1. Home
  2. Cisco Systems
  3. Cisco PIX Client VPN Config Problem

Cisco PIX Client VPN Config Problem

Hello All,

I am trying to set up a client VPN on my PIX 515E. Everything seems to be going well on the client side until I get this error:

Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

I currently have 3 Site-to-Site VPNs up and running with no problems, but the client VPN is giving me fits. Any help would be appreciated. Log Files and PIX Configs posted below...

Thanks!

************ VPN Client Log Output ******************************

638 14:13:29.151 08/08/07 Sev=Info/4 CM/0x63100002

Begin connection process

639 14:13:29.161 08/08/07 Sev=Info/4 CVPND/0xE3400001

Microsoft IPSec Policy Agent service stopped successfully

640 14:13:29.161 08/08/07 Sev=Info/4 CM/0x63100004

Establish secure connection using Ethernet

641 14:13:29.161 08/08/07 Sev=Info/4 CM/0x63100024

Attempt connection with server "xx.xx.xx.xx"

642 14:13:30.162 08/08/07 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with xx.xx.xx.xx.

643 14:13:30.172 08/08/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to xx.xx.xx.xx

644 14:13:30.172 08/08/07 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

645 14:13:30.172 08/08/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

646 14:13:30.713 08/08/07 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = xx.xx.xx.xx

647 14:13:30.713 08/08/07 Sev=Info/4 IKE/0x63000014

RECEIVING > ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to xx.xx.xx.xx

654 14:13:30.723 08/08/07 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4

655 14:13:30.723 08/08/07 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

656 14:13:30.723 08/08/07 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

657 14:13:30.733 08/08/07 Sev=Info/5 IKE/0x6300005E

Client sending a firewall request to concentrator

658 14:13:30.733 08/08/07 Sev=Info/5 IKE/0x6300005D

Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).

659 14:13:30.733 08/08/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xx.xx.xx.xx

660 14:13:30.783 08/08/07 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = xx.xx.xx.xx

661 14:13:30.783 08/08/07 Sev=Info/4 IKE/0x63000014

RECEIVING ISAKMP OAK INFO *(HASH, DEL) to xx.xx.xx.xx

679 14:13:30.943 08/08/07 Sev=Info/4 IKE/0x63000049

Discarding IPsec SA negotiation, MsgID=9E1C54AA

680 14:13:30.943 08/08/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=C9B6EE20393CEF5A R_Cookie=5BB8D6BA7145EA8D) reason = DEL_REASON_IKE_NEG_FAILED

681 14:13:31.384 08/08/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

682 14:13:31.785 08/08/07 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = xx.xx.xx.xx

683 14:13:31.785 08/08/07 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

684 14:13:31.785 08/08/07 Sev=Info/4 IKE/0x63000014

RECEIVING

Reply to
Ben
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.