[Vpn-help] PIX Connection Help
Michael Russell
russell at mtifilm.com
Mon Feb 2 11:48:24 CST 2009
I had thought of that, but I've double-checked that I have the proper
pre-shared key (aka Group Authentication Password in Cisco's VPN
client.) Any ideas to try to debug this problem? Thanks.
Michael Russell
russell at mtifilm.com
MTI Film, LLC
Providence, RI 02906 USA
Matthew Grooms wrote:
> Michael Russell wrote:
>> I am trying to connect to a PIX (v 6.3(5)) using the latest version
>> (2.1.4) of Shrew Soft VPN client. I have followed your HowToCiscoPix
>> guide as an outline, but still cannot connect. I get this message:
>>
>
> Hi Michael,
>
>> 09/01/29 13:55:45 !! : phase1 sa rejected, invalid auth data
>> 09/01/29 13:55:45 !! : 192.168.1.2:4500 <-> 70.166.146.238:4500
>> 09/01/29 13:55:45 !! : 218fd93e5f3ce35:bf92a2cced0489de
>> 09/01/29 13:55:45 ii : sending peer DELETE message
>> 09/01/29 13:55:45 ii : - 192.168.1.2:4500 -> 70.166.146.238:4500
>> 09/01/29 13:55:45 ii : - isakmp spi = 0218fd93e5f3ce35:bf92a2cced0489de
>> 09/01/29 13:55:45 ii : - data size 0
>
> This appears to be a happening very early in phase1. My guess would be
> that you have a mismatched pre-shared key. The pix is accepting the
> client phase1 proposal and identity values or it wouldn't be
> responding with a second packet for the aggressive exchange. The
> client doesn't send its hash value until the third packet so it would
> be the client that would catch this problem first as the initiator.
>
> Hope this helps,
>
> -Matthew
>
More information about the vpn-help
mailing list