[Vpn-help] Phase 2 failing while connection to Cisco 2800 Router
Edwards Stephen
Stephen.Edwards at comptel.com
Wed Oct 14 19:50:34 CDT 2009
I've just tried all the PFS groups and each one fails.
It's a possibility that the gateway is IPsec over TCP but surely if that
where the case then the Phase 1 part would also fail? Also would that
not be indicated in the Cisco Log file?
Steve
-----Original Message-----
From: Matthew Grooms [mailto:mgrooms at shrew.net]
Sent: Thursday, 15 October 2009 1:41 p.m.
To: Edwards Stephen
Cc: vpn-help at lists.shrew.net
Subject: Re: [Vpn-help] Phase 2 failing while connection to Cisco 2800
Router
Edwards Stephen wrote:
> Problem:
>
> The VPN client fails to complete the phase 2 request and the fail
> counter on the network tab increments. When trying to ping a server at
> the remote end no response is made. Authentication is however
successful
> and routes are set up at the local end.
>
> Attached are the logs as detailed. I've also included the log from the
> Cisco Client that functions in the VM image but not on the 64bit
Windows
> 7 image.
>
Stephen,
The negotiation looks healthy other than the NO-PROPOSAL-CHOSEN message
being received. Have you tried a few likely PFS settings for phase2
proposals? The other possibility is that the gateway is configured to
required IPsec over TCP which is proprietary and unsupported at this
time.
-Matthew
More information about the vpn-help
mailing list