Specifications

OmniAccess Reference: AOS-W System Reference
608 Part 031652-00 May 2005
z Examine the output of “show crypto ipsec sa”. Once IKE negotiation has
succeeded (an IKE SA appears for the client), this command will list all
IPSec security associations (SAs) currently active in the switch. If no SA
appears for the client in question, it is likely that the client and switch have
mismatching lifetimes, encryption types, or hash configuration.
VPN Dialer hangs while showing “Connecting”
Consider the following:
z One possible cause of this problem is a lack of IP connectivity to the Alcatel
switch. It is unlikely that this is the cause when the client is attempting a
VPN connection to the switch with which it is associated. However, the
VPN client is sometimes used across multi-hop IP networks. If this prob-
lem appears, it may mean that the client has an IP address and a default
route, but an upstream router does not have a path to the VPN termination
point.
z Another possible cause of this problem is that the Windows IPSec service
is not running. Bring up the Windows “Services” control panel by navigat-
ing to StartÆSettingsÆControl PanelÆAdministrative ToolsÆServices. Look
for the IPSec service, and verify it is configured as the following figure
shows. Note that the IPSec service in turn depends on the Remote Proce-
dure Call (RPC) service – verify that both are enabled.