Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Received Vendor ID not registered with IKE - Mobile VPN 7000dl

Jordan D
Occasional Contributor

Received Vendor ID not registered with IKE - Mobile VPN 7000dl

I am having some trouble with the VPN wizard for mobile policies on the 7102.

In configuration, I have run the NAT wizard first, which enables internet access for all appropriate internal users. After configuring and verifying the functionality of NAT overload on my public interface (eth 0/1), I run the VPN wizard (typical). I choose an IP subnet that does not exist on the LAN for the mobile user pool. After entering a pre-shared key and choosing finish, I download the .spd file for my new mobile policy. I install this on the VPN client and enter my pre-shared key.

The policy has been failing with this message in IKE debug: "Received Vendor ID not registered with IKE"

Important Pieces of Config.
!
ip crypto
!
crypto ike client configuration pool STCATL
ip-range 10.1.1.1 10.1.1.254
dns-server 4.2.2.1 4.2.2.2
!
crypto ike policy 100
no initiate
respond anymode
local-id address
peer any
client configuration pool STCATL
attribute 1
encryption 3des
hash md5
authentication pre-share
!
crypto ike remote-id any preshared-key ike-policy 100 crypto map VPN 10 no-xauth
!
crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac
mode tunnel
!
crypto map VPN 10 ipsec-ike
description mobile
match address VPN-10-vpn-selectors
set transform-set esp-3des-esp-md5-hmac
ike-policy 100
mobile
!
interface eth 0/1
description Int_Pri
ip address pub.lic.i.p 255.255.255.252
access-policy Public
crypto map VPN
no shutdown
!
ip access-list extended VPN-10-vpn-selectors
permit ip 10.10.10.0 0.0.0.255 10.1.1.0 0.0.0.255
!
ip policy-class Private
allow list VPN-10-vpn-selectors stateless
allow list self self
nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
allow reverse list VPN-10-vpn-selectors stateless
allow list tc-atl
discard list wizard-ics
!
ip access-list standard tc-atl
remark Allow statement for internal subnets
permit 10.10.10.0 0.0.0.255
!


Here are my questions.
1. Should the route be configured to initiate any of these connections?
2. What does the error "Received Vendor ID not registered with IKE" signify?
3. Should I be using a custom VPN policy rather than a typical?
4. What else could I be missing here?

Many thanks for any thoughts.

Regards,
Jordan