PIX 501 CISCO vpn problem

In article , Travis wrote: :I used the VPN wizard to setup the CISCO vpn, but I'm having problems :connecting to it. I can ping the external ip address no problem. But when I :try to connect, it just sits there. I can remember entering in some kind of :command on my pix 506e that allowed port 4500 or somthing.

How are you trying to connect to it? Are you trying to connect through a VPN client to the remote PIX 501 itself? Are you trying to connect through a VPN client to a device -behind- the PIX 501? Have you set up a site-to-site VPN between the 506E and the 501? Did you have the 501 create an RSA public key (and save it), and configured ssh access to the 501 and tried ssh'ing to it? Have you tried connecting to the 501 via pdm? Have you configured isakmp nat-traversal 20 on the 506E and 501? What relevant log messages are you seeing on the 501 end?

I'm using the cisco vpn client version 4.6.00.0049 on home computer, and trying to connect to the PIX 501 that's installed on my work network. I have no site-to-site VPN setup from the 506e and the 501. I have no RSA public key. I have can SSH to both units. I have connect to the PDM fine. I have not configured the isakmp nat-traversal 20 command.

I get these errors in my CISCO VPN log

1 10:28:03.078 08/26/05 Sev=Warning/2 IKE/0xE3000099 Invalid SPI size (PayloadNotify:116)

2 10:28:03.078 08/26/05 Sev=Warning/3 IKE/0xA3000058 Received malformed message or negotiation no longer active (message id:

0x00000000)

In article , Travis wrote: :I get these errors in my CISCO VPN log

:1 10:28:03.078 08/26/05 Sev=Warning/2 IKE/0xE3000099 :Invalid SPI size (PayloadNotify:116)

:2 10:28:03.078 08/26/05 Sev=Warning/3 IKE/0xA3000058 :Received malformed message or negotiation no longer active (message id: :0x00000000)

You likely have a mismatch in your shared keys.