1. Home
  2. Cisco Systems
  3. VPN Client 4.01 into PIX 501

VPN Client 4.01 into PIX 501

During the day I work here at an architectural firm in McLean, VA as the IT manager. The principals and associates use the Cisco VPN client

4.01 to VPN into the network and all of them can connect without problems. We have a Windows Small Business Server 2003 domain behind a PIX 501 connected to a Cox cable business class internet connection and a static IP from Cox. The PIX is acting as our DHCP server. The previous IT guy set it up that way. I would rather have the SBS 2003 server acting as the DHCP server, since it is already the domain controller, but that is one of those "if it ain't broke don't fix it things" that I haven't gotten around to. We are using the 192.168.1.0 scope internally. At home I have a Windows Small Business Server 2003 domain for my home network. I also have a Cox cable business class internet connection on a static IP with a Juniper Networks Netscreen 5GT firewall. In my network the SBS 2003 DC is the DHCP server and I am using the 192.168.16.0 scope. I have loaded the same Cisco 4.01 VPN client on my personal laptop at home running Win XP Pro SP2 using the same media and settings that I use at work to load it on the principals laptops. When I try to connect I get the "Secure VPN connection terminated locally by client, remote peer is no longer responding" error. I have included the log file from the client. I have made an exception in the Windows Firewall on my laptop for the Cisco VPN client. The funny thing is my wife works for the local school system and they gave her a Cisco VPN client 4.01 CD to load on her personal laptop at home and she can connect with their system just fine going out through a Linksys wireless router doing NAT that connects to a switch on my network and then my Netscreen firewall to get to the internet. Her laptop is not part of my domain. I segregate her and the kids from my domain by having them connect through the Linksys wireless router. They are in a workgroup. So I don't think it is my firewall. I checked the connection settings in her Cisco VPN client and they look pretty much identical to the way I set up our VPN client to connect through our PIX 501.

Log file Cisco Systems VPN Client Version 4.0.1 (Rel) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Windows, WinNT Running on: 5.1.2600

1 07:37:07.977 02/21/07 Sev=Info/4 PPP/0x63200015 Establish connection with client application

2 07:37:07.997 02/21/07 Sev=Info/4 PPP/0x6320001C Processing enumerate phone book entries command

3 07:37:08.018 02/21/07 Sev=Info/4 PPP/0x6320000D Retrieved 0 dial entries

4 07:37:08.018 02/21/07 Sev=Info/4 PPP/0x6320000F No entry in the phone book

5 07:37:08.018 02/21/07 Sev=Info/4 PPP/0x63200017 Terminate connection with client application

6 07:37:45.541 02/21/07 Sev=Info/4 CM/0x63100002 Begin connection process

7 07:37:45.551 02/21/07 Sev=Info/4 CVPND/0xE3400001 Microsoft IPSec Policy Agent service stopped successfully

8 07:37:45.551 02/21/07 Sev=Info/4 CM/0x63100004 Establish secure connection using Ethernet

9 07:37:45.551 02/21/07 Sev=Info/4 CM/0x63100024 Attempt connection with server "68.106.146.236"

10 07:37:46.553 02/21/07 Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with 68.106.146.236.

11 07:37:46.553 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 68.106.146.236

12 07:37:46.563 02/21/07 Sev=Info/4 IPSEC/0x63700008 IPSec driver successfully started

13 07:37:46.563 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys

14 07:37:51.690 02/21/07 Sev=Info/4 IKE/0x63000021 Retransmitting last packet!

15 07:37:51.690 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 68.106.146.236

16 07:37:56.697 02/21/07 Sev=Info/4 IKE/0x63000021 Retransmitting last packet!

17 07:37:56.697 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 68.106.146.236

18 07:38:01.704 02/21/07 Sev=Info/4 IKE/0x63000021 Retransmitting last packet!

19 07:38:01.704 02/21/07 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 68.106.146.236

20 07:38:06.711 02/21/07 Sev=Info/4 IKE/0x63000017 Marking IKE SA for deletion (I_Cookie=744B64E56A27E1C7 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

21 07:38:07.212 02/21/07 Sev=Info/4 IKE/0x6300004A Discarding IKE SA negotiation (I_Cookie=744B64E56A27E1C7 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

22 07:38:07.212 02/21/07 Sev=Info/4 CM/0x63100014 Unable to establish Phase 1 SA with server "68.106.146.236" because of "DEL_REASON_PEER_NOT_RESPONDING"

23 07:38:07.212 02/21/07 Sev=Info/5 CM/0x63100025 Initializing CVPNDrv

24 07:38:07.212 02/21/07 Sev=Info/4 IKE/0x63000001 IKE received signal to terminate VPN connection

25 07:38:07.212 02/21/07 Sev=Info/4 IKE/0x63000085 Microsoft IPSec Policy Agent service started successfully

26 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys

27 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys

28 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x63700014 Deleted all keys

29 07:38:07.713 02/21/07 Sev=Info/4 IPSEC/0x6370000A IPSec driver successfully stopped

Thanks to anyone that can help Daryl Stockton

Reply to
dragunovguy
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.