV_START_TM

Any help would be appreciated.

Kim

Labels:
0 Helpful
2 Replies 2

afakhan
Level 4
Level 4

‎03-13-2003 02:09 AM

Hi,

Does that same account (SDI userid/PIN) work from a PC, or does the "Test" work from the concentrator itself?

You can try tweaking the timeout/retries on the vpn3k for SDI server to see if that helps, if it doesn't, try sniffing the Authentication session b/w vpn3k and SDI to see where its failing, or SDI server logs can also be a good starting point for troubleshooting.

V3.6.7+ codes are better for SDI auth, as several issues have been fixed.

Thanks,

Afaq

0 Helpful

kim.graham
Level 1
Level 1
In response to afakhan

‎03-14-2003 09:10 AM

Thank you for taking the time to reply Afaq.

Yes the SDI/userid/PIN do function from the laptop with the air card to the vpn concentrator. The SDI/userid/Pin also work from the concentrator. The only part that did not function as per expected is the IPaQ/SDI/userid/PIn combination.

Today I will be working with the person responsible for the SDI server so we can view the transactions as they happen, SDI server monitor window, VPN Concentrator Live event monitor and the IPaQ log window. Hopefully we will be able to establish what may not be working correctly.

In advance I recreated the user and group for the IPaQ incase there was something I did not catch the first time around. I used the movianVPN / VPN concentrator instructions off of there site and some documents I received from Cisco on the subject.

I will let you know how it goes.

Kim

0 Helpful
Customers Also Viewed These Support Documents