Hello,
My situation,
I have a client who is using a Pix 501, 50 User license. Until a few days ago all worked fine.....no issues.
Pix version 6.3(5) Cisco VPN Client 4.6.00.0049
Recently the company had a power outage prior to replacing a dead battery on a UPS.....they have a spare on order now.
When the system came back up, there was a network IP conflict between a work station and the file server attached to the dead power supply.
I fixed that, replaced the battery for the UPS, and decided to change the dhcpd address range to take the server and file server's static IP addresses out of the pool. Server is 10.0.0.2 and file server is
10.0.0.3
I ssh'd in to the Pix. My commands were as follows:
no dchpd address 10.0.0.2-10.0.0.129 inside dchpd address 10.0.0.4-10.0.0.129 inside write memory clear xlate
Rebooted the Pix to be sure. Then verified the change went through.
The issue I have is the VPN is now broken....no small issue. And I can't imagine the commands I issued above would have an effect.
When I tested the VPN from the client machine, the error log shows the following:
>1 20:50:09.210 07/21/06 Sev=Info/4 CM/0x63100002
>Begin connection process
>
>2 20:50:09.390 07/21/06 Sev=Info/4 CM/0x63100004
>Establish secure connection using Ethernet
>
>3 20:50:09.390 07/21/06 Sev=Info/4 CM/0x63100024
>Attempt connection with server "x.x.x.x"
>
>4 20:50:10.414 07/21/06 Sev=Info/6 IKE/0x6300003B
>Attempting to establish a connection with x.x.x.x.
>
>5 20:50:10.434 07/21/06 Sev=Info/4 IKE/0x63000013
>SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T),
VID(Frag), VID(Unity)) to x.x.x.x
>6 20:50:10.445 07/21/06 Sev=Info/4 IPSEC/0x63700008
>IPSec driver successfully started
>
>7 20:50:10.445 07/21/06 Sev=Info/4 IPSEC/0x63700014
>Deleted all keys
>
>8 20:50:10.445 07/21/06 Sev=Info/6 IPSEC/0x6370002B
>Sent 8 packets, 0 were fragmented.
>
>9 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x6300002F
>Received ISAKMP packet: peer = x.x.x.x
>
>10 20:50:11.599 07/21/06 Sev=Info/4 IKE/0x63000014
>RECEIVING 11 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001 >Peer supports XAUTH
>
>12 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001
>Peer supports DPD
>
>13 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001
>Peer is a Cisco-Unity compliant peer
>
>14 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000081
>Received IOS Vendor ID with unknown capabilities flag 0x000000A5
>
>15 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001
>Peer supports NAT-T
>
>16 20:50:11.619 07/21/06 Sev=Warning/3 IKE/0xE3000056
>The received HASH payload cannot be verified
>
>17 20:50:11.619 07/21/06 Sev=Warning/2 IKE/0xE300007D
>Hash verification failed... may be configured with invalid group password. >
>18 20:50:11.619 07/21/06 Sev=Warning/2 IKE/0xE3000099
>Failed to authenticate peer (Navigator:904)
>
>19 20:50:11.619 07/21/06 Sev=Info/4 IKE/0x63000013
>SENDING >>> ISAKMP OAK INFO (NOTIFY:INVALID_HASH_INFO) to x.x.x.x >
>20 20:50:11.619 07/21/06 Sev=Info/4 IKE/0x63000013
>SENDING >>> ISAKMP OAK INFO (NOTIFY:AUTH_FAILED) to x.x.x.x
>
>21 20:50:11.619 07/21/06 Sev=Warning/2 IKE/0xE30000A5
>Unexpected SW error occurred while processing Aggressive Mode
negotiator:(Navigator:2202)
>22 20:50:11.619 07/21/06 Sev=Info/4 IKE/0x63000017
>Marking IKE SA for deletion (I_Cookie=8DF5FF3D9390C28F
R_Cookie=840483716085DE3B) reason = DEL_REASON_IKE_NEG_FAILED
>23 20:50:12.523 07/21/06 Sev=Info/4 IKE/0x6300004A
>Discarding IKE SA negotiation (I_Cookie=8DF5FF3D9390C28F
R_Cookie=840483716085DE3B) reason = DEL_REASON_IKE_NEG_FAILED
>24 20:50:12.523 07/21/06 Sev=Info/4 CM/0x63100014
>Unable to establish Phase 1 SA with server "x.x.x.x" because of
"DEL_REASON_IKE_NEG_FAILED"
>25 20:50:12.523 07/21/06 Sev=Info/5 CM/0x63100025
>Initializing CVPNDrv
>
>26 20:50:12.543 07/21/06 Sev=Info/4 IKE/0x63000001
>IKE received signal to terminate VPN connection
>
>27 20:50:12.553 07/21/06 Sev=Info/4 IKE/0x63000085
>Microsoft IPSec Policy Agent service started successfully
>
>28 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x63700014
>Deleted all keys
>
>29 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x63700014
>Deleted all keys
>
>30 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x63700014
>Deleted all keys
>
>31 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x6370000A
>IPSec driver successfully stopped
>
I've Googled the error messages from items 16, 17, and 18 above with no solutions to my problem.
I've verified the password is correct on the client.
I've even changed the dhcpd address to reflect the original pool of
10.0.0.2-10.0.0.129 with no success.
I'm going to the office this weekend to "poke around" for a solution. I'll verify the password is correct on the Pix. If that doesn't work, I suspect a corrupt configuration file. Before I blow away the config file and rebuild it if the verification of the password doesn't solve the problem, what additional advice can you provide to help troubleshoot the issue?
I'll provide more information if needed.
Thank you in advance for any and all suggestions.
Regards,
Buck