In order for a VPN connection to establish the IPSec Connection Profile must match exactly and is case-sensitive. Whilst trying to troubleshoot a recent VPN connection, from the client I would hit connect however, the connection would soon fail and the Cisco client logs didn’t give me much information.
When I checked the Cisco ASA logs this is what displayed:
Phase 1 failure: Mismatched attribute types for class Group Description: Rcv’d: Group 2 Cfg’d: Group 5
Group = DefaultRAGroup, IP = x.x.x.x, constructing ISAKMP SA payload
Group = DefaultRAGroup, IP = x.x.x.x, Received an un-encrypted INVALID_HASH_INFO notify message, dropping
Group = DefaultRAGroup, IP = x.x.x.x, Error, peer has indicated that something is wrong with our message. This could indicate a pre-shared key mismatch.
I could see that there was a mismatch in the IPSec Connection Profile and after confirming the pre-shared key was correct, I checked the name of the IPSec Connection Profile and discovered that the casing was different. The connection was failing at this level and proceeded to try to use a default Group which failed.
After making the case changes, I received an authentication box and the connection successfully established.
The IPSec Connection Profile name is case-sensitive.