Support Center > Search Results > SecureKnowledge Details
"Negotiation with the site failed" error when trying to connect E82.50 (or earlier) Mac OS VPN Client to site Technical Level
Symptoms
  • "Negotiation with site failed" error when trying to connect E82.50 (or earlier) Mac OS VPN Client to site.
  • Debug information collected as per sk33327 - How to generate a valid VPN debug, IKE debug and FW Monitor shows:
    Based on the outputs from the VPN debug [$FWDIR/log/vpnd.elg]:
    [vpnd 32509 4101576592][1 May 10:35:36][ccc_ike] getAllMatchingRealmsFromCCCSet: client do not support selecting a realm.
    [vpnd 32509 4101576592][1 May 10:35:36][ccc_ike] isDefaultRealmDisabled: the default realm 'vpn' is disabled
    [vpnd 32509 4101576592][1 May 10:35:36][ccc_ike] getAllMatchingRealmsFromCCCSet: the GW does not support clients that dont support selecting a realm. Not adding default realm.
    [vpnd 32509 4101576592][1 May 10:35:36][ccc_ike] getSelectedRealm: the realm that was selected is: (null)
    [vpnd 32509 4101576592][1 May 10:35:36] MMProcess5 fail to save selected realm
    [vpnd 32509 4101576592][1 May 10:35:36] RespMMPacketError: error in FWIKE_EXCH_MAIN_MODE - FWIKE_MM_PACKET_5
    [vpnd 32509 4101576592][1 May 10:35:36][stat] vpn_inc_status_VPND_counter: increased counter 0
    [vpnd 32509 4101576592][1 May 10:35:36][stat] vpn_inc_status_VPND_counter: increased counter 6
    [vpnd 32509 4101576592][1 May 10:35:36]    TalkToEngine: Engine RC is << FWIKE_ERROR >>
    [vpnd 32509 4101576592][1 May 10:35:36] TalkToEngine: received Error reply from Engine
    Conclusion from the debug information is that the gateway does not support clients that do not support selecting a realm.
  • trac.log from the client will show:
    [IKE] create_MM5(hybrid authentication): authentication blob (
    following few lines down with
    [TR_CONN_MANAGER] TR_CONN_MANAGER::ConnCancelConnectCB: missing connHandle - disconnect the active site
Cause

The Mac VPN Clients E82.50 and earlier use legacy method authentication, and currently do not support "realm" feature.


Solution
Note: To view this solution you need to Sign In .