This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco vpn client - Remote access connection to UTM v9.411-3

Hi all

I 've

On my laptop I have Cisco VPN client v5.0.0.7.0440 installed.

I configured the UTM for the Cisco VPN client.

When I try to connect to the UTM the live log says the following:

2017:04:19-12:40:00 sophosutm pluto[21934]: packet from x.x.x.x:4404: size (865) differs from size specified in ISAKMP HDR (849)
2017:04:19-12:40:00 sophosutm pluto[21934]: packet from x.x.x.x:4404: Cisco VPN client appends 16 surplus NULL bytes
2017:04:19-12:40:00 sophosutm pluto[21934]: packet from x.x.x.x:4404: unsupported exchange type ISAKMP_XCHG_AGGR in message
2017:04:19-12:40:00 sophosutm pluto[21934]: packet from x.x.x.x:4404: sending notification UNSUPPORTED_EXCHANGE_TYPE to x.x.x.x:4404

Is this Cisco VPN client no longer supported or is something else not properly configured?

Link to BAlfson: Connecting to Astaro using the Cisco VPN Client doesn't seem to work anymore

Cisco client Anyconnect? From/to which version. Or if I read correctly works only with Cisco ASA?

Free and safe alternitives?

Thanx Jaap



This thread was automatically locked due to age.
  • unsupported exchange type ISAKMP_XCHG_AGGR in message

    Set the client to use Main mode instead of Aggressive mode, Jaap, and you should be fine.  IPsec in the UTM has never supported Aggressive mode.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson,

    Thanx for your answer ! :)

    Had to find out though how to put the Cisco VPN client from aggressive into main mode.

    This is not clear when configuring the Cisco VPN client, but in short:

    Using Group authentication is > Aggressive mode

    Using Certificate authentication is > Main mode

    This certificate is from the UTM which you can download via the User Portal if authorized for the portal.

    You import this certificate in the Cisco VPN client.

    See the last to pages of the following document:

    https://sophserv.sophos.com/repo_kb/116056/file/Cisco_VPN-Client_Howto.pdf

     

    Thanx again - Jaap