VPN and RADIUS auth

Discussion in 'Hardware' started by astrosky, Dec 11, 2008.

  1. astrosky

    astrosky

    Joined:
    Dec 11, 2008
    Messages:
    2
    Equipment -
    Altiga/Cisco 3000 series VPN concentrator
    w2k3 on Dell box running IAS
    Cisco vpn client 5.0.0.4.0300

    Want to vpn in to remote concentrator and use RADIUS authentication.

    Click connect and then asks for username/password in dialog box and asks 3 times then fails with Reason 413 - User authentication failed.

    Here is the log file from the client.
    ***************************
    Cisco Systems VPN Client Version 5.0.04.0300
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Windows, WinNT
    Running on: 5.1.2600 Service Pack 3

    606 15:55:56.059 12/11/08 Sev=Info/4 CM/0x63100002
    Begin connection process

    607 15:55:56.075 12/11/08 Sev=Info/4 CM/0x63100004
    Establish secure connection

    608 15:55:56.075 12/11/08 Sev=Info/4 CM/0x63100024
    Attempt connection with server "63.103.94.135"

    609 15:55:56.090 12/11/08 Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with 63.103.94.135.

    610 15:55:56.090 12/11/08 Sev=Info/4 IKE/0x63000001
    Starting IKE Phase 1 Negotiation

    611 15:55:56.106 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 63.103.94.135

    612 15:55:56.481 12/11/08 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 63.103.94.135

    613 15:55:56.481 12/11/08 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from 63.103.94.135

    614 15:55:56.559 12/11/08 Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 7h.

    615 15:55:56.481 12/11/08 Sev=Info/5 IKE/0x63000001
    Peer is a Cisco-Unity compliant peer

    616 15:55:56.481 12/11/08 Sev=Info/5 IKE/0x63000001
    Peer supports XAUTH

    617 15:55:56.481 12/11/08 Sev=Info/5 IKE/0x63000001
    Peer supports DPD

    618 15:55:56.481 12/11/08 Sev=Info/5 IKE/0x63000001
    Peer supports IKE fragmentation payloads

    619 15:55:56.481 12/11/08 Sev=Info/5 IKE/0x63000001
    Peer supports DWR Code and DWR Text

    620 15:55:56.496 12/11/08 Sev=Info/6 IKE/0x63000001
    IOS Vendor ID Contruction successful

    621 15:55:56.496 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to 63.103.94.135

    622 15:55:56.496 12/11/08 Sev=Info/4 IKE/0x63000083
    IKE Port in use - Local Port = 0x0469, Remote Port = 0x01F4

    623 15:55:56.496 12/11/08 Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

    624 15:55:56.543 12/11/08 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 63.103.94.135

    625 15:55:56.543 12/11/08 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 63.103.94.135

    626 15:55:56.543 12/11/08 Sev=Info/4 CM/0x63100015
    Launch xAuth application

    627 15:55:56.543 12/11/08 Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started

    628 15:55:56.543 12/11/08 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    629 15:55:57.840 12/11/08 Sev=Info/4 CM/0x63100017
    xAuth application returned

    630 15:55:57.840 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 63.103.94.135

    631 15:55:57.981 12/11/08 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 63.103.94.135

    632 15:55:57.981 12/11/08 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 63.103.94.135

    633 15:55:57.996 12/11/08 Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 7h.

    634 15:55:57.981 12/11/08 Sev=Info/4 CM/0x63100015
    Launch xAuth application

    635 15:55:58.465 12/11/08 Sev=Info/4 CM/0x63100017
    xAuth application returned

    636 15:55:58.465 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 63.103.94.135

    637 15:55:58.622 12/11/08 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 63.103.94.135

    638 15:55:58.637 12/11/08 Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 7h.

    639 15:55:58.622 12/11/08 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 63.103.94.135

    640 15:55:58.622 12/11/08 Sev=Info/4 CM/0x63100015
    Launch xAuth application

    641 15:55:59.028 12/11/08 Sev=Info/4 CM/0x63100017
    xAuth application returned

    642 15:55:59.028 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 63.103.94.135

    643 15:55:59.184 12/11/08 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 63.103.94.135

    644 15:55:59.184 12/11/08 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 63.103.94.135

    645 15:55:59.184 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 63.103.94.135

    646 15:55:59.184 12/11/08 Sev=Warning/2 IKE/0xE300009B
    Immature Navigation Termination due to error (Navigator:199)

    647 15:55:59.184 12/11/08 Sev=Info/4 IKE/0x63000017
    Marking IKE SA for deletion (I_Cookie=3F5440E0F27CADAC R_Cookie=CC01CA686D0330A9) reason = DEL_REASON_WE_FAILED_AUTH

    648 15:55:59.184 12/11/08 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 63.103.94.135

    649 15:55:59.231 12/11/08 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 63.103.94.135

    650 15:55:59.231 12/11/08 Sev=Info/4 IKE/0x63000058
    Received an ISAKMP message for a non-active SA, I_Cookie=3F5440E0F27CADAC R_Cookie=CC01CA686D0330A9

    651 15:55:59.231 12/11/08 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 63.103.94.135

    652 15:55:59.981 12/11/08 Sev=Info/4 IKE/0x6300004B
    Discarding IKE SA negotiation (I_Cookie=3F5440E0F27CADAC R_Cookie=CC01CA686D0330A9) reason = DEL_REASON_WE_FAILED_AUTH

    653 15:55:59.981 12/11/08 Sev=Info/4 CM/0x63100014
    Unable to establish Phase 1 SA with server "63.103.94.135" because of "DEL_REASON_WE_FAILED_AUTH"

    654 15:55:59.981 12/11/08 Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv

    655 15:55:59.997 12/11/08 Sev=Info/6 CM/0x63100046
    Set tunnel established flag in registry to 0.

    656 15:55:59.997 12/11/08 Sev=Info/4 IKE/0x63000001
    IKE received signal to terminate VPN connection

    657 15:56:00.997 12/11/08 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    658 15:56:00.997 12/11/08 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    659 15:56:00.997 12/11/08 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    660 15:56:00.997 12/11/08 Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped

    ************************************]
    Further info, please let me know.

    Thanks
     
    astrosky, Dec 11, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. soldara
    Replies:
    1
    Views:
    4,726
    soldara
    Sep 13, 2004
  2. Christian Hewitt
    Replies:
    0
    Views:
    3,031
    Christian Hewitt
    Apr 24, 2005
  3. Cen
    Replies:
    2
    Views:
    767
    Martin Bilgrav
    Oct 27, 2005
  4. ahab.captain@gmail.com
    Replies:
    0
    Views:
    1,457
    ahab.captain@gmail.com
    Aug 17, 2007
  5. Tim
    Replies:
    0
    Views:
    474
Loading...

Share This Page