I'm aware that this in an unusual request to a certification news group, but I'm hoping someone here can help me. Any help would be gratefully received.
I have a client that needs to use the Cisco VPN client to connect to one of their clients.
They are unable to. I have tried from a number of networks behind various devices. Some work (Cisco 2600, Nokia M11, Linksys, direct Internet connection), others don't (ISA 2004).
I have however tested a VPN using the Cisco client to one of my clients and everything has so far worked, even from behind devices that don't work for the other VPN.
The faulty VPN produces this error:
Error Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding.
Looking at the ISA logs shows very little going on - a connection in and out on port 500 - one establishing a connection and the other cancelling the connection 30 or so seconds later. the connection that does work also establishes traffic on port 4500 as I'd expect.
The VPN client log looks like this:
Cisco Systems VPN Client Version 4.6.01.0019
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
Config file directory: C:\\Program Files\\Cisco Systems\\VPN Client
1 16:04:52.496 01/10/06 Sev=Info/4 CM/0x63100002Begin connection process
2 16:04:52.526 01/10/06 Sev=Info/4 CM/0x63100004Establish secure connection using Ethernet
3 16:04:52.526 01/10/06 Sev=Info/4 CM/0x63100024Attempt connection with server "1.2.3.4"
4 16:04:52.536 01/10/06 Sev=Info/6 IKE/0x6300003BAttempting to establish a connection with 1.2.3.4.
5 16:04:52.556 01/10/06 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 1.2.3.4
6 16:04:52.576 01/10/06 Sev=Info/4 IPSEC/0x63700008IPSec driver successfully started
7 16:04:52.576 01/10/06 Sev=Info/4 IPSEC/0x63700014Deleted all keys
8 16:04:52.576 01/10/06 Sev=Info/6 IPSEC/0x6370002BSent 8 packets, 0 were fragmented.
9 16:04:52.576 01/10/06 Sev=Info/4 IPSEC/0x6370000DKey(s) deleted by Interface (218.101.3.22)
10 16:04:57.573 01/10/06 Sev=Info/4 IKE/0x63000021Retransmitting last packet!
11 16:04:57.573 01/10/06 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG (Retransmission) to 1.2.3.4
12 16:05:02.581 01/10/06 Sev=Info/4 IKE/0x63000021Retransmitting last packet!
13 16:05:02.581 01/10/06 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG (Retransmission) to 1.2.3.4
14 16:05:07.588 01/10/06 Sev=Info/4 IKE/0x63000021Retransmitting last packet!
15 16:05:07.588 01/10/06 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG (Retransmission) to 1.2.3.4
16 16:05:12.595 01/10/06 Sev=Info/4 IKE/0x63000017Marking IKE SA for deletion (I_Cookie=541BD3B219A7020D R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
17 16:05:13.096 01/10/06 Sev=Info/4 IKE/0x6300004BDiscarding IKE SA negotiation (I_Cookie=541BD3B219A7020D R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
18 16:05:13.096 01/10/06 Sev=Info/4 CM/0x63100014Unable to establish Phase 1 SA with server "1.2.3.4" because of "DEL_REASON_PEER_NOT_RESPONDING"
19 16:05:13.106 01/10/06 Sev=Info/5 CM/0x63100025Initializing CVPNDrv
20 16:05:13.126 01/10/06 Sev=Info/4 IKE/0x63000001IKE received signal to terminate VPN connection
21 16:05:13.596 01/10/06 Sev=Info/4 IPSEC/0x63700014Deleted all keys
22 16:05:13.596 01/10/06 Sev=Info/4 IPSEC/0x63700014Deleted all keys
23 16:05:13.596 01/10/06 Sev=Info/4 IPSEC/0x63700014Deleted all keys
24 16:05:13.596 01/10/06 Sev=Info/4 IPSEC/0x6370000AI have tested by creating a (temporary) rule that will allow all traffic to and from 1.2.3.4. This made no difference. I can't see how one VPN can work, and the other not. i also found an MS article that suggested adding port
10000 into the mix (for ISA 2000, so I added the equivalent protocol and rules for 2004).Is the problem with the other end? Is there a NAT issue here that I can't see.
Does any one know what I need to do here?