03-12-2003 07:46 PM - edited 02-21-2020 12:24 PM
Just a quick question to see if anyone has been able to make the "title" work.
I have a VPN Concentrator running code 3.6.5. An IPaQ PocketPC running the latest movianVPN software. The IPaQ does authenticate when I use an internal user account. I can use the VPN Concentrator to test the account for authentication against the SDI server (pre5.0).
What I have not been able to do is to get the movianVPN client to use the SDI server for authentication.
It passes Phase 1 without any difficulty. Below are the logs from the concentrator. I was receiving similiar errors when configuring the VPN Concentrator to use the DHCP server to grant leases but was able to correct that error. This one I am still mulling about.
2986 03/12/2003 21:49:26.480 SEV=4 IKE/167 RPT=16 159.18.12.102
Group [testing] User [kgraham]
Remote peer has failed user authentication -
check configured username and password
2989 03/12/2003 21:49:26.480 SEV=4 IKEDBG/65 RPT=33 159.18.12.102
Group [testing] User [kgraham]
IKE TM not V6 FSM error history (struct &0x72a7b7c)
<state>, <event>:
TM_DONE, EV_ERROR
TM_AUTH, EV_AUTH_FAIL
TM_AUTH, NullEvent
TM_AUTH, EV_DO_AUTH
2993 03/12/2003 21:49:26.480 SEV=4 IKEDBG/65 RPT=34 159.18.12.102
Group [testing] User [kgraham]
IKE AM Responder FSM error history (struct &0x9da79a4)
<state>, <event>:
AM_DONE, EV_ERROR
AM_TM_PEND_QM, EV_TM_FAIL
AM_TM_PEND_QM, NullEvent
AM_TM_PEND_QM, EV_START_TM
Any help would be appreciated.
Kim
03-13-2003 02:09 AM
Hi,
Does that same account (SDI userid/PIN) work from a PC, or does the "Test" work from the concentrator itself?
You can try tweaking the timeout/retries on the vpn3k for SDI server to see if that helps, if it doesn't, try sniffing the Authentication session b/w vpn3k and SDI to see where its failing, or SDI server logs can also be a good starting point for troubleshooting.
V3.6.7+ codes are better for SDI auth, as several issues have been fixed.
Thanks,
Afaq
03-14-2003 09:10 AM
Thank you for taking the time to reply Afaq.
Yes the SDI/userid/PIN do function from the laptop with the air card to the vpn concentrator. The SDI/userid/Pin also work from the concentrator. The only part that did not function as per expected is the IPaQ/SDI/userid/PIn combination.
Today I will be working with the person responsible for the SDI server so we can view the transactions as they happen, SDI server monitor window, VPN Concentrator Live event monitor and the IPaQ log window. Hopefully we will be able to establish what may not be working correctly.
In advance I recreated the user and group for the IPaQ incase there was something I did not catch the first time around. I used the movianVPN / VPN concentrator instructions off of there site and some documents I received from Cisco on the subject.
I will let you know how it goes.
Kim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide