Cisco VPN client from behind ISA 2004.

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

I'm aware that this in an unusual request to a certification news group, but
I'm hoping someone here can help me. Any help would be gratefully received.

I have a client that needs to use the Cisco VPN client to connect to  one of
their clients.

They are unable to. I have tried from a number of networks behind various
devices. Some work (Cisco 2600, Nokia M11, Linksys, direct Internet
connection), others don't (ISA 2004).

I have however tested a VPN using the Cisco client to one of my clients and
everything has so far worked, even from behind devices that don't work for
the other VPN.

The faulty VPN produces this error:

Secure VPN Connection terminated locally by the Client. Reason 412: The
remote peer is no longer responding.

Looking at the ISA logs shows very little going on - a connection in and out
on port 500 - one establishing a connection and the other cancelling the
connection 30 or so seconds later. the connection that does work also
establishes traffic on port 4500 as I'd expect.

The VPN client log looks like this:

Cisco Systems VPN Client Version

Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

Config file directory: C:\\Program Files\\Cisco Systems\\VPN Client

1      16:04:52.496  01/10/06  Sev=Info/4  CM/0x63100002

Begin connection process

2      16:04:52.526  01/10/06  Sev=Info/4  CM/0x63100004

Establish secure connection using Ethernet

3      16:04:52.526  01/10/06  Sev=Info/4  CM/0x63100024

Attempt connection with server ""

4      16:04:52.536  01/10/06  Sev=Info/6  IKE/0x6300003B

Attempting to establish a connection with

5      16:04:52.556  01/10/06  Sev=Info/4  IKE/0x63000013

VID(Nat-T), VID(Frag), VID(Unity)) to

6      16:04:52.576  01/10/06  Sev=Info/4  IPSEC/0x63700008

IPSec driver successfully started

7      16:04:52.576  01/10/06  Sev=Info/4  IPSEC/0x63700014

Deleted all keys

8      16:04:52.576  01/10/06  Sev=Info/6  IPSEC/0x6370002B

Sent 8 packets, 0 were fragmented.

9      16:04:52.576  01/10/06  Sev=Info/4  IPSEC/0x6370000D

Key(s) deleted by Interface (

10     16:04:57.573  01/10/06  Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

11     16:04:57.573  01/10/06  Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to

12     16:05:02.581  01/10/06  Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

13     16:05:02.581  01/10/06  Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to

14     16:05:07.588  01/10/06  Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

15     16:05:07.588  01/10/06  Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to

16     16:05:12.595  01/10/06  Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion  (I_Cookie=541BD3B219A7020D
R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

17     16:05:13.096  01/10/06  Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=541BD3B219A7020D
R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

18     16:05:13.096  01/10/06  Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "" because of

19     16:05:13.106  01/10/06  Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

20     16:05:13.126  01/10/06  Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

21     16:05:13.596  01/10/06  Sev=Info/4 IPSEC/0x63700014

Deleted all keys

22     16:05:13.596  01/10/06  Sev=Info/4 IPSEC/0x63700014

Deleted all keys

23     16:05:13.596  01/10/06  Sev=Info/4 IPSEC/0x63700014

Deleted all keys

24     16:05:13.596  01/10/06  Sev=Info/4 IPSEC/0x6370000A

I have tested by creating a (temporary) rule that will allow all traffic to
and from This made no difference. I can't see how one VPN can work,
and the other not. i also found an MS article that suggested adding port
10000 into the mix (for ISA 2000, so I added the equivalent protocol and
rules for 2004).

Is the problem with the other end? Is there a NAT issue here that I can't

Does any one know what I need to do here?

Site Timeline