Specifications

VPN Setup 501

Chapter 22

Common Problems

Dialer does not connect to server

If the dialer seems to stall while attempting to connect (as indicated by a

persistent Connecting status, are several possible causes for the failure. The

following steps will help you to identify and correct the problem. Those

causes include:

z Make sure you have the latest dialer. You can download the latest

dialer from your switch by going to the captive portal login (http:// swit-

chIP/login.html).

z Make sure connectivity is in place by pinging the switch.

z The ISAKMP shared key may be misconfigured on the client.

z The client may be failing to encrypt properly.

z The VPN IP Address pool may be exhausted.

Use the show crypto isakmp sa command on the switch to make sure the user

is authenticating.

If the initiator and client IP match, then the client has successfully started IPSec

authentication. Otherwise, make sure that the pre-shared keys in the

vpn-default dialer. You may see the key by using the vpn-dialer command,

page 833. Be sure that the encrypt feature is disabled, page 446.

(Alcatel) (config) #show crypto isakmp sa

Responder IP 10.1.1.158

Initiator IP 10.1.1.122

Initiator cookie ce91845e68f75026 Responder cookie 9635499cf2dad66e

Life secs 28800

transform: 3DES - Secure Hash Standard

Authentication method: Pre-Shared Key

(Alcatel)(config) #show vpn-dialer

default-dialer

--------------

Attribute Value

--------- -----

PPTP disabled

IKEPASSWD ********

IPSecAUTH ESP-SHA-HMAC