Loss of VPN Access Using Pix 501

Hello,

My situation,

I have a client who is using a Pix 501, 50 User license. Until a few days ago all worked fine.....no issues.

Pix version 6.3(5) Cisco VPN Client 4.6.00.0049

Recently the company had a power outage prior to replacing a dead battery on a UPS.....they have a spare on order now.

When the system came back up, there was a network IP conflict between a work station and the file server attached to the dead power supply.

I fixed that, replaced the battery for the UPS, and decided to change the dhcpd address range to take the server and file server's static IP addresses out of the pool. Server is 10.0.0.2 and file server is

10.0.0.3

I ssh'd in to the Pix. My commands were as follows:

no dchpd address 10.0.0.2-10.0.0.129 inside dchpd address 10.0.0.4-10.0.0.129 inside write memory clear xlate

Rebooted the Pix to be sure. Then verified the change went through.

The issue I have is the VPN is now broken....no small issue. And I can't imagine the commands I issued above would have an effect.

When I tested the VPN from the client machine, the error log shows the following:

>1 20:50:09.210 07/21/06 Sev=Info/4 CM/0x63100002 >Begin connection process > >2 20:50:09.390 07/21/06 Sev=Info/4 CM/0x63100004 >Establish secure connection using Ethernet > >3 20:50:09.390 07/21/06 Sev=Info/4 CM/0x63100024 >Attempt connection with server "x.x.x.x" > >4 20:50:10.414 07/21/06 Sev=Info/6 IKE/0x6300003B >Attempting to establish a connection with x.x.x.x. > >5 20:50:10.434 07/21/06 Sev=Info/4 IKE/0x63000013 >SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T),

VID(Frag), VID(Unity)) to x.x.x.x

>6 20:50:10.445 07/21/06 Sev=Info/4 IPSEC/0x63700008 >IPSec driver successfully started > >7 20:50:10.445 07/21/06 Sev=Info/4 IPSEC/0x63700014 >Deleted all keys > >8 20:50:10.445 07/21/06 Sev=Info/6 IPSEC/0x6370002B >Sent 8 packets, 0 were fragmented. > >9 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x6300002F >Received ISAKMP packet: peer = x.x.x.x > >10 20:50:11.599 07/21/06 Sev=Info/4 IKE/0x63000014 >RECEIVING 11 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001 >Peer supports XAUTH > >12 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001 >Peer supports DPD > >13 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001 >Peer is a Cisco-Unity compliant peer > >14 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000081 >Received IOS Vendor ID with unknown capabilities flag 0x000000A5 > >15 20:50:11.599 07/21/06 Sev=Info/5 IKE/0x63000001 >Peer supports NAT-T > >16 20:50:11.619 07/21/06 Sev=Warning/3 IKE/0xE3000056 >The received HASH payload cannot be verified > >17 20:50:11.619 07/21/06 Sev=Warning/2 IKE/0xE300007D >Hash verification failed... may be configured with invalid group password. > >18 20:50:11.619 07/21/06 Sev=Warning/2 IKE/0xE3000099 >Failed to authenticate peer (Navigator:904) > >19 20:50:11.619 07/21/06 Sev=Info/4 IKE/0x63000013 >SENDING >>> ISAKMP OAK INFO (NOTIFY:INVALID_HASH_INFO) to x.x.x.x > >20 20:50:11.619 07/21/06 Sev=Info/4 IKE/0x63000013 >SENDING >>> ISAKMP OAK INFO (NOTIFY:AUTH_FAILED) to x.x.x.x > >21 20:50:11.619 07/21/06 Sev=Warning/2 IKE/0xE30000A5 >Unexpected SW error occurred while processing Aggressive Mode

negotiator:(Navigator:2202)

>22 20:50:11.619 07/21/06 Sev=Info/4 IKE/0x63000017 >Marking IKE SA for deletion (I_Cookie=8DF5FF3D9390C28F

R_Cookie=840483716085DE3B) reason = DEL_REASON_IKE_NEG_FAILED

>23 20:50:12.523 07/21/06 Sev=Info/4 IKE/0x6300004A >Discarding IKE SA negotiation (I_Cookie=8DF5FF3D9390C28F

R_Cookie=840483716085DE3B) reason = DEL_REASON_IKE_NEG_FAILED

>24 20:50:12.523 07/21/06 Sev=Info/4 CM/0x63100014 >Unable to establish Phase 1 SA with server "x.x.x.x" because of

"DEL_REASON_IKE_NEG_FAILED"

>25 20:50:12.523 07/21/06 Sev=Info/5 CM/0x63100025 >Initializing CVPNDrv > >26 20:50:12.543 07/21/06 Sev=Info/4 IKE/0x63000001 >IKE received signal to terminate VPN connection > >27 20:50:12.553 07/21/06 Sev=Info/4 IKE/0x63000085 >Microsoft IPSec Policy Agent service started successfully > >28 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x63700014 >Deleted all keys > >29 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x63700014 >Deleted all keys > >30 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x63700014 >Deleted all keys > >31 20:50:12.553 07/21/06 Sev=Info/4 IPSEC/0x6370000A >IPSec driver successfully stopped >

I've Googled the error messages from items 16, 17, and 18 above with no solutions to my problem.

I've verified the password is correct on the client.

I've even changed the dhcpd address to reflect the original pool of

10.0.0.2-10.0.0.129 with no success.

I'm going to the office this weekend to "poke around" for a solution. I'll verify the password is correct on the Pix. If that doesn't work, I suspect a corrupt configuration file. Before I blow away the config file and rebuild it if the verification of the password doesn't solve the problem, what additional advice can you provide to help troubleshoot the issue?

I'll provide more information if needed.

Thank you in advance for any and all suggestions.

Regards,

Buck

Reply to
Buck Rogers
Loading thread data ...

----------------------------------------------------------------------------------------------------

Previous suggestion from:

Jack Ko, CCSP, CCDA, CCNA, CCSE, CCSA, CWSP, CWSA, CISA, and CISSP Security and Network Consultant Trilogy Computer Systems Pty Ltd, Australia Email: jack.ko *at* tcsa.com.au Website:

formatting link

----------------------------------------------------------------------------------------------------

vpngroup vpnclient address-pool ippool vpngroup vpnclient split-tunnel 120 vpngroup vpnclient idle-time 1800 vpngroup vpnclient password ********

verify the profile created on the vpn client software. the username should be "vpnclient" and the password should be "********" the value you put in with the last command above.

a popup window will appear for username and password after double click to start connecting. enter the one created by username command.

----------------------------------------------------------------------------------------------------

Hope this helps.

Brad Reese BradReese.Com - Cisco Jobs

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Technical Forums
formatting link

Reply to
www.BradReese.Com

Brad,

Thanks for the suggestion.

Unfortunately, all is as you suggest above.

Any other suggestions?

Buck

Reply to
Buck Rogers

_Snip_

Snip

To Update:

I reset the password on the pix and all is okay.

Makes one wonder how the password was changed/corrupted on the pix in the first place..?

Regards,

Buck

Reply to
Buck Rogers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.