Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Reason 412: The remote peer is no longer responding.

Reply
Thread Tools

Reason 412: The remote peer is no longer responding.

 
 
James
Guest
Posts: n/a
 
      02-14-2006
lost the last response!

I can only see the 857 log, I have no text equivalent to copy and
paste. It only has 5 info records the last being:

Processing of Quick mode failed with peer at "my pc's ip"

But here is the log of the client with IKE set to medium. I changed
the group key on both.
Cisco Systems VPN Client Version 4.6.00.0045
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1 16:12:21.348 02/14/06 Sev=Warning/3 GUI/0xE3B00003
GI EnumPPP callback timed out.

Cisco Systems VPN Client Version 4.6.00.0045
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
Config file directory: C:\Program Files\Cisco Systems\VPN Client

1 16:14:50.652 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd),
VID(Nat-T), VID(Frag), VID(Unity)) to 80.177.223.54

2 16:14:50.732 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?),
VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from
80.177.223.54

3 16:14:50.742 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D,
NAT-D, VID(?), VID(Unity)) to 80.177.223.54

4 16:14:50.742 02/14/06 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4

5 16:14:50.752 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from
80.177.223.54

6 16:14:50.752 02/14/06 Sev=Warning/2 IKE/0xA3000062
Attempted incoming connection from 80.177.223.54. Inbound connections
are not allowed.

7 16:14:50.762 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.177.223.54

8 16:14:55.750 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from 80.177.223.54

9 16:14:57.172 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.177.223.54

10 16:14:57.182 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.177.223.54

11 16:14:57.192 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.177.223.54

12 16:14:57.212 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 80.177.223.54

13 16:14:57.222 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 80.177.223.54

14 16:14:57.532 02/14/06 Sev=Info/4 IKE/0x63000055
Received a key request from Driver: Local IP = 192.168.36.55, GW IP =
80.177.223.54, Remote IP = 0.0.0.0

15 16:14:57.532 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 80.177.223.54

16 16:14:57.542 02/14/06 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from
80.177.223.54

17 16:14:57.552 02/14/06 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 80.177.223.54

18 16:14:57.552 02/14/06 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=CABD5A7C

19 16:14:57.552 02/14/06 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=5ED0E3343207D013
R_Cookie=E82601E7412816C6) reason = DEL_REASON_IKE_NEG_FAILED

20 16:15:00.957 02/14/06 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=5ED0E3343207D013
R_Cookie=E82601E7412816C6) reason = DEL_REASON_IKE_NEG_FAILED

21 16:15:01.037 02/14/06 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      02-14-2006

Try deleting crypto policy 1 and changing the hash on policy 2 from MD5
to sha so that it matches with the transform set.

Do this with the command line interface from the console not any Cisco
GUI.

 
Reply With Quote
 
 
 
 
James
Guest
Posts: n/a
 
      02-14-2006
How? I'm not familiar with any CLI and don't know the commands! Sorry.
If you could point to the prog that would be great.

To save time I did use the GUI and it seems that DES3 will work because
if using DES I get Peer not reponding - don't even get log on option.
Changing 2 to sha and DES3 has not changed the error which I think is
related to one of the log entries:

NOTIFY:NO_PROPOSAL_CHOSEN

whatever that means! Thanks for perservering.

 
Reply With Quote
 
James
Guest
Posts: n/a
 
      02-14-2006
Going home to try connecting from there, just in case. What is trying
to take place that fails? It seems that we have established the
security policy as we then move on to establishing the "Securing
communications channel" bit - or is this like coding where to fix an
error it can often be in the line above?!

Will let you know how I get on tonight... thanks again.

 
Reply With Quote
 
James
Guest
Posts: n/a
 
      02-15-2006
When connecting from home I don't even get offered to enter my username
& pwd...

 
Reply With Quote
 
mirzonisa mirzonisa is offline
Junior Member
Join Date: Nov 2006
Posts: 1
 
      11-18-2006
OK guys, in my situation I found a solution. Let me start with my configuration: Cisco VPN Client on Windows XP SP1 machine...Next, my LAN is connected to Internet through ISA 2000 SP2 FP1, and it is connected directly to PIX501, with static ( public ) IP...Obviously, I nave a NAT/PAT on my PIX, and a static IP on outside interface of ISA...SO MANY POSSIBLE PROBLEMS,HUH?! After many unsuccessful combinations, the only thing I should worry about was actually allowing specific protocol definitions in ISA protocols, namely UDP 500 SendReceive, and UDP 4500 SendReceive!!! After that, everything worked perfect!!! Don’t let me bother you with other configuration of my ISA server and PIX firewall, but feel free to contact me, if you need any of these…Good Luck guys, I hope this will help you enough…
 
Reply With Quote
 
Sen Fo Sen Fo is offline
Junior Member
Join Date: Dec 2007
Posts: 1
 
      12-17-2007
Hi

My reply is a bit late I know, but having encountered a simmilar problem and trying to find a sollution I came across this thread eventually. So while my reply is irrelevant for the original posrter (I should think) hopefully for someone else it could be helpfull

The issue is that

Apparently Cisco VPN clients from version 3.7 and up do not like SHA.

So if one makes sure that the VPN gateway is configured with MD5 instead of SHA - it should help in the cases when the connection breakes because of

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

It is worth while playing with DES - 3DES as well, but SHA should be changed to MD5
 
Reply With Quote
 
mikeshtown mikeshtown is offline
Junior Member
Join Date: Jul 2007
Posts: 2
 
      03-30-2010
Problem: an existing FiOS installation using coax (coaxial cable) works flawlessly with Cisco VPN for two years. Then, all of a sudden, the VPN client can no longer connect. The exact error message from the Notifications tab of the VPN control panel: "Reason 412: the remote peer is no longer responding".

Router: Actiontec M1424-WR rev. C running firmware 4.0.16.1.56.0.10.11.6

Solution: re-provision FiOS service to Ethernet from coax, powercycle Actiontec.

Proof that it's a FiOS/Actiontec problem:

1) Restore Actiontec router to factory default (hard reset).
2) Connect to Internet w/o VPN. Success.
3) Connect via VPN using Actiontec provisioned for coax. Fails.
4) Technician installs Ethernet and I powercycle router. No other changes made -- didn't even re-start VPN client.
5) I click Connect button on VPN client and the VPN client connects flawlessly.

While I did not account for all variables like cosmic rays, a Verizon network specialist playing a prank on me or an intermittent hardware problem that randomly occurs (and doesn't occur) at all the right times, I'm going to posit that either FiOS Ethernet and coax behave differently, or the Actiontec behaves differently.

My (excellent) technician was equally convinced, and called his office -- no charge for the installation!

My Verizon tech support contacts (four people) ranged from friendly but unhelpful to unfriendly and unhelpful.
 
Reply With Quote
 
blanken79 blanken79 is offline
Junior Member
Join Date: Apr 2010
Location: Greenville,SC
Posts: 8
 
      04-16-2010
Not sure if this will help.

But your config you posted doesn't have the crypto map applied to the WAN (dialer0) interface. So, any connection attempts from the outside will fail.

The IP on the dialer interface is 80.177.223.54 and the error message stated:
inbound connections not allowed.

Just a thought,
Correct me if I'm wrong.
 
Reply With Quote
 
sebasparanoid sebasparanoid is offline
Junior Member
Join Date: Mar 2011
Posts: 1
 
      03-02-2011
Add the UseLegacyIKEPort=1 option in the .pcf file.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote peer no longer responding -- please help soup_or_power@yahoo.com Cisco 5 12-16-2006 11:48 PM
The remote peer is no longer responding soup_or_power@yahoo.com Cisco 4 10-24-2006 01:48 PM
The remote peer is no longer responding. James Cisco 3 10-03-2006 09:40 AM
peer to peer linking and sharing =?Utf-8?B?QmlsbEM=?= Wireless Networking 2 08-23-2004 08:23 PM
Need help with peer to peer no hub network Doug A Moller Wireless Networking 3 06-24-2004 01:48 AM



Advertisments