Hello All,
I am trying to set up a client VPN on my PIX 515E. Everything seems to be going well on the client side until I get this error:
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
I currently have 3 Site-to-Site VPNs up and running with no problems, but the client VPN is giving me fits. Any help would be appreciated. Log Files and PIX Configs posted below...
Thanks!
************ VPN Client Log Output ******************************638 14:13:29.151 08/08/07 Sev=Info/4 CM/0x63100002
Begin connection process
639 14:13:29.161 08/08/07 Sev=Info/4 CVPND/0xE3400001Microsoft IPSec Policy Agent service stopped successfully
640 14:13:29.161 08/08/07 Sev=Info/4 CM/0x63100004Establish secure connection using Ethernet
641 14:13:29.161 08/08/07 Sev=Info/4 CM/0x63100024Attempt connection with server "xx.xx.xx.xx"
642 14:13:30.162 08/08/07 Sev=Info/6 IKE/0x6300003BAttempting to establish a connection with xx.xx.xx.xx.
643 14:13:30.172 08/08/07 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to xx.xx.xx.xx
644 14:13:30.172 08/08/07 Sev=Info/4 IPSEC/0x63700008IPSec driver successfully started
645 14:13:30.172 08/08/07 Sev=Info/4 IPSEC/0x63700014Deleted all keys
646 14:13:30.713 08/08/07 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx
647 14:13:30.713 08/08/07 Sev=Info/4 IKE/0x63000014RECEIVING > ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to xx.xx.xx.xx
654 14:13:30.723 08/08/07 Sev=Info/4 IKE/0x63000083IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
655 14:13:30.723 08/08/07 Sev=Info/4 CM/0x6310000EEstablished Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
656 14:13:30.723 08/08/07 Sev=Info/4 CM/0x6310000EEstablished Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
657 14:13:30.733 08/08/07 Sev=Info/5 IKE/0x6300005EClient sending a firewall request to concentrator
658 14:13:30.733 08/08/07 Sev=Info/5 IKE/0x6300005DFirewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).
659 14:13:30.733 08/08/07 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xx.xx.xx.xx
660 14:13:30.783 08/08/07 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx
661 14:13:30.783 08/08/07 Sev=Info/4 IKE/0x63000014RECEIVING ISAKMP OAK INFO *(HASH, DEL) to xx.xx.xx.xx
679 14:13:30.943 08/08/07 Sev=Info/4 IKE/0x63000049Discarding IPsec SA negotiation, MsgID=9E1C54AA
680 14:13:30.943 08/08/07 Sev=Info/4 IKE/0x63000017Marking IKE SA for deletion (I_Cookie=C9B6EE20393CEF5A R_Cookie=5BB8D6BA7145EA8D) reason = DEL_REASON_IKE_NEG_FAILED
681 14:13:31.384 08/08/07 Sev=Info/4 IPSEC/0x63700014Deleted all keys
682 14:13:31.785 08/08/07 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx
683 14:13:31.785 08/08/07 Sev=Warning/3 IKE/0xA3000029No keys are available to decrypt the received ISAKMP payload
684 14:13:31.785 08/08/07 Sev=Info/4 IKE/0x63000014RECEIVING