VPN Client 4.01 into PIX 501
in [Cisco]
|
From: dragunovguy on 22 Feb 2007 11:24 During the day I work here at an architectural firm in McLean, VA as the IT manager. The principals and associates use the Cisco VPN client 4.01 to VPN into the network and all of them can connect without problems. We have a Windows Small Business Server 2003 domain behind a PIX 501 connected to a Cox cable business class internet connection and a static IP from Cox. The PIX is acting as our DHCP server. The previous IT guy set it up that way. I would rather have the SBS 2003 server acting as the DHCP server, since it is already the domain controller, but that is one of those "if it ain't broke don't fix it things" that I haven't gotten around to. We are using the 192.168.1.0 scope internally. At home I have a Windows Small Business Server 2003 domain for my home network. I also have a Cox cable business class internet connection on a static IP with a Juniper Networks Netscreen 5GT firewall. In my network the SBS 2003 DC is the DHCP server and I am using the 192.168.16.0 scope. I have loaded the same Cisco 4.01 VPN client on my personal laptop at home running Win XP Pro SP2 using the same media and settings that I use at work to load it on the principals laptops. When I try to connect I get the "Secure VPN connection terminated locally by client, remote peer is no longer responding" error. I have included the log file from the client. I have made an exception in the Windows Firewall on my laptop for the Cisco VPN client. The funny thing is my wife works for the local school system and they gave her a Cisco VPN client 4.01 CD to load on her personal laptop at home and she can connect with their system just fine going out through a Linksys wireless router doing NAT that connects to a switch on my network and then my Netscreen firewall to get to the internet. Her laptop is not part of my domain. I segregate her and the kids from my domain by having them connect through the Linksys wireless router. They are in a workgroup. So I don't think it is my firewall. I checked the connection settings in her Cisco VPN client and they look pretty much identical to the way I set up our VPN client to connect through our PIX 501. Log file Cisco Systems VPN Client Version 4.0.1 (Rel) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Windows, WinNT Running on: 5.1.2600 1 07:37:07.977 02/21/07 Sev=Info/4 PPP/0x63200015 Establish connection with client application 2 07:37:07.997 02/21/07 Sev=Info/4 PPP/0x6320001C Processing enumerate phone book entries command 3 07:37:08.018 02/21/07 Sev=Info/4 PPP/0x6320000D Retrieved 0 dial entries 4 07:37:08.018 02/21/07 Sev=Info/4 PPP/0x6320000F No entry in the phone book 5 07:37:08.018 02/21/07 Sev=Info/4 PPP/0x63200017 Terminate connection with client application 6 07:37:45.541 02/21/07 Sev=Info/4 CM/0x63100002 Begin connection process 7 07:37:45.551 02/21/07 Sev=Info/4 CVPND/0xE3400001 Microsoft IPSec Policy Agent service stopped successfully 8 07:37:45.551 02/21/07 Sev=Info/4 CM/0x63100004 Establish secure connection using Ethernet 9 07:37:45.551 02/21/07 Sev=Info/4 CM/0x63100024 Attempt connection with server "68.106.146.236" 10 07:37:46.553 02/21/07 Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with 68.106.146.236. 11 07:37:46.553 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 68.106.146.236 12 07:37:46.563 02/21/07 Sev=Info/4 IPSEC/0x63700008 IPSec driver successfully started 13 07:37:46.563 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 14 07:37:51.690 02/21/07 Sev=Info/4 IKE/0x63000021 Retransmitting last packet! 15 07:37:51.690 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 68.106.146.236 16 07:37:56.697 02/21/07 Sev=Info/4 IKE/0x63000021 Retransmitting last packet! 17 07:37:56.697 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 68.106.146.236 18 07:38:01.704 02/21/07 Sev=Info/4 IKE/0x63000021 Retransmitting last packet! 19 07:38:01.704 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 68.106.146.236 20 07:38:06.711 02/21/07 Sev=Info/4 IKE/0x63000017 Marking IKE SA for deletion (I_Cookie=744B64E56A27E1C7 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING 21 07:38:07.212 02/21/07 Sev=Info/4 IKE/0x6300004A Discarding IKE SA negotiation (I_Cookie=744B64E56A27E1C7 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING 22 07:38:07.212 02/21/07 Sev=Info/4 CM/0x63100014 Unable to establish Phase 1 SA with server "68.106.146.236" because of "DEL_REASON_PEER_NOT_RESPONDING" 23 07:38:07.212 02/21/07 Sev=Info/5 CM/0x63100025 Initializing CVPNDrv 24 07:38:07.212 02/21/07 Sev=Info/4 IKE/0x63000001 IKE received signal to terminate VPN connection 25 07:38:07.212 02/21/07 Sev=Info/4 IKE/0x63000085 Microsoft IPSec Policy Agent service started successfully 26 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 27 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 28 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 29 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x6370000A IPSec driver successfully stopped Thanks to anyone that can help Daryl Stockton
|
Pages: 1 Prev: VPN client on vista Next: email notification for unreachable switch |