ISR 1941W VPN capability

Hi,
I am trying to setup a good network in our small company. Need a router that can give us both Gb performance, security and mobility. I then found there is ISR 1941W. Reading the specs and datasheet it is not clear whether the VPN capability comes free with it or I have to activate it with a license. Basically I want to know, if I just buy 1941W from a seller, whether I can just plug it between my ISP and internal switch (say, 3750G) and expect it (after some config commands, of course) to provide VPN access to some 20 remote employees?
Thanks,
raj

For vpn services you will need the security license.
Sent from Cisco Technical Support Android App

Similar Messages

  • Cisco 881 ISR IPSec VPN Tunnel does not pass traffic from the vlan.

    I have a cisco 881 ISR Router with a site-to-site IPsec vpn tunnel to a mikrotik device on the other end (I inherited this from my client). The tunnel is constructed properly and is up, however traffic does not pass or get routed to the FA4 interface. I see in my packet captures that it hits the vlan1 interface (vlans are required on the L2 ports) and does not pass to the tunnel.
    This is my configuration:
    141Kerioth#sh config
    Using 3763 out of 262136 bytes
    ! Last configuration change at 01:02:41 UTC Mon May 26 2014 by admin
    version 15.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname 141Kerioth
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    aaa new-model
    141Kerioth#do wr mem
                  ^
    % Invalid input detected at '^' marker.
    141Kerioth#wr mem
    Building configuration...
    [OK]
    141Kerioth#sh run
    Building configuration...
    Current configuration : 5053 bytes
    ! Last configuration change at 01:38:06 UTC Mon May 26 2014 by admin
    version 15.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname 141Kerioth
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    aaa new-model
    aaa authentication login default local
    aaa authentication ppp default local
    aaa session-id common
    memory-size iomem 10
    crypto pki trustpoint TP-self-signed-580381394
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-580381394
     revocation-check none
     rsakeypair TP-self-signed-580381394
    crypto pki certificate chain TP-self-signed-580381394
     certificate self-signed 01
      30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 35383033 38313339 34301E17 0D313430 35323231 38323333
      365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
      532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3538 30333831
      33393430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
      B001A012 2CA6970C 0648798B 2A786704 84F2D989 83974B19 9B4287F2 4503D2C9
      173F23C4 FF34D160 202A7565 4A1CE08B 60B3ADAE 6E19EE6E 9CD39E72 71F9650E
      930F22FE C4441F9C 2D7DD420 71F75DFC 3CCAC94E BA304685 E0E62658 A3E8D01C
      D01D7D6A 5AF0B0E6 3CF6AF3A B7E51F83 9BF6D38E 65254E1F 71369718 ADADD691
      02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
      23041830 168014D6 24878F12 1FFADF2F 537A438E 6DD7FB6B D79E4130 1D060355
      1D0E0416 0414D624 878F121F FADF2F53 7A438E6D D7FB6BD7 9E41300D 06092A86
      4886F70D 01010505 00038181 00771667 FCA66002 8AB9E5FB F210012F C50B586F
      9A9640BB 45B4CEFD 030A38C0 E610AAC8 B41EF3C4 E55810F9 B2C727CF C1DEFCF1
      0846E7BC 1D95420E 5DADB5F8 EFE7EB37 B5433B80 4FF787D4 B1F2A527 06F065A4
      00522E97 A9D2335C E83C4AE1 E68D7A41 9D0046A7 ADCC282B 7527F84D E71CC567
      14EF37EA 15E57AD0 3C5D01F3 EF
            quit
    ip dhcp excluded-address 10.0.16.1
    ip dhcp pool ccp-pool
     import all
     network 10.0.16.0 255.255.255.0
     default-router 10.0.16.1
     dns-server 8.8.8.8
     lease 0 2
    ip domain name kerioth.com
    ip host hostname.domain z.z.z.z
    ip name-server 8.8.8.8
    ip name-server 4.2.2.2
    ip cef
    no ipv6 cef
    license udi pid CISCO881-K9 sn FTX180483DD
    username admin privilege 15 secret 4 CmmfIy.RPySmo4Q2gEIZ2jlr3J.bTBAszoe5Bry0z4c
    username meadowbrook privilege 0 password 0 $8UBr#Ux
    username meadowbrook autocommand exit
    policy-map type inspect outbound-policy
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 5
    crypto isakmp key 141Township address z.z.z.z
    crypto isakmp keepalive 10
    crypto ipsec transform-set TS esp-3des esp-sha-hmac
     mode tunnel
    crypto map mymap 10 ipsec-isakmp
     set peer z.z.z.z
     set transform-set TS
     match address 115
    interface Loopback0
     no ip address
    interface Tunnel1
     no ip address
    interface FastEthernet0
     no ip address
    interface FastEthernet1
     no ip address
    interface FastEthernet2
     no ip address
    interface FastEthernet3
     no ip address
    interface FastEthernet4
     description $FW_OUTSIDE_WAN$
     ip address 50.y.y.y 255.255.255.240
     ip nat outside
     ip virtual-reassembly in
     duplex auto
     speed auto
     crypto map mymap
    interface Vlan1
     description $ETH_LAN$
     ip address 10.0.16.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     ip tcp adjust-mss 1452
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 115 interface Vlan1 overload
    ip nat inside source list 199 interface FastEthernet4 overload
    ip nat inside source route-map nonat interface FastEthernet4 overload
    ip route 0.0.0.0 0.0.0.0 50.x.x.x
    access-list 110 deny   ip 10.0.16.0 0.0.0.255 10.0.1.0 0.0.0.255
    access-list 110 permit ip 10.0.16.0 0.0.0.255 any
    access-list 115 permit ip 10.0.16.0 0.0.0.255 10.0.1.0 0.0.0.255
    access-list 144 permit icmp host c.c.c.c host 10.0.1.50
    access-list 144 permit icmp host p.p.p.p host 10.0.16.105
    access-list 199 permit ip a.a.a.a 0.0.0.255 any
    no cdp run
    route-map nonat permit 10
     match ip address 100
    line con 0
     no modem enable
    line aux 0
    line vty 0 4
     access-class 1 in
     exec-timeout 30 0
     privilege level 15
     transport preferred ssh
     transport input ssh
    line vty 5 15
     access-class 23 in
     privilege level 15
     transport input telnet ssh
    cns trusted-server all-agents x.x.x.x
    cns trusted-server all-agents hostname
    cns trusted-server all-agents hostname.domain
    cns id hardware-serial
    cns id hardware-serial event
    cns id hardware-serial image
    cns event hostname.domain 11011
    cns config initial hostname.domain 80
    cns config partial hostname.domain 80
    cns exec 80
    end

    Why do you have following command on the PIX?
    crypto map outside_map 40 set transform-set 165.228.x.x
    Also you have this transform set on the PIX:
    crypto ipsec transform-set 10.112.60.0 esp-aes-256 esp-sha-hmac
    This does not match the transfor set on the router:
    crypto ipsec transform-set tritest esp-3des esp-md5-hmac
    Where are you using the access-list/route-map
    101 ?

  • Setting up 10.4.5 to use the built in VPN with Cisco

    I see from the update that it now supports Cisco VPN servers. How do I go about enabling the VPN capability, I don't see anything in the network system preferences that show how to enable the VPN functionality.

    In the Mac Help application, I found the following for a query on VPN.
    To connect to a VPN:
    Open Internet Connect, located in the Applications folder.
    Click the VPN icon in the toolbar.
    Choose the type of VPN connection, either "L2TP over IPSec" or PPTP.
    Choose a configuration from the Connect pop-up menu, then click Connect.
    To create a second VPN configuration, choose File > New VPN Connection.
    Good luck, hope it helps.

  • 2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560

    I am migrating our IAS server from 2003 R2 to 2008 R2 NPS that we use to authenticate VPN conenctions through AD. Currently works without issue on 2003 R2 server. Does not want to work on 2008 R2 NPS server.
    We are using Cisco VPN client 5.0.03.0560 as the VPN client. Below is the log file when I try to connect. Can someone tell me what needs to be done on NPS to get this working? If more info is needed please ask and will supply.
    Cisco Systems VPN Client Version 5.0.03.0560
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Windows, WinNT
    Running on: 5.1.2600 Service Pack 3
    Config file directory: C:\Program Files\Cisco Systems\VPN Client\
    1      10:55:10.906  06/05/14  Sev=Info/4 CM/0x63100002
    Begin connection process
    2      10:55:10.921  06/05/14  Sev=Info/4 CM/0x63100004
    Establish secure connection
    3      10:55:10.921  06/05/14  Sev=Info/4 CM/0x63100024
    Attempt connection with server ".com"
    4      10:55:10.921  06/05/14  Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with x.x.x.x.
    5      10:55:10.937  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
    6      10:55:11.140  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    7      10:55:11.140  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
    8      10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer is a Cisco-Unity compliant peer
    9      10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DPD
    10     10:55:11.203  06/05/14  Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 6h.
    11     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DWR Code and DWR Text
    12     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports XAUTH
    13     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports NAT-T
    14     10:55:11.140  06/05/14  Sev=Info/6 IKE/0x63000001
    IOS Vendor ID Contruction successful
    15     10:55:11.140  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
    16     10:55:11.140  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    17     10:55:11.140  06/05/14  Sev=Info/4 IKE/0x63000083
    IKE Port in use - Local Port =  0x078F, Remote Port = 0x1194
    18     10:55:11.140  06/05/14  Sev=Info/5 IKE/0x63000072
    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device
    19     10:55:11.140  06/05/14  Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
    20     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    21     10:55:11.203  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
    22     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x63000045
    RESPONDER-LIFETIME notify has value of 86400 seconds
    23     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x63000047
    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
    24     10:55:11.203  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    25     10:55:11.203  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
    26     10:55:11.203  06/05/14  Sev=Info/4 CM/0x63100015
    Launch xAuth application
    27     10:55:11.250  06/05/14  Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started
    28     10:55:11.250  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    29     10:55:15.484  06/05/14  Sev=Info/4 CM/0x63100017
    xAuth application returned
    30     10:55:15.484  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
    31     10:55:21.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    32     10:55:31.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    33     10:55:41.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    34     10:55:51.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    35     10:55:52.593  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    36     10:55:52.593  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
    37     10:55:52.609  06/05/14  Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 6h.
    38     10:55:52.593  06/05/14  Sev=Info/4 CM/0x63100015
    Launch xAuth application
    39     10:56:01.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    40     10:56:07.656  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    41     10:56:07.656  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
    42     10:56:11.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    43     10:56:21.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    44     10:56:22.656  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    45     10:56:22.656  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
    46     10:56:31.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    47     10:56:37.765  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    48     10:56:37.765  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
    49     10:56:41.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    50     10:56:51.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    51     10:56:52.812  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    52     10:56:52.812  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
    53     10:57:01.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    54     10:57:07.562  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    55     10:57:07.562  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
    56     10:57:11.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    57     10:57:21.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    58     10:57:31.218  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    59     10:57:33.046  06/05/14  Sev=Info/4 CM/0x63100017
    xAuth application returned
    60     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
    61     10:57:33.046  06/05/14  Sev=Info/4 CM/0x63100018
    User does not provide any authentication data
    62     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000001
    IKE received signal to terminate VPN connection
    63     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000017
    Marking IKE SA for deletion  (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
    64     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
    65     10:57:33.046  06/05/14  Sev=Info/4 IKE/0x6300004B
    Discarding IKE SA negotiation (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
    66     10:57:33.046  06/05/14  Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv
    67     10:57:33.062  06/05/14  Sev=Info/6 CM/0x63100046
    Set tunnel established flag in registry to 0.
    68     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    69     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    70     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    71     10:57:33.218  06/05/14  Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped
    72     11:00:54.656  06/05/14  Sev=Info/4 CM/0x63100002
    Begin connection process
    73     11:00:54.671  06/05/14  Sev=Info/4 CM/0x63100004
    Establish secure connection
    74     11:00:54.671  06/05/14  Sev=Info/4 CM/0x63100024
    Attempt connection with server ".com"
    75     11:00:54.687  06/05/14  Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with x.x.x.x
    76     11:00:54.703  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
    77     11:00:54.750  06/05/14  Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started
    78     11:00:54.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    79     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    80     11:00:54.953  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
    81     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer is a Cisco-Unity compliant peer
    82     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DPD
    83     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DWR Code and DWR Text
    84     11:00:55.015  06/05/14  Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 6h.
    85     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports XAUTH
    86     11:00:54.953  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports NAT-T
    87     11:00:54.953  06/05/14  Sev=Info/6 IKE/0x63000001
    IOS Vendor ID Contruction successful
    88     11:00:54.968  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
    89     11:00:54.968  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    90     11:00:54.968  06/05/14  Sev=Info/4 IKE/0x63000083
    IKE Port in use - Local Port =  0x0798, Remote Port = 0x1194
    91     11:00:54.968  06/05/14  Sev=Info/5 IKE/0x63000072
    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device
    92     11:00:54.968  06/05/14  Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
    93     11:00:55.000  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    94     11:00:55.000  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
    95     11:00:55.000  06/05/14  Sev=Info/5 IKE/0x63000045
    RESPONDER-LIFETIME notify has value of 86400 seconds
    96     11:00:55.000  06/05/14  Sev=Info/5 IKE/0x63000047
    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
    97     11:00:55.015  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    98     11:00:55.015  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
    99     11:00:55.015  06/05/14  Sev=Info/4 CM/0x63100015
    Launch xAuth application
    100    11:00:58.765  06/05/14  Sev=Info/4 CM/0x63100017
    xAuth application returned
    101    11:00:58.765  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
    102    11:01:05.250  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    103    11:01:15.250  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    104    11:01:25.250  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    105    11:01:30.312  06/05/14  Sev=Info/6 GUI/0x63B0000D
    Disconnecting VPN connection.
    106    11:01:30.312  06/05/14  Sev=Info/4 CM/0x63100006
    Abort connection attempt before Phase 1 SA up
    107    11:01:30.312  06/05/14  Sev=Info/4 IKE/0x63000001
    IKE received signal to terminate VPN connection
    108    11:01:30.312  06/05/14  Sev=Info/4 IKE/0x63000017
    Marking IKE SA for deletion  (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
    109    11:01:30.328  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
    110    11:01:30.328  06/05/14  Sev=Info/4 IKE/0x6300004B
    Discarding IKE SA negotiation (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
    111    11:01:30.328  06/05/14  Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv
    112    11:01:30.328  06/05/14  Sev=Info/6 CM/0x63100046
    Set tunnel established flag in registry to 0.
    113    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    114    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    115    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    116    11:01:30.750  06/05/14  Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped
    117    11:01:44.875  06/05/14  Sev=Info/4 CM/0x63100002
    Begin connection process
    118    11:01:44.890  06/05/14  Sev=Info/4 CM/0x63100004
    Establish secure connection
    119    11:01:44.890  06/05/14  Sev=Info/4 CM/0x63100024
    Attempt connection with server ".com"
    120    11:01:44.906  06/05/14  Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with x.x.x.x
    121    11:01:44.921  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
    122    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    123    11:01:45.234  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
    124    11:01:45.296  06/05/14  Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 6h.
    125    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer is a Cisco-Unity compliant peer
    126    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DPD
    127    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DWR Code and DWR Text
    128    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports XAUTH
    129    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports NAT-T
    130    11:01:45.234  06/05/14  Sev=Info/6 IKE/0x63000001
    IOS Vendor ID Contruction successful
    131    11:01:45.234  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
    132    11:01:45.234  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    133    11:01:45.234  06/05/14  Sev=Info/4 IKE/0x63000083
    IKE Port in use - Local Port =  0x079B, Remote Port = 0x1194
    134    11:01:45.234  06/05/14  Sev=Info/5 IKE/0x63000072
    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device
    135    11:01:45.234  06/05/14  Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
    136    11:01:45.250  06/05/14  Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started
    137    11:01:45.250  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    138    11:01:45.281  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    139    11:01:45.281  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
    140    11:01:45.281  06/05/14  Sev=Info/5 IKE/0x63000045
    RESPONDER-LIFETIME notify has value of 86400 seconds
    141    11:01:45.281  06/05/14  Sev=Info/5 IKE/0x63000047
    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
    142    11:01:45.296  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    143    11:01:45.296  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
    144    11:01:45.296  06/05/14  Sev=Info/4 CM/0x63100015
    Launch xAuth application
    145    11:01:53.625  06/05/14  Sev=Info/4 CM/0x63100017
    xAuth application returned
    146    11:01:53.625  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
    147    11:01:53.640  06/05/14  Sev=Info/4 CM/0x63100018
    User does not provide any authentication data
    148    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x63000001
    IKE received signal to terminate VPN connection
    149    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x63000017
    Marking IKE SA for deletion  (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
    150    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
    151    11:01:53.640  06/05/14  Sev=Info/4 IKE/0x6300004B
    Discarding IKE SA negotiation (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
    152    11:01:53.640  06/05/14  Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv
    153    11:01:53.640  06/05/14  Sev=Info/6 CM/0x63100046
    Set tunnel established flag in registry to 0.
    154    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    155    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    156    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    157    11:01:53.750  06/05/14  Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped
    158    11:02:00.406  06/05/14  Sev=Info/4 CM/0x63100002
    Begin connection process
    159    11:02:00.421  06/05/14  Sev=Info/4 CM/0x63100004
    Establish secure connection
    160    11:02:00.421  06/05/14  Sev=Info/4 CM/0x63100024
    Attempt connection with server "com"
    161    11:02:00.421  06/05/14  Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with x.x.x.x
    162    11:02:00.437  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
    163    11:02:00.750  06/05/14  Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started
    164    11:02:00.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    165    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    166    11:02:01.015  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
    167    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer is a Cisco-Unity compliant peer
    168    11:02:01.109  06/05/14  Sev=Info/6 GUI/0x63B00012
    Authentication request attributes is 6h.
    169    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DPD
    170    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports DWR Code and DWR Text
    171    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports XAUTH
    172    11:02:01.015  06/05/14  Sev=Info/5 IKE/0x63000001
    Peer supports NAT-T
    173    11:02:01.031  06/05/14  Sev=Info/6 IKE/0x63000001
    IOS Vendor ID Contruction successful
    174    11:02:01.031  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
    175    11:02:01.031  06/05/14  Sev=Info/6 IKE/0x63000055
    Sent a keepalive on the IPSec SA
    176    11:02:01.031  06/05/14  Sev=Info/4 IKE/0x63000083
    IKE Port in use - Local Port =  0x079E, Remote Port = 0x1194
    177    11:02:01.031  06/05/14  Sev=Info/5 IKE/0x63000072
    Automatic NAT Detection Status:
       Remote end is NOT behind a NAT device
       This   end IS behind a NAT device
    178    11:02:01.031  06/05/14  Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
    179    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    180    11:02:01.078  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
    181    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x63000045
    RESPONDER-LIFETIME notify has value of 86400 seconds
    182    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x63000047
    This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
    183    11:02:01.078  06/05/14  Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = x.x.x.x
    184    11:02:01.078  06/05/14  Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
    185    11:02:01.078  06/05/14  Sev=Info/4 CM/0x63100015
    Launch xAuth application
    186    11:02:06.406  06/05/14  Sev=Info/4 CM/0x63100017
    xAuth application returned
    187    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
    188    11:02:06.406  06/05/14  Sev=Info/4 CM/0x63100018
    User does not provide any authentication data
    189    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000001
    IKE received signal to terminate VPN connection
    190    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000017
    Marking IKE SA for deletion  (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
    191    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
    192    11:02:06.406  06/05/14  Sev=Info/4 IKE/0x6300004B
    Discarding IKE SA negotiation (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
    193    11:02:06.406  06/05/14  Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv
    194    11:02:06.421  06/05/14  Sev=Info/6 CM/0x63100046
    Set tunnel established flag in registry to 0.
    195    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    196    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    197    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x63700014
    Deleted all keys
    198    11:02:06.750  06/05/14  Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped

    I am using 2008 R2 NPS as radius server. 1841 ISR as VPN device. Here are debug loghs from Cisco 1841
    1430434: .Jun  9 2014 12:06:59.187 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430435: .Jun  9 2014 12:06:59.187 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/140
    1430436: .Jun  9 2014 12:06:59.191 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
    1430437: .Jun  9 2014 12:06:59.191 PDT: RADIUS:  authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
    1430438: .Jun  9 2014 12:06:59.191 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430439: .Jun  9 2014 12:06:59.191 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
    1430440: .Jun  9 2014 12:06:59.191 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
    1430441: .Jun  9 2014 12:06:59.191 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
    1430442: .Jun  9 2014 12:06:59.191 PDT: RADIUS: request  authen: 2669BD0BEF3749C79C551EABB4B4D105
    1430443: .Jun  9 2014 12:06:59.191 PDT: RADIUS: Response (140) failed decrypt
    1430444: .Jun  9 2014 12:07:05.246 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430445: .Jun  9 2014 12:07:05.246 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
    1430446: .Jun  9 2014 12:07:05.250 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
    1430447: .Jun  9 2014 12:07:05.250 PDT: RADIUS:  authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
    1430448: .Jun  9 2014 12:07:05.250 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430449: .Jun  9 2014 12:07:05.250 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
    1430450: .Jun  9 2014 12:07:05.250 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
    1430451: .Jun  9 2014 12:07:05.250 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
    1430452: .Jun  9 2014 12:07:05.250 PDT: RADIUS: request  authen: 2669BD0BEF3749C79C551EABB4B4D105
    1430453: .Jun  9 2014 12:07:05.254 PDT: RADIUS: Response (140) failed decrypt
    1430454: .Jun  9 2014 12:07:08.574 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp x.x.9.47(21303) -> x.x.109.122(5038), 1 packet
    1430455: .Jun  9 2014 12:07:09.826 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430456: .Jun  9 2014 12:07:09.826 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
    1430457: .Jun  9 2014 12:07:09.830 PDT: RADIUS: Received from id 1645/140 10.1.x.x:1645, Access-Reject, len 20
    1430458: .Jun  9 2014 12:07:09.830 PDT: RADIUS:  authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
    1430459: .Jun  9 2014 12:07:09.830 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430460: .Jun  9 2014 12:07:09.830 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
    1430461: .Jun  9 2014 12:07:09.830 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
    1430462: .Jun  9 2014 12:07:09.830 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
    1430463: .Jun  9 2014 12:07:09.830 PDT: RADIUS: request  authen: 2669BD0BEF3749C79C551EABB4B4D105
    1430464: .Jun  9 2014 12:07:09.830 PDT: RADIUS: Response (140) failed decrypt
    1430465: .Jun  9 2014 12:07:14.210 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
    1430466: .Jun  9 2014 12:07:14.210 PDT: RADIUS: No response from (10.1.4.7:1645,1646) for id 1645/140
    Log Buffer (4096 bytes):
    6E7C
    1430534: .Jun  9 2014 12:09:50.586 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430535: .Jun  9 2014 12:09:50.586 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430536: .Jun  9 2014 12:09:50.590 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430537: .Jun  9 2014 12:09:50.590 PDT: RADIUS: Response (141) failed decrypt
    1430538: .Jun  9 2014 12:09:51.902 PDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
    1430539: .Jun  9 2014 12:09:55.638 PDT: %SEC-6-IPACCESSLOGP: list 112 denied tcp x.x.245.x(1602) -> x.32.x.x(445), 1 packet
    1430540: .Jun  9 2014 12:09:55.974 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
    1430541: .Jun  9 2014 12:09:55.974 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
    1430542: .Jun  9 2014 12:09:55.978 PDT: RADIUS: Received from id 1645/141 10.1.4.7:1645, Access-Reject, len 20
    1430543: .Jun  9 2014 12:09:55.978 PDT: RADIUS:  authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
    1430544: .Jun  9 2014 12:09:55.978 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430545: .Jun  9 2014 12:09:55.978 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
    1430546: .Jun  9 2014 12:09:55.978 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430547: .Jun  9 2014 12:09:55.978 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430548: .Jun  9 2014 12:09:55.978 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430549: .Jun  9 2014 12:09:55.978 PDT: RADIUS: Response (141) failed decrypt
    1430550: .Jun  9 2014 12:09:58.070 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 27.x.x.x(33281) -> 12.x.x.x(80), 1 packet
    1430551: .Jun  9 2014 12:10:00.326 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
    1430552: .Jun  9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.1.x.x:1645,1646 is not responding.
    1430553: .Jun  9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.1.x.x:1645,1646 is being marked alive.
    1430554: .Jun  9 2014 12:10:00.326 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/141
    1430555: .Jun  9 2014 12:10:00.330 PDT: RADIUS: Received from id 1645/141 10.1.x.x:1645, Access-Reject, len 20
    1430556: .Jun  9 2014 12:10:00.330 PDT: RADIUS:  authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
    1430557: .Jun  9 2014 12:10:00.330 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430558: .Jun  9 2014 12:10:00.330 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
    1430559: .Jun  9 2014 12:10:00.330 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430560: .Jun  9 2014 12:10:00.330 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430561: .Jun  9 2014 12:10:00.330 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430562: .Jun  9 2014 12:10:00.334 PDT: RADIUS: Response (141) failed decrypt
    1430563: .Jun  9 2014 12:10:01.713 PDT: %SEC-6-IPACCESSLOGDP: list 102 denied icmp 175.x.x.x -> x.x.x.104 (3/3), 1 packet
    1430564: .Jun  9 2014 12:10:05.841 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
    1430565: .Jun  9 2014 12:10:05.841 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
    1430566: .Jun  9 2014 12:10:05.845 PDT: RADIUS: Received from id 1645/141 10.x.x.x:1645, Access-Reject, len 20
    1430567: .Jun  9 2014 12:10:05.845 PDT: RADIUS:  authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
    1430568: .Jun  9 2014 12:10:05.845 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
    1430569: .Jun  9 2014 12:10:05.845 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
    1430570: .Jun  9 2014 12:10:05.845 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
    1430571: .Jun  9 2014 12:10:05.845 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
    1430572: .Jun  9 2014 12:10:05.849 PDT: RADIUS: request  authen: E39E7226C93AFEDCAF03A49F11FDA193
    1430573: .Jun  9 2014 12:10:05.849 PDT: RADIUS: Response (141) failed decrypt

  • How to setup WRTSL54GS VPN?

    I'm fairly network literate but I need a walk through for setting up a VPN on WRTSL54GS router and how to confirm settings are working.
    I talked with Support (in the Phillipines)and advised me to set my DSL modem to bridge mode, done that and Internet connectivity is OK. But the documentation on configuring the VPN is very weak. For testing I am dropping the wireless on this router and connecting to a neighbors open wireless router and unable to connect to the VPN I setup. My router does have the latest version of the firmware.
    I plan on using the VPN to connect to the network storage connected to the router when offsite.
    Thank you for your help.
    Dave K.

    That was the point of buying this router. I really don't want to leave my workstation on 24/7 but, prefer to have a low cost storage online dedicated to the purpose.
    Is there a home based router with firewall, wireless, wired capability, with attached storage accessable from both inside and outside securely that does not do pass-through VPN but instead can act as a termination for the VPN?
    I have configured the FTP server and have connected that way but that leaves the password and username transmitted in clear text. Any sniffer could pick up on that. I want to make this a secure connection even better if I could restrict the MAC address to my laptop only connecting.
    I'm open to ideas. What have others done low cost?
    What if I purchased low cost network storage with its own IP and placed it inside my home network, of course it would have a NAT'd non public IP. I suspect since the router is pass through VPN the storage would have to have VPN capability?
    And I think I read something in the forum that if the VPN is setup only the VPN is allowed through and I would not be able to surf the net? Not quite sure of the details how this works. Might be another road block to using this router.
    Thanks in advance.
    Dave K.

  • Problems with Cisco VPN & UMTS

    Hello!
    Just got a new MacBook Pro 2,0 and am busy setting it up for mobile access to our corporate network.
    I´m using Cisco VPN Client 4.9.00 (0050).
    When I am using my wireless router at home (over a DSL line) everything works fine, but when I am connected over a SonyEricsson K608 UMTS/3G phone, the client does not seem to be able to connect:
    Error log is as follows:
    1 16:30:34.115 05/28/2006 Sev=Info/4 CM/0x43100002
    Begin connection process
    2 16:30:34.116 05/28/2006 Sev=Info/4 CM/0x43100004
    Establish secure connection using Ethernet
    3 16:30:34.116 05/28/2006 Sev=Info/4 CM/0x43100024
    Attempt connection with server "xxx.xxx.xxx.xxx"
    4 16:30:34.117 05/28/2006 Sev=Info/4 CVPND/0x43400019
    Privilege Separation: binding to port: (500).
    5 16:30:34.117 05/28/2006 Sev=Info/4 CVPND/0x43400019
    Privilege Separation: binding to port: (4500).
    6 16:30:34.117 05/28/2006 Sev=Info/6 IKE/0x4300003B
    Attempting to establish a connection with xxx.xxx.xxx.xxx.
    7 16:30:34.618 05/28/2006 Sev=Warning/2 CVPND/0x83400018
    Output size mismatch. Actual: 0, Expected: 237. (DRVIFACE:1319)
    8 16:30:35.219 05/28/2006 Sev=Warning/2 CVPND/0x83400018
    Output size mismatch. Actual: 0, Expected: 237. (DRVIFACE:1319)
    9 16:30:35.820 05/28/2006 Sev=Warning/2 CVPND/0x83400018
    Output size mismatch. Actual: 0, Expected: 237. (DRVIFACE:1319)
    10 16:30:36.422 05/28/2006 Sev=Warning/2 CVPND/0x83400018
    Output size mismatch. Actual: 0, Expected: 237. (DRVIFACE:1319)
    11 16:30:37.023 05/28/2006 Sev=Warning/2 CVPND/0x83400018
    Output size mismatch. Actual: 0, Expected: 237. (DRVIFACE:1319)
    12 16:30:37.624 05/28/2006 Sev=Warning/2 CVPND/0x83400018
    Output size mismatch. Actual: 0, Expected: 237. (DRVIFACE:1319)
    13 16:30:37.624 05/28/2006 Sev=Info/4 IKE/0x43000075
    Unable to acquire local IP address after 5 attempts (over 5 seconds), probably due to network socket failure.
    14 16:30:37.624 05/28/2006 Sev=Warning/2 IKE/0xC300009A
    Failed to set up connection data
    Has anybody heard of something like that?
    I tried the same on a G4 iBook with the same configuration, and everything works fine there.
    Bye, Frido.

    If you have a data plan on your phone, make sure it is VPN capable. T-mobile has this option. There is something with the routing and proxies that they use.
    Most cell providers will also block most ports other than say 80 and other ports they specifically use.

  • Set up My VPN

    Hi. I just bought a Mac Mini Server and want to use the VPN service to access files on the host. I am not sure how this works and so far have been unable to find a tutorial that walks through the steps to do so. If anyone here can help me out I would appreciate it. I have my VPN server turned on with a shared secret and everything, but other than that I am clueless. All help will be greatly appreciated

    There are mid-grade firewalls that have built-in VPN servers that can download clients into your Mac OS X box, and you can either have a system that works like this firewall.
    Or you can have a firewall with an L2TP or SSL or another end-point server built in; where you use the existing Mac client, or where you can work with (for instance) IPsecuritas or another client.
    Or you can set up port forwarding as Camelot mentions and connect from your client (and its VPN client) through to Mac OS X Server and its VPN server capabilities. (One caveat here: there were some L2TP bugs around Airport and Time Capsule that have been discussed; where these devices were not correctly passing a VPN through. Check around for forums for previous discussions.)
    Within the margin for error and variability among the VPN implementations, VPNs are roughly equivalent. Yes; there are some differences in the degree of security provided by PPTP and L2TP and SSL, but they're all better than running open ports or clear-text protocols. The key question being "does it work", as is usual.
    My preference is for a VPN-capable firewall which uses one of the Mac OS X clients, and that doesn't require a specific VPN client from the vendor; with a "standard" VPN, Apple maintains the clients for you.

  • Importing Cisco VPN information into Finder VPN

    Hello,
    I have recently upgraded to OSX Lion and the Cisco VPN Client used by my university no longer works. They suggest another client (Shrew Soft), which also doesn't work. What I'd like to be able to do is use the VPN configuration information provided by my institute with the Finder's own VPN capability, bypassing the need for a buggy client programm.
    I've already read this thread, however it hasn't helped:
    https://discussions.apple.com/thread/2274119?start=0&tstart=0
    My problem seems to be that I need TWO files to configure Cisco correctly, a root certificate (which appears to be in .pem format) and a .pcf file. If I follow the "standard procedure" for importing the .pcf details -- that is, without using the root certificate somehow -- I get the message "The VPN server did not respond. Verify the server address and try reconnecting." Clearly I need somehow to be using BOTH files in order to establish a connection.
    I have messed around with adding the root certificate to my System keychain, but the Finder doesn't display it when I go to "authentification settings". Instead I have only two certificates with "apple" in the name.
    Even if I could add the root certificate successfully, this would surely be fruitless, as I would then no longer be using the shared secret.
    SO, my query is: How can I combine both of these files into a single certificate that I can then add to my keychain and use for machine identification? Please bear in mind that I am not a computer specialist and am not au fait with Open SSL, and so forth. I'm prepared to grapple with it if it's the only way to get my VPN working again, but I will really need a very clear explanation of each step!
    Many thanks in advance!

    No ideas?

  • No VPN

    At the moment the touch does not have VPN support like the iphone does. I searched throughout the device and the manual. I've seen around that apple said that they were going to have the VPN client. If anyone else knows more info on the subject it would be appreciated.

    Advertised or not. VPN is yet another feature that is found on the iPhone, but not found on the iPod Touch.
    It annoys me, but I can deal with not having notes or the ability to add/edit calendar events.
    I can kind of understand why Google Maps isn't included (though if YouTube is, I imagine they can make Google Maps work also).
    But not having VPN capability renders this device useless as a wi-fi device. A significant number of universities (not to mention virtually all corporations) now require some kind of VPN connection. Not having VPN on an iPod Touch means one can't use it to browse the web from those locations.
    I just got my iPod Touch. I've tried calling Apple this morning. I got routed back and forth. No one seemed to have an answer.
    Apple: better correct these problems soon. Otherwise you'd have lots of very unhappy customers on your hands...

  • Mac and VPN

    Hi all,
    I was wondering if someone could provide me with some advice, I often work on the road and need to use public Wifi in all sorts of places in London and was considering the use of VPN to make things more secure,
    can some one point me in the right direction of a " Basic How to Guide " in regards to VNP setups, using Virgin Media,
    I understand that to use a VPN your require a Static ip address, which with virgin media does not use,
    However there are online services which can provide one, I was wondering if anyone could help or recommend a existing service ?
    thanks
    y

    I disagree to a point; you can definitely connect a VPN over Wi-Fi, then route your traffic over the already encrypted VPN to protect your traffic.
    It's not only used to access your employer's network.
    I have VPN set up on a server at my house, and use it to connect to my home network for file access or if I'm using public Wi-Fi on occasion.
    You'd either need a server to provide VPN services and address assignments, or a router at home that's capable of creating the VPN tunnel and authenticating users. Cisco has some small business routers that are VPN capable. I'd imagine you could get a Linux VPN server running at home for a small amount of money.
    As far as the static IP goes, you don't need one, but it's nice to have. You can always use a service like dyndns.com (free!) to automatically keep your DNS records up-to-date, even as your ISP changes your IP at home. That's how I've got mine configured and it works wonderfully.
    Just keep in mind it will probably be slooooow.

  • 1841 Router VPN

    Hi There
    I have a 1841 Router running C1841-ADVIPSERVICESK9-M ver 12.4(12), is this IOS VPN capable, if not what IOS whould I need to run a VPN?
    thanks

    Thanks
    Not sure yet, waiting to hear back from our partner to see what they support.

  • RV110W VPN enhancements etc

    I am looking to Cisco to pehaps add the following to the entire line of RV series VPN capable firewalls. (at least the RV110w)
    Add EZ_VPN, with ability to store remote usename password for tunnel auth.
    Add option 150 in the LAN DHCP config
    Supporting multiple subnets across a site to site vlans
    Voice vlan support?
    It seems to me the RV series VPN capable devices would be great for teleworkers that use a Cisco UC phone system such as the UC500 series that support EZ_VPN,  as the SSL vpn on the SPA525 is buggy and unusable in a lot of my installations. and installing the SA/SR endpoints (most of with are end of life) devices are costly.  Also allows one to use lower cost SPA phones for remote users.
    Since Cisco spent the time to add all the advanced IPSec options to allow one to connect to most any IPsec device, and are marketing this for teleworkers haveing the features listed above would really help.

    Hi mlemmo, you should call the small business support center to make a feature request.
    Traditionally, the small business routers have not supported the Cisco VPN clients. The latest exceptions have been the SA500 and SRP500 series supporting the Cisco VPN client and the ISA supporting AnyConnect. Currently, the bigger brothers of the RV110 also do not support the Cisco VPN clients except for QVPN.
    -Tom
    Please mark answered for helpful posts

  • OSX Server 10.4 + VPN Tracker

    I am having problems setting up a vpn connection. I have VPN Tracker but the machine I want to get to on my LAN (behind the router - which is another set of problems!) is running OSX Server. Do I ignore the vpn settings since they are references to IPSec/L2TP, or do I have to switch off the server firewall? I find this very unclear. Also, is there an aternative to using Tracker? Can't I simply use the built-in vpn capability of OSX?

    I am having problems setting up a vpn connection.
    VPN is a screaming bag of cats. What one vendor calls VPN
    may not be what another vendor calls it.
    I have VPN Tracker but the machine I want to get to on
    my LAN (behind the router - which is another set of
    problems!) is running OSX Server.
    If you are trying to connect from a Mac to OS X server,
    VPN Tracker is not needed to establish a VPN tunnel. The
    existing software that comes with the system can be used.
    In the Finder's Help menu ("Mac Help"), open the Help Viewer
    and search for VPN. Look at the entry entitled "Setting up
    a connection to a Virtual Private Network".
    The main reason to use VPN Tracker is if you have a
    perimeter hardware firewall / VPN appliance. For example,
    our users connect to our SonicWALL using VPN Tracker, and it
    works great. We terminate the tunnel on the LAN side of the
    SonicWALL so that the remote client computers sit through
    the tunnel on the LAN The advantage that Equinux brings is
    that they keep it up to date as Apple and SonicWALL (and
    other VPN firewall vendors) make changes, and they provide
    good setup guides. For the interoperability list, see
    http://equinux.com/us/products/vpntracker/interoperability.html
    Do I ignore the vpn settings since they are references
    to IPSec/L2TP, or do I have to switch off the server
    firewall?
    Well, you will have to open up appropriate ports depending
    on the flavor of VPN you choose. Again, it's a screaming
    bag of cats. Of course, you will have to configure VPN
    on the Xserve.
    I find this very unclear.
    Yep. It's a screaming bag of cats.
    Also, is there an aternative to using Tracker? Can't I
    simply use the built-in vpn capability of OSX?
    To connect to an Xserve, yes. See the Help viewer article
    above. You don't mention the router you are using or whether
    it is using NAT. You may have NAT traversal issues.
    Hope this helps,
    Russ
    Xserve G5 2.0 GHz 2 GB RAM   Mac OS X (10.4.8)   Apple Hardware RAID, ATTO UL4D, Exabyte VXA-2 1x10 1u

  • Troubleshooting VPN drops between 871 client and 2811

    My small company uses a 2811 ISR for VPN services (among other tasks such as internet access, p2p circuits to a second site, etc). I have a couple of remote users that have 871 routers that have occasional problems with their routers dropping their VPN tunnels to the 2811. I'm not really sure where to start with the troubleshooting. There are other clients (such as my own 871W) that seem to maintain a connection for weeks. These remote routers that do drop the connection usually reconnect at their next schedule attempt (180 seconds or so.)
    Most of the previous questions I've seen similar to this involve software clients but these are hardware routers as the clients and as such I'm not sure how to enable or retrieve logs for the VPN sessions.

    As expected, the isakmp lifetime is 86400, but for ipsec it merely reports how much time is left in the current sa.
    For example:
    router#show crypto isakmp policy
    Global IKE policy
    Protection suite of priority 3
    encryption algorithm: Three key triple DES
    hash algorithm: Secure Hash Standard
    authentication method: Pre-Shared Key
    Diffie-Hellman group: #2 (1024 bit)
    lifetime: 86400 seconds, no volume limit
    Default protection suite
    encryption algorithm: DES - Data Encryption Standard (56 bit keys).
    hash algorithm: Secure Hash Standard
    authentication method: Rivest-Shamir-Adleman Signature
    Diffie-Hellman group: #1 (768 bit)
    lifetime: 86400 seconds, no volume limit
    router#show crypto ipsec sa
    interface: Virtual-Access4
    Crypto map tag: Virtual-Access4-head-0, local addr 209.XXX.XXX.82
    protected vrf: (none)
    local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
    remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
    current_peer 75.XXX.XXX.179 port 4500
    PERMIT, flags={origin_is_acl,}
    #pkts encaps: 681527, #pkts encrypt: 681527, #pkts digest: 681527
    #pkts decaps: 670316, #pkts decrypt: 670316, #pkts verify: 670316
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 1, #recv errors 0
    local crypto endpt.: 209.XXX.XXX.82, remote crypto endpt.: 75.XXX.XXX.179
    path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
    current outbound spi: 0xF0C2D65C(4039300700)
    inbound esp sas:
    spi: 0x2A7171E4(712077796)
    transform: esp-3des esp-sha-hmac ,
    in use settings ={Tunnel UDP-Encaps, }
    conn id: 4093, flow_id: NETGX:2093, crypto map: Virtual-Access4-head-0
    sa timing: remaining key lifetime (k/sec): (4577435/1047)
    IV size: 8 bytes
    replay detection support: Y
    Status: ACTIVE
    inbound ah sas:
    inbound pcp sas:
    outbound esp sas:
    spi: 0xF0C2D65C(4039300700)
    transform: esp-3des esp-sha-hmac ,
    in use settings ={Tunnel UDP-Encaps, }
    conn id: 4094, flow_id: NETGX:2094, crypto map: Virtual-Access4-head-0
    sa timing: remaining key lifetime (k/sec): (4572865/1027)
    IV size: 8 bytes
    replay detection support: Y
    Status: ACTIVE
    outbound ah sas:
    outbound pcp sas:

  • C892FSP-K9 VPN? - SOLVED

    Hello,
    I bought a few weeks ago two C892FSP-K9.
    When I bought it, I said it was to link 2 to 3 sites all together throught VPN site-to-Site. Those devices can have up to 50 VPN tunnel. I am not shure yet how to implement the ipsec tunnel vpn capability, but I am not sure that I have all the settings available.
    Here is what I mean and the result of the "crypto ?" command:
    (config)#crypto ?
      key                 Long term key operations
      pki                  Public Key components
      provisioning  Secure Device Provisioning
      wui                 Crypto HTTP configuration interfaces
    In this list of available commande, I do not have
    isakmp
    In all the exemple I found in Internet to make a tunnel, they use isakmp. So if it is not avalable, How can I do?
    By the way, do I have to do, activate something somewhere to have access to isakmp?
    Thanks?

    Hi,
    I have found the solution. It seems that my devices were shiped with this IOS:
    c800-universalk9_npe-mz.SPA.153-2.T.bin
    I did not have the equivalent of advsecurity feature in it.
    So Someone from Cisco send me this IOS:
    c800-universalk9-mz.SPA.152-4.M6.bin
    And all came back to normal... Now I have this:
    (config)#crypto ?
      batch         Crypto Batch Processing
      call          Configure Crypto Call Admission Control
      ctcp          Configure cTCP encapsulation
      dynamic-map   Specify a dynamic crypto map template
      engine        Enter a crypto engine configurable menu
      gdoi          Configure GDOI policy
      identity      Enter a crypto identity list
      ikev2         Configure IKEv2 Options
      ipsec         Configure IPSEC policy
      isakmp        Configure ISAKMP policy
      key           Long term key operations
      keyring       Key ring commands
      logging       logging messages
      map           Enter a crypto map
      mib           Configure Crypto-related MIB Parameters
      pki           Public Key components
      provisioning  Secure Device Provisioning
      vpn           Configure crypto vpn commands
      wui           Crypto HTTP configuration interfaces
      xauth         X-Auth parameters
    Thanks For those who tried to help me.
    Vandman

Maybe you are looking for

  • POS-DM, BIW & R/3 posting issue after BIW patch updation

    Landscape details: SAP IS-Retail (ECC 6.0), SAP POS (Triversity GM 9.5.10), PI 7.0, BIW/POS-DM 7.0 Issue Detail We have upgraded the patch level of Support package BI_CONT in BIW from 5 to 11 in production server and after that following issues have

  • Central 5.4 stops printing, a reboot of the server is the only way to fix the problem

    Hi, We are running central 5.4 on windows 2000 SP4, this has worked for ages but has just started with an intermittent fault.  When we send some output it suddenly stops printing, and no forms sent to central will be printed, the only way to get them

  • New Document set-up

    I am puzzled by a feature in InDesign CS2 version 4.0.5 that I have never seen before. I am using a Mac that is is another department at my workplace and when you are creating a new document in the File>New dialog box, this is what you get: Width, He

  • Reformatted Mac HD but it no longer has a Logical Volume Group

    Hi Guys, I've reformatted my Mac Pro's main HD, prior to doing a completely new install of Yosemite. Having reformatted it, I noticed that in the Disk Utility, there is no longer a main hard drive at the top of the list called Macintosh HD, with a Lo

  • Ever since updating to Mountain Lion, I cannot watch live streams.

    Hey, since updating to ML, something seems to be interrupting how Flash is working. I am unable to see live video streams in the browser. When I try to use VOKLE, for example, it seems to load fine and then I get an error from Vokle telling me to mak