vpnclient firewall policy mismatch issue Post: 302345358

Sponsored Content

Top Forums UNIX for Advanced & Expert Users vpnclient firewall policy mismatch issue Post 302345358 by zing_foru on Wednesday 19th of August 2009 03:42:47 AM

08-19-2009

Registered User

vpnclient firewall policy mismatch issue

Hi all,

I have installed vpnclient 4.8.00 (0490) on my centOS GNU/Linux OS. I configured the profiles (using the same profile pcf files which was on my WinXp system)

I can connect to CISCO VPN from my WinXP machine but with the same profile (.pcf) on Linux am getting "Firewall Policy Mismatch." message. I stopped the iptables but even though getting the same message.
following is the trace;

Code:

[root@localhost Profiles]# vpnclient connect sam
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-128.el5 #1 SMP Wed Jan 21 10:44:23 EST 2009 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at xxx.xxx.xxx.xxx (am not showing the IP due to policy issues)
User Authentication for sam...

Enter Username and Password.

Username [test]:test
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Secure VPN Connection terminated by Peer.
Reason: Firewall Policy Mismatch.
There are no new notification messages at this time.

Why am getting this error? I tried a lot digging into this but still didn't find any solution
please suggest how we can resolve this issue, any help in this regard is realy helpful

Thanks and appreciates any kind of support...

zing_foru

View Public Profile for zing_foru

Find all posts by zing_foru

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

linux firewall / dns issue

I have set up a linux (red hat 9) box as my main internet router. I am also running a DNS server on it. What are the rules i have to implement to allow DNS queries through the firewall from outside so that the outside world can see my domains?

2. IP Networking

Firewall Policy Scheduler.

Hi All. can anybody help me out in knowing the technical details of Firewall Policy Scheduler :confused: Thanks

3. UNIX for Dummies Questions & Answers

Interesting date/ps time mismatch

# date;ps -ef|grep confused. Tue Dec 13 11:11:22 EST 2005 root 12847 12733 0 11:21 pts/83 00:00:00 grep confused. I am really confused on why my ps and my date command are returning different values for the time. Anyone know how to resolve this? Running FC2, if it helps.

4. Shell Programming and Scripting

To find String mismatch

Hi, I have a doubt when searching files for the existence of a particular key. I have a property file has data with key and value pair like below and i call it as property file.ini here are the contents in File: popertyfile.ini location.property=2 agent.method=begin newkey=23 ...

5. Solaris

SSH/Firewall issue

I am a complete UNIX neophyte with the unenviable task of trying to pseudo manage two SUN boxes with an unknown past. I was not responsible for setting them up, anything that was done on them previously, and have no means of figuring out anything that was done to them. So far I have changed the...

6. IP Networking

NAT Forwarding Issue Endian and Vyatta Firewall

I've experienced this same issue with both the Endian Firewall Appliance and a Vyatta Firewall Appliance. Conversely, it works with a Draytek Firewall/Router. I am trying to forward port 80 traffic to my internal web server which is located on the /24 subnet. I have an external static IP which...

7. HP-UX

about HP-UX error exa_parm mismatch?

Hi, anyone can give me the answer about Fatal: HP-UX error exa_parm mismatch? We are running HP-UX ver. 9.0.1 also running some OCP software along with Licensed dongle. Every three to four hour (some time it will last up to 24 hour) the OCP software shutdown unexpectedly

8. Shell Programming and Scripting

Count mismatch in UNIX

Hi, I have a requirement like below. client is sending the .txt filles.In that file we have 10 records but when I execute the below command it is showing 9 records. klena20> wc -l sample_file.txt|awk '{print $1}' It is showing the output as 9 But in a file records are 10. I found...

9. Linux

Linux and SCO ppp, firewall issue?

I' m playng a little retrocomputing. I have setup a virtual machine with SCO unix(3.2v4.2) on qemu The machine start, the novell2000 card(ne2k_pci,ne2k_isa) unfortunately not,probably driver issue. So I try the slirp with this procedure On SCO netconfig add chain..sl ..etc On...

LEARN ABOUT DEBIAN

racoon-tool

RACOON-TOOL(8)						      System Manager's Manual						    RACOON-TOOL(8)

NAME

       racoon-tool - program to manage the racoon(8) IPSEC IKE daemon.

SYNOPSIS

       racoon-tool [-h] reload|restart|force-reload|start|stop
       racoon-tool [-h] sadflush|spdflush|saddump|spddump
       racoon-tool [-h] vpndown|vdown|vpnup|vup connection-name|all
       racoon-tool [-h] vpnreload|vreload connection-name|all
       racoon-tool [-h] vpnlist|vlist [connection-name|all]
       racoon-tool [-h] vpnmenu|vmenu [connection-name-regexp]
       racoon-tool [-h] racoonstart|racoonstop|rstart|rstop

DESCRIPTION

       This  manual page documents briefly the racoon-tool command.  racoon-tool(8) is a perl script that can be used to control the racoon(8) IKE
       daemon and the SPD database within the kernel via the setkey(8) command.  Various operations that it can do are described below.

       You can also optionally choose not to use it via reconfiguring the racoon package using dpkg-reconfigure(8).

OPTIONS

       A summary of options are included below.

       -h     Show summary of options.

COMMANDS

       start  Start racoon(8), loading any needed modules, configuring the SPD, and generating a configuration	from  /etc/racoon/racoon-tool.conf
	      (head) and following up with *.conf files from /etc/racoon/racoon-tool.conf.d/.

       stop   Stop racoon(8) unloading any crypto/IPSEC modules, flushing the SAD and SPD.

       reload Regenerate  configuration  from  /etc/racoon/racoon.conf, and /etc/racoon/racoon.conf.d/, HUP racoon(8) and reinitialise the SPD and
	      SAD.

       restart|force-reload
	      Perform a stop followed by a start

       sadflush
	      Flush the SAD via setkey(8).

       spdflush
	      Flush the SPD via setkey(8).

       saddump|dump
	      Dump the SAD to screen via setkey(8), paginating via your pager.

       spddump
	      Dump the SPD to screen via setkey(8), paginating via your pager.

       vpnup|vup connection-name|all
	      Bring up the VPN connection(s).

       vpndown|vdown connection-name|all
	      Take down the VPN connection(s).

       vpnreload|vreload connection-name|all
	      Reload the VPN connection(s).

       vpnlist|vlist [connection-name|all]
	      List the known VPN connections in /etc/racoon/racoon-tool.conf, etc.  Can be used by a script or administrator to see if a VPN  con-
	      nection exists.

       vpnmenu|vmenu [connection-name-regexp]
	      Start  the  VPN  menu management mode.  This displays the SPD, and you can shutdown VPNs from here.  Latter on support will be added
	      for checking status and reloading the chosen connection.

       racoonstart|rstart
	      Start only the racoon(8) daemon.

       racoonstop|rstop
	      Stop only the racoon(8) daemon.

FILES

       /etc/racoon/racoon-tool.conf
	      - configuration file (head).

       /etc/racoon/racoon-tool.conf.d
	      - configuration file segment directory read after the above.

       /var/lib/racoon/racoon.conf
	      - generated racoon.conf

SEE ALSO

       racoon(8), racoon.conf(5), setkey(8), racoon-tool.conf(5).

AUTHOR

       This manual page was written by Matthew Grant <matthewgrant5@gmail.com>, for the Debian GNU/Linux system (but may be used by others).

																    RACOON-TOOL(8)