[Vpn-help] PIX Connection Help
Matthew Grooms
mgrooms at shrew.net
Thu Jan 29 23:53:36 CST 2009
Michael Russell wrote:
> I am trying to connect to a PIX (v 6.3(5)) using the latest version
> (2.1.4) of Shrew Soft VPN client. I have followed your HowToCiscoPix
> guide as an outline, but still cannot connect. I get this message:
>
Hi Michael,
> 09/01/29 13:55:45 !! : phase1 sa rejected, invalid auth data
> 09/01/29 13:55:45 !! : 192.168.1.2:4500 <-> 70.166.146.238:4500
> 09/01/29 13:55:45 !! : 218fd93e5f3ce35:bf92a2cced0489de
> 09/01/29 13:55:45 ii : sending peer DELETE message
> 09/01/29 13:55:45 ii : - 192.168.1.2:4500 -> 70.166.146.238:4500
> 09/01/29 13:55:45 ii : - isakmp spi = 0218fd93e5f3ce35:bf92a2cced0489de
> 09/01/29 13:55:45 ii : - data size 0
This appears to be a happening very early in phase1. My guess would be
that you have a mismatched pre-shared key. The pix is accepting the
client phase1 proposal and identity values or it wouldn't be responding
with a second packet for the aggressive exchange. The client doesn't
send its hash value until the third packet so it would be the client
that would catch this problem first as the initiator.
Hope this helps,
-Matthew
More information about the vpn-help
mailing list