[Vpn-help] PIX Connection Help
Michael Russell
russell at mtifilm.com
Fri Feb 13 10:25:06 CST 2009
I haven't heard anything on this. I would greatly appreciate some help
debugging it. Thanks.
Michael Russell
russell at mtifilm.com
MTI Film, LLC
Providence, RI 02906 USA
Michael Russell wrote:
> I had thought of that, but I've double-checked that I have the proper
> pre-shared key (aka Group Authentication Password in Cisco's VPN
> client.) Any ideas to try to debug this problem? Thanks.
>
> Michael Russell
> russell at mtifilm.com
> MTI Film, LLC
> Providence, RI 02906 USA
>
>
> Matthew Grooms wrote:
>> Michael Russell wrote:
>>> I am trying to connect to a PIX (v 6.3(5)) using the latest version
>>> (2.1.4) of Shrew Soft VPN client. I have followed your
>>> HowToCiscoPix guide as an outline, but still cannot connect. I get
>>> this message:
>>>
>>
>> Hi Michael,
>>
>>> 09/01/29 13:55:45 !! : phase1 sa rejected, invalid auth data
>>> 09/01/29 13:55:45 !! : 192.168.1.2:4500 <-> 70.166.146.238:4500
>>> 09/01/29 13:55:45 !! : 218fd93e5f3ce35:bf92a2cced0489de
>>> 09/01/29 13:55:45 ii : sending peer DELETE message
>>> 09/01/29 13:55:45 ii : - 192.168.1.2:4500 -> 70.166.146.238:4500
>>> 09/01/29 13:55:45 ii : - isakmp spi = 0218fd93e5f3ce35:bf92a2cced0489de
>>> 09/01/29 13:55:45 ii : - data size 0
>>
>> This appears to be a happening very early in phase1. My guess would
>> be that you have a mismatched pre-shared key. The pix is accepting
>> the client phase1 proposal and identity values or it wouldn't be
>> responding with a second packet for the aggressive exchange. The
>> client doesn't send its hash value until the third packet so it would
>> be the client that would catch this problem first as the initiator.
>>
>> Hope this helps,
>>
>> -Matthew
>>
>
More information about the vpn-help
mailing list