Home | Net Issues | Net How To | Wireless | Case Studies | Articles |  Forums| Services | About Us | Careers | Quick Setup | Contact Us|

Web Cisco

 

Cisco VPN client receives "No connected error"

Cannot establish Cisco VPN behind Linksys router

I setup Cisco PIX 515 in my lab to test IPSec VPN. The PIX is behind a Linksys WRTP54G router and UDP port 500 is open. I can establish the VPN in the LAN, but I get not connected error if I test it from a remote office that is behind another PIX 515E. I am not sure the problem is the Linksys router or PIX in the office. Any suggestions?

The lab PIX configuration can be found here, http://www.howtonetworking.com/cisco/pixvpnsample.htm

Here are VPN client log.

Cisco Systems VPN Client Version 4.6.01.0019
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1 09:58:38.469 05/26/06 Sev=Info/4 CM/0x63100002
Begin connection process

2 09:58:38.979 05/26/06 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully

3 09:58:38.979 05/26/06 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

4 09:58:38.979 05/26/06 Sev=Info/4 CM/0x63100024
Attempt connection with server "chicagotech.net"

5 09:58:40.247 05/26/06 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.246.

6 09:58:40.557 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to x.x.x.246

7 09:58:40.587 05/26/06 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

8 09:58:40.587 05/26/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

9 09:58:40.947 05/26/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.246

10 09:58:40.947 05/26/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from x.x.x.246

11 09:58:40.947 05/26/06 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH

12 09:58:40.947 05/26/06 Sev=Info/5 IKE/0x63000001
Peer supports DPD

13 09:58:40.947 05/26/06 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer

14 09:58:40.947 05/26/06 Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5

15 09:58:40.947 05/26/06 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T

16 09:58:40.977 05/26/06 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful

17 09:58:40.977 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.246

18 09:58:40.997 05/26/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA

19 09:58:40.997 05/26/06 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194

20 09:58:40.997 05/26/06 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end IS behind a NAT device

21 09:58:40.997 05/26/06 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

22 09:58:40.997 05/26/06 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

23 09:58:41.566 05/26/06 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator

24 09:58:41.566 05/26/06 Sev=Info/5 IKE/0x6300005D
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).

25 09:58:41.566 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.246

26 09:58:46.860 05/26/06 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

27 09:58:46.860 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(Retransmission) to x.x.x.246

28 09:58:51.305 05/26/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA

29 09:58:52.304 05/26/06 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

30 09:58:52.304 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(Retransmission) to x.x.x.246

31 09:58:55.900 05/26/06 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.246

32 09:58:55.900 05/26/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (Retransmission) from x.x.x.246

33 09:58:55.900 05/26/06 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

34 09:58:55.900 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(Retransmission) to x.x.x.246

35 09:58:57.798 05/26/06 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

36 09:58:57.798 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(Retransmission) to x.x.x.246

37 09:59:01.793 05/26/06 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA

38 09:59:03.291 05/26/06 Sev=Info/4 IKE/0x6300002D
Phase-2 retransmission count exceeded: MsgID=442F0A75

39 09:59:03.291 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.246

40 09:59:03.291 05/26/06 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.246, our seq# = 2226793716

41 09:59:03.341 05/26/06 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=672CDA295511818F R_Cookie=9ADE594A69BA0090) reason = DEL_REASON_IKE_NEG_FAILED

42 09:59:03.341 05/26/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.246

43 09:59:06.787 05/26/06 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=672CDA295511818F R_Cookie=9ADE594A69BA0090) reason = DEL_REASON_IKE_NEG_FAILED

44 09:59:06.787 05/26/06 Sev=Info/4 CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

45 09:59:06.797 05/26/06 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

46 09:59:06.807 05/26/06 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

47 09:59:06.937 05/26/06 Sev=Info/4 IKE/0x63000086
Microsoft IPSec Policy Agent service started successfully

48 09:59:07.297 05/26/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

49 09:59:07.297 05/26/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

50 09:59:07.297 05/26/06 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

51 09:59:07.297 05/26/06 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

Resolution: On the Linksys WRTP54G router open UDP 4500

Related Topics

Cisco VPN client errors

Cisco VPN Client error - The remote peer is no longer responding ... You receive not connected when running Cisco VPN client ...
www.chicagotech.net/ciscoclienterrors.htm

Cisco router firewall

Symptom: You are using Cisco VPN client to establish VPN connection on Cisco PIX. The PIX assigns ip 192.168.1.1 but you can't ping LAN ip like 10.0.0.10. ...
www.chicagotech.net/ciscorouter.htm

VPN Issues

Q: I uses Cisco VPN client at home to access my company VPN. ... To setup VPN for MS VPN clients on Cisco PIX, you need to add the following lines. ...
www.chicagotech.net/vpn.htm

can't access remote computer with Cisco vpn

3. By default, Cisco VPN doesn't allow VPN clients access the internet. however, you can setup split tunnel. Bob Lin, MS-MVP, MCSE & CNE. Related Topics ...
www.chicagotech.net/Q&A/vpn10.htm

VPN Setup

What statements are required to allow a VPN inbound past my Cisco PIX? ... For example, to add DNS and WINS on a Cisco Firewall PIX, add vpdn group 1 client ...
www.chicagotech.net/vpnsetup.htm
 

 

 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2013 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.