12-22-2003 02:55 AM - edited 02-21-2020 12:58 PM
Since we have configured a lan-to-lan connection, we cannot establish a connection with a software client anymore. Everything was working fine before. We tried different client software versions (3.6.3 and 4.0.3), we tried making the connection over ADSL and ISDN. Every time we get the same messages in the log of the concentrator:
14586 12/22/2003 11:40:57.070 SEV=12 IKEDECODE/0 RPT=1805
IKE Decode of received SA attributes follows:
0000: 80010007 80020001 80040002 80030001 ................
0010: 800B0001 000C0004 0020C49B 800E0080 ......... ......
14589 12/22/2003 11:40:57.070 SEV=8 IKEDBG/0 RPT=2488
Proposal # 1, Transform # 12, Type ISAKMP, Id IKE
Parsing received transform:
Phase 1 failure against global IKE proposal # 1:
Rcv'd Key Length attr class, but class is not cfg'd
14593 12/22/2003 11:40:57.070 SEV=8 IKEDBG/0 RPT=2489
Phase 1 failure against global IKE proposal # 2:
Rcv'd Key Length attr class, but class is not cfg'd
14595 12/22/2003 11:40:57.070 SEV=8 IKEDBG/0 RPT=2490
Phase 1 failure against global IKE proposal # 3:
Rcv'd Key Length attr class, but class is not cfg'd
14597 12/22/2003 11:40:57.070 SEV=8 IKEDBG/0 RPT=2491
Phase 1 failure against global IKE proposal # 4:
Rcv'd Key Length attr class, but class is not cfg'd
14599 12/22/2003 11:40:57.070 SEV=8 IKEDBG/0 RPT=2492
Phase 1 failure against global IKE proposal # 5:
Rcv'd Key Length attr class, but class is not cfg'd
14601 12/22/2003 11:40:57.070 SEV=8 IKEDBG/0 RPT=2493
Phase 1 failure against global IKE proposal # 6:
Mismatched attr types for class Hash Alg:
Rcv'd: MD5
Cfg'd: SHA
De Vpn client software replies with: remote peer no longer responding.
We messed around with the settings in the concentrator, but dit not get the right settings to get this working again.
Does anyone have any idea what could be wrong?
12-26-2003 09:36 PM
Since this started after configuring a L2L tunnel, check that the client pool of IP addresses isn't included as part of the local or remote network list of the L2L tunnel configuration.
If everything looks OK try removing the L2L tunnel config and see if the client connections start again, it may just be a coincidence that they stopped at the same time. Removing what you think is the offending config will give you a good idea of whether it's the cause of the problem or not.
12-29-2003 03:21 AM
It seems that this has to do with the user authentication: if I set the Authentication field in the Ipsec tab to None, the client authenticates (without the need to fill in a user/pwd), if I put it back to Internal, The client gets a "Remote peer no longer responding" message when trying to connect.
What could be wrong and why does Internal authentication go wrong even though there are users in that group?
01-08-2004 04:51 AM
The cause of this problem was that the certificate transmission was not correct in the SA. The right setting should be: Entire Certificate Chain. After changing this setting the "remote peer no longer responding" dit not show up again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide