One VPN client cannot connect: message: IKE is not loaded on the VPN server

While connecting a VPN client I can see that it is trying to connect. After
a while the client reports:
 
VPN login:
An error was reported by the IKE application
Either xxx.xxx.xxx.xxx is an invalid VPN server address or the IKE is not
loaded on the VPN server. For more details please look at IKE log.
 
Other clients are working fine so it's not a server problem. When I look at
the Bordermanager activity log I can see the following:
 
08/10/2007 03:11:56 PM AUTH Gateway Connection closed for the VPN client at
address 80.126.177.252. 
08/10/2007 03:11:56 PM AUTH Gateway VPN client NMAS user
emergo.USR.010.LICOM at address 80.126.177.252 has been authenticated. 
08/10/2007 03:11:56 PM VPN Control Client emergo.USR.010.LICOM reconnected
to IPSEC. 
08/10/2007 03:11:56 PM AUTH Gateway Process NMAS request: NMAS
authentication successful. 
08/10/2007 03:11:54 PM AUTH Gateway A connection was opened for a VPN client
at address 80.126.177.252. 

Normally after this the IKE phase begins, like this:
08/10/2007 	09:48:58 AM 	IKE 	Nmas user check authentication and traffic
rule
08/10/2007 	09:48:58 AM 	IKE 	Received notify message of type IPSEC_CONTACT
: 24578 from 86.95.26.205
08/10/2007 	09:48:58 AM 	IKE 	Received MM ID type: 1 protocol : 0 portnum: 0
length 8
08/10/2007 	09:48:58 AM 	IKE 	** Nat detected
08/10/2007 	09:48:58 AM 	IKE 	IKE SA NEGOTIATION - Peer lifetime is: 172800
My lifetime is: 28800
08/10/2007 	09:48:58 AM 	IKE 	Negotiating for an NMAS user 86.95.26.205

But with this particular client this never happens. When i look at the ike
log on the vpn client it shows something like this:

08-10-2007 02:04:11 PM Start IKE-SA 013d71d8 -
Initiator,src=192.168.2.111,dst=193.203.221.137,TotSA=1

08-10-2007 02:04:11 PM AUTH ALG IS 1
08-10-2007 02:04:11 PM Negotiating for an NMAS user 193.203.221.137 

08-10-2007 02:04:11 PM ***Send Main Mode message to 193.203.221.137

08-10-2007 02:04:11 PM
I-COOKIE=3188086bb5297116,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD
,state=18021124

08-10-2007 02:04:16 PM Retransmit timer expired :Peer lost our reply
retransmit the old packet to 193.203.221.137
08-10-2007 02:04:16 PM ***Send Main Mode message to 193.203.221.137

08-10-2007 02:04:16 PM
I-COOKIE=3188086bb5297116,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD
,state=13826840

08-10-2007 02:04:23 PM Retransmit timer expired :Peer lost our reply
retransmit the old packet to 193.203.221.137
08-10-2007 02:04:23 PM ***Send Main Mode message to 193.203.221.137

08-10-2007 02:04:23 PM
I-COOKIE=3188086bb5297116,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD
,state=13826840

08-10-2007 02:04:33 PM Retransmit timer expired :Peer lost our reply
retransmit the old packet to 193.203.221.137
08-10-2007 02:04:33 PM ***Send Main Mode message to 193.203.221.137

08-10-2007 02:04:33 PM
I-COOKIE=3188086bb5297116,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD
,state=13826840

08-10-2007 02:04:48 PM Retransmit timer expired :Peer lost our reply
retransmit the old packet to 193.203.221.137
08-10-2007 02:04:48 PM IKE-SA is deleted- packet retransmit exceeded the
limit, dst=193.203.221.137

08-10-2007 02:04:48 PM Stoppping ike retransmit timer
08-10-2007 02:04:51 PM IKE-SA 13d71d8 is
Deleted,I-COOKIE=3188086b,R-COOKIE=00000000,dst=193.203.221.137 

08-10-2007 02:04:51 PM  State:0   Cond:4 TimerEvent:1  
08-10-2007 02:04:51 PM   lifetime :0 sec Rekey Time :0 sec

08-10-2007 02:04:51 PM   Created at :0 sec  Remaining life time :-9552141
sec  Current time 9552141 

08-10-2007 02:04:51 PM Freeing IKE SA
08-10-2007 02:04:57 PM Exiting thread for SendKeepAlivePacketProcess


Any idea's where to start troubleshooting ?

Regards,

Hen
0
Hen
8/10/2007 1:50:37 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

2 Replies
736 Views

Similar Articles

[PageSpeed] 52
Get it on Google Play
Get it on Apple App Store

Hen,

It appears that in the past few days you have not received a response to your posting.  That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:
 
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp 
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)

If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://support.novell.com/forums/

0
Automatic
8/14/2007 9:08:23 PM
In article <46BC8971.4C9F.00A3.0@licom.nl>, Hen Savelkoul wrote:
> Any idea's where to start troubleshooting ?
>
That client's router?  Is IPSec passthrough enabled?  Is the router the 
same model, firmware and config as a working one?

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***


0
Craig
8/30/2007 4:42:02 PM
Reply:

Similar Artilces:

Error connecting to VPN through VPN Client
Hi, I am running NW6.5 with BM3.8 and everytime I type in my server ip and the other options to login to the server through vpn with NMAS i get the error, "failed to connect to the authentication gateway either 19*.***.***.*** is an invalid server address or the authentication gateway is not loaded on the server" What is the usual cause of this? > Hi, > > I am running NW6.5 with BM3.8 and everytime I type in my server ip and the > other options to login to the server through vpn with NMAS i get the error, > > "failed to connect to the a...

Did anybody try to get Nokia Mobile VPN Client to connect to a BM VPN server?
If you do not know the software (for symbian mobile phones) see: http://businesssoftware.nokia.com/mobile_vpn_downloads.php This client seems to be very wide adaptable to different Ipsec VPN authentication and encryption methods. But I do not know which methods are implemented on the BM side, so I cannot judge from the documentation, if this can work or is clearly impossible. If it could be made working, that would be a really nice thing. -- W. Prindl W_, It appears that in the past few days you have not received a response to your posting. That concerns us, and has trigg...

MS VPN Client to BM38 VPN Server?
On win2k and on XPHome I create a network connection which is a VPN connection, then try to do certificate authentication to the BM 38 VPN server. I have the Novell VPN client on the same machine which can authenticate with the same certificate. The MS client returns an Error 800: unable to establish connection, maybe the network is unreachable, maybe your security settings are wrong. With the Novell Client I pick exactly the certificate I want to use to authenticate. I can't find that option in the MS client, I can select a Trusted Root (so I had to export the Trusted Root and add it ...

Connect VPN client thru BM to another VPN
i, I have a problem connecting a client inside my network (10.x.x.x) using a CISCO VPN CLIENT. My firewall is a Bordermanager 3.6 SP2a server using NAT and I want to connect to other VPN server. How I have to configure the BM serfver to connect internal client to access others VPN server ????? Thanks in advance Jose hi Jose, let me understand. Are you trying to connect with a Cisco VPN client to a CIsco VPN server or to a BM VPN server? -- Cat Novell Support Connection Volunteer Sysop ...

vpn to vpn connection question
Hello: I've been asked to look into a vpn to vpn connection with a third party vpn server connection to our bm38sp2 vpn. Last week I had asked if this was possible and the answer was yes (but). Currently I have our vpn up and running to allow me secure access from home for remote management. The vpn is setup as the master vpn server. Now, if I try to connect to a third party vpn, will our server be a client in this case (I assume so)? If so, how does this impact our current setup as a master server? Thanks in advance, Chris. PS. Others have suggested (strongly) to si...

Cisco or any 3rd-party VPN client to BM38 VPN Server
In-house we use the Novell VPN client, but some vendor support wants to use the Cisco VPN client. Can it be made to authenticate to our BM3.8 VPN Server? Are any other clients tested compatible? I thought this new generation IKE VPN provided more interoperability. Thanks I believe it can be made to function, with a lot of effort. However, it is easier to just have both Novell and Cisco VPN client installed at the same time. If you want to use Cisco VPN client, realize that it will take a lot of work for purely political reasons, and you will have zero return on investment for...

NBM 3.8 VPN Client to a Cisco VPN server
Where might I find detailed instruction on setting this up ? thanks ed There is some info here: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090479.htm But I'm not sure it is complete. There was a thread on this here in the past couple of days, so you should search back a bit. Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** ...

VPN Client jumps back to VPN tab when trying to connect
I've got a BM3.8Sp2 server (running on NW6.5SP2) set-up with client to site VPN. A while ago it was working fine. I've now tried to use it in anger, and whenever I click the connet button in the VPN client, the client thinks for a second or so, and then jumps back to the VPN tab. WHere do I start if troubleshooting or fixing this ? Thanks GTG Gordon, I wonder if something got removed or corrupted in the client. I'd try to uninstall/reinstall the client component... -- Caterina Novell Support Connection Volunteer Sysop Caterina Luppi wrote: > Gordo...

windows7 VPN client blocks all other VPN
We have a strange situation at one of our customers. There is a C2S connection on a BM3.9 server. There are 2 PC running XP in the remote location. This setup runs properly since 2-3 years. Yesterday a new PC, Windows 7 ()32bit) was installed in the remote office. Tried to do VPN connection with VPN client 3.9.2 from the Windows & machine, but we got error (Failed to get DH public value). But after this the old XP machines were also unable to connect. After a server restart the windows XP machines are able to login again. 1)Is there any kind of defense mechanism in the BM ...

VPN Client
I have a Border Manager 3.7 server with a Site to Site and Client to Site VPN enabled. The VPN client can access all information of the WAN except for the site that is accross the Site to Site VPN. The client to site is configured to encrypt this network. From the internal network the remote site accross the VPN site to site works fine. Any help would be appreciated Rob C Rob, This is really working as designed. If you want a vpn client to access the other site, you'll need to enable client-site on the other BM server. -- Lance Reynolds, CNE &l...

Connecting to SSL VPN through a PPTP VPN
Hi This may seem a weird question... I'm on a Mac (OS X 10.4.8), and when at Uni, I connect to their wireless network using a VPN (PPTP). When connected, the network only allows network access through a proxy on port 8080. Hence, I cannot check email or connect to IM services and so on. I have a SSL VPN account setup with HotSpotVPN2 [1], so I figured I could connect to the Uni VPN, then connect to the HotSpotVPN. But, when I tried HotSpotVPN would never connect. [1] <http://www.hotspotvpn.com> Is it possible for me to do this? What am I doing wrong? ...

VPN Client 3.8 behind Netgear Router VPN Server C2S behind Linux IPTABLES
I configured my vpn client behind a Netgear router in NAT modus. MY BM 3.8 C2S is running behind Linux IPTABLES in static NAT Modus. If configured my bm policies after the book from john craig (NMAS / PASSWORD/ NDS) If I connect from my VPN Client I get NMAS error "error authentication FFFF996" but nothing in nmasmon (ver 1.21) If I connect the client can read the name of Tree but then occured the error. The same error I get if I configure my vpn client in the same network like linux public interface and attach from there my BM about linux nat interface. Does any...

How to setup my VPN to allow printing while connected to the VPN
Hello there, I am new to Border Manager and have a Bordermanager VPN at my office. I have remote sites that need to be able to print while connected to the VPN, however they cannot. Could anyone offer advice on what I need to do to get this working? Phil In article <tOutc.181$uj7.83@prv-forum2.provo.novell.com>, wrote: > Hello there, I am new to Border Manager and have a Bordermanager VPN at > my office. I have remote sites that need to be able to print while > connected to the VPN, however they cannot. Could anyone offer advice on > what I need to do to ge...

Small VPN appliance to connect to BM VPN
--____VQHYVYNDJJYFRGAXQVCU____ Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; modification-date="Sat, 30 Mar 2007 18:09:36 -0400" Can anybody recommend a small (inexpensive) router that could easily = create a VPN from it to a BM 3.8 server? We have a remote location = (warehouse) that will have 2 computers. I was going to set up the = workstations to connect to a Terminal server in the main office to run the = applications they require. The problem I am attempting to deal with is = that the use...

Web resources about - One VPN client cannot connect: message: IKE is not loaded on the VPN server - novell.bordermanager.vpn

Resources last updated: 1/10/2016 7:38:57 AM