[Vpn-help] PIX Connection Help

Michael Russell russell at mtifilm.com
Thu Jan 29 13:07:06 CST 2009 

I am trying to connect to a PIX (v 6.3(5)) using the latest version 
(2.1.4) of Shrew Soft VPN client.  I have followed your HowToCiscoPix 
guide as an outline, but still cannot connect.  I get this message:

config loaded for site 'mysite'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
gateway authentication error
tunnel disabled
detached from key daemon ...

The log shows:

<snip>
09/01/29 13:55:45 == : phase1 hash_i ( computed ) ( 16 bytes )
09/01/29 13:55:45 >> : hash payload
09/01/29 13:55:45 >> : nat discovery payload
09/01/29 13:55:45 >> : nat discovery payload
09/01/29 13:55:45 >= : cookies 0218fd93e5f3ce35:bf92a2cced0489de
09/01/29 13:55:45 >= : message 00000000
09/01/29 13:55:45 >= : encrypt iv ( 8 bytes )
09/01/29 13:55:45 == : encrypt packet ( 88 bytes )
09/01/29 13:55:45 == : stored iv ( 8 bytes )
09/01/29 13:55:45 DB : phase1 resend event canceled ( ref count = 1 )
09/01/29 13:55:45 -> : send NAT-T:IKE packet 192.168.1.2:4500 -> 
70.166.146.238:
4500 ( 124 bytes )
09/01/29 13:55:45 == : phase1 hash_r ( computed ) ( 16 bytes )
09/01/29 13:55:45 == : phase1 hash_r ( received ) ( 16 bytes )
09/01/29 13:55:45 !! : phase1 sa rejected, invalid auth data
09/01/29 13:55:45 !! : 192.168.1.2:4500 <-> 70.166.146.238:4500
09/01/29 13:55:45 !! : 218fd93e5f3ce35:bf92a2cced0489de
09/01/29 13:55:45 ii : sending peer DELETE message
09/01/29 13:55:45 ii : - 192.168.1.2:4500 -> 70.166.146.238:4500
09/01/29 13:55:45 ii : - isakmp spi = 0218fd93e5f3ce35:bf92a2cced0489de
09/01/29 13:55:45 ii : - data size 0
<snip>

Other possibly useful info:
  Client: XP, SP2
  Differences from HowToCiscoPix example:
    - using DES, not aes-256
    - am using Radius, not Local authentication
  The Cisco VPN client works fine.

Thanks very much for any assistance.

-- 
                                        Michael Russell
                                        russell at mtifilm.com
                                        MTI Film, LLC
                                        Providence, RI  02906  USA

More information about the vpn-help mailing list