This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASC disconnections with X509 certificate

Hi,
we are using ASC 9 and ASL 7, Windows in remote clients. The VPN is done with X509. The VPN is working but we have a cyclic disconnection when VPN phase 1 and VPN phase 2 get at same time. The VPN can be available only after rebooting the client machine. As workaround we configure the timer for phase 1 and phase 2 in different sequence (even and odd). Why is this happening? how can be resolved?
I added the logs from client
You will see the error
2/9/2009 11:07:03 PM  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED

2/9/2009 10:18:28 PM  NCPIKE-phase2:name(Security Policy) - connected
2/9/2009 10:18:28 PM  IpSec connected: LifeDuration in Seconds = 1440 and in KiloBytes = 0
2/9/2009 10:42:30 PM  XMIT_MSG1_QUICK - Security Policy
2/9/2009 10:42:30 PM  RECV_MSG2_QUICK - Security Policy
2/9/2009 10:42:30 PM  QuickMode:Turning on PFS mode(Security Policy) with group 5
2/9/2009 10:42:30 PM  XMIT_MSG3_QUICK - Security Policy
2/9/2009 10:42:30 PM  NCPIKE-phase2:name(Security Policy) - connected
2/9/2009 10:42:30 PM  IpSec connected: LifeDuration in Seconds = 1440 and in KiloBytes = 0
2/9/2009 11:06:32 PM  XMIT_MSG1_QUICK - Security Policy
2/9/2009 11:06:32 PM  NCPIKE-phase2:name(Security Policy) - error - cleared by phase1
2/9/2009 11:06:32 PM  IPSDIAL  - disconnected from Security Policy on channel 1.
2/9/2009 11:06:32 PM  NCPIKE-phase1:name(Security Policy) - outgoing connect request - main mode.
2/9/2009 11:06:32 PM  XMIT_MSG1_MAIN - Security Policy
2/9/2009 11:06:32 PM  NCPIKE-phase1:name() - incoming connect request.
2/9/2009 11:06:32 PM  RECV_MSG1_MAIN -
2/9/2009 11:06:32 PM  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
2/9/2009 11:06:38 PM  IPSDIALCHAN::start building connection
2/9/2009 11:06:38 PM  NCPIKE-phase1:name(Security Policy) - outgoing connect request - main mode.
2/9/2009 11:06:38 PM  XMIT_MSG1_MAIN - Security Policy
2/9/2009 11:06:38 PM  RECV_MSG2_MAIN - Security Policy
2/9/2009 11:06:38 PM  IPSDIAL->FINAL_TUNNEL_ENDPOINT:192.168.117.030
2/9/2009 11:06:38 PM  IKE phase I: Setting LifeTime to 25200 seconds
2/9/2009 11:06:38 PM  Security Policy ->Support for NAT-T version - 9
2/9/2009 11:06:38 PM  XMIT_MSG3_MAIN - Security Policy
2/9/2009 11:06:38 PM  RECV_MSG4_MAIN - Security Policy
2/9/2009 11:06:39 PM  Turning on NATD mode - Security Policy - 2
2/9/2009 11:06:39 PM  XMIT_MSG5_MAIN - Security Policy
2/9/2009 11:06:39 PM  XMIT_MSG5_MAIN_RESUME - Security Policy
2/9/2009 11:06:39 PM  RECV_MSG6_MAIN - Security Policy
2/9/2009 11:06:39 PM  RECV_MSG6_MAIN_RESUME - Security Policy
2/9/2009 11:06:39 PM  NCPIKE-phase1:name(Security Policy) - connected
2/9/2009 11:06:39 PM  Phase1 is Ready: IkeIndex = 00000007
2/9/2009 11:06:39 PM  Quick Mode is Ready: IkeIndex = 00000007 , VpnSrcPort = 4500
2/9/2009 11:06:39 PM  Assigned IP Address: 10.8.245.114
2/9/2009 11:06:39 PM  XMIT_MSG1_QUICK - Security Policy
2/9/2009 11:06:40 PM  RECV_MSG2_QUICK - Security Policy
2/9/2009 11:06:40 PM  QuickMode:Turning on PFS mode(Security Policy) with group 5
2/9/2009 11:06:40 PM  XMIT_MSG3_QUICK - Security Policy
2/9/2009 11:06:40 PM  NCPIKE-phase2:name(Security Policy) - connected
2/9/2009 11:06:40 PM  IpSec connected: LifeDuration in Seconds = 1440 and in KiloBytes = 0
2/9/2009 11:06:40 PM  IPSDIAL  - connected to Security Policy on channel 1.
2/9/2009 11:06:40 PM  IPCP  - connected to Security Policy with IP Address: 192.168.254.002. : 192.168.254.003.
2/9/2009 11:06:43 PM  NCPIKE-phase1:name() - incoming connect request.
2/9/2009 11:06:43 PM  RECV_MSG1_MAIN -
2/9/2009 11:06:43 PM  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
2/9/2009 11:07:03 PM  NCPIKE-phase1:name() - incoming connect request.
2/9/2009 11:07:03 PM  RECV_MSG1_MAIN -
2/9/2009 11:07:03 PM  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED

This thread was automatically locked due to age.