HPE Community
Switches, Hubs, and Modems
1753550 Members
5570 Online
108795 Solutions
New Discussion

Received Vendor ID not registered with IKE - Mobile VPN 7000dl

 
Jordan D
Occasional Contributor

‎03-29-2009 07:44 PM

‎03-29-2009 07:44 PM

Received Vendor ID not registered with IKE - Mobile VPN 7000dl

I am having some trouble with the VPN wizard for mobile policies on the 7102.

In configuration, I have run the NAT wizard first, which enables internet access for all appropriate internal users. After configuring and verifying the functionality of NAT overload on my public interface (eth 0/1), I run the VPN wizard (typical). I choose an IP subnet that does not exist on the LAN for the mobile user pool. After entering a pre-shared key and choosing finish, I download the .spd file for my new mobile policy. I install this on the VPN client and enter my pre-shared key.

The policy has been failing with this message in IKE debug: "Received Vendor ID not registered with IKE"

Important Pieces of Config.
!
ip crypto
!
crypto ike client configuration pool STCATL
ip-range 10.1.1.1 10.1.1.254
dns-server 4.2.2.1 4.2.2.2
!
crypto ike policy 100
no initiate
respond anymode
local-id address
peer any
client configuration pool STCATL
attribute 1
encryption 3des
hash md5
authentication pre-share
!
crypto ike remote-id any preshared-key ike-policy 100 crypto map VPN 10 no-xauth
!
crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac
mode tunnel
!
crypto map VPN 10 ipsec-ike
description mobile
match address VPN-10-vpn-selectors
set transform-set esp-3des-esp-md5-hmac
ike-policy 100
mobile
!
interface eth 0/1
description Int_Pri
ip address pub.lic.i.p 255.255.255.252
access-policy Public
crypto map VPN
no shutdown
!
ip access-list extended VPN-10-vpn-selectors
permit ip 10.10.10.0 0.0.0.255 10.1.1.0 0.0.0.255
!
ip policy-class Private
allow list VPN-10-vpn-selectors stateless
allow list self self
nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
allow reverse list VPN-10-vpn-selectors stateless
allow list tc-atl
discard list wizard-ics
!
ip access-list standard tc-atl
remark Allow statement for internal subnets
permit 10.10.10.0 0.0.0.255
!


Here are my questions.
1. Should the route be configured to initiate any of these connections?
2. What does the error "Received Vendor ID not registered with IKE" signify?
3. Should I be using a custom VPN policy rather than a typical?
4. What else could I be missing here?

Many thanks for any thoughts.

Regards,
Jordan
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.