Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Issue with cisco vpn client in accessing remote vpn access

Reply
Thread Tools

Issue with cisco vpn client in accessing remote vpn access

 
 
rudresh02 rudresh02 is offline
Junior Member
Join Date: Feb 2008
Posts: 3
 
      02-18-2009
Hi,
I am facing a typical problem. I have configured remote access on cisco 3020 vpn concentrator. The same is tested by having the system connected in public network. This is tested in 3 locations from my branch office without any issues. But when users try to connect from their home but it is not getting connected. It just says contacting the security gateway and keeps on trying. I too tried from my office PC, the issue is same and I am not able to connect. My PC is in lan and I have to go through NAT for contacting the vpn server. I have attached the logs from the vpn client generated.

Cisco Systems VPN Client Version 5.0.01.0600
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
Config file directory: C:\Program Files\Cisco Systems\VPN Client\

1 10:49:49.024 02/18/09 Sev=Info/6 GUI/0x63B00011

Reloaded the Certificates in all Certificate Stores successfully.



2 10:50:02.273 02/18/09 Sev=Info/4 CM/0x63100002

Begin connection process



3 10:50:02.336 02/18/09 Sev=Info/4 CM/0x63100004

Establish secure connection



4 10:50:02.336 02/18/09 Sev=Info/4 CM/0x63100024

Attempt connection with server "59.165.249.162"



5 10:50:02.336 02/18/09 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with 59.165.249.162.



6 10:50:02.492 02/18/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 59.165.249.162



7 10:50:02.586 02/18/09 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started



8 10:50:02.586 02/18/09 Sev=Info/4 IPSEC/0x63700014

Deleted all keys



9 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 59.165.249.162



10 10:50:02.758 02/18/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?), VID(?)) from 59.165.249.162



11 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer



12 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH



13 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

Peer supports DPD



14 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

Peer supports NAT-T



15 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

Peer supports IKE fragmentation payloads



16 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

Peer supports DWR Code and DWR Text



17 10:50:02.773 02/18/09 Sev=Info/6 IKE/0x63000001

IOS Vendor ID Contruction successful



18 10:50:02.773 02/18/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 59.165.249.162



19 10:50:02.773 02/18/09 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA



20 10:50:02.773 02/18/09 Sev=Info/4 IKE/0x63000083

IKE Port in use - Local Port = 0x0468, Remote Port = 0x1194



21 10:50:02.773 02/18/09 Sev=Info/5 IKE/0x63000072

Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device



22 10:50:02.773 02/18/09 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system



23 10:50:10.695 02/18/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 59.165.249.162



24 10:50:10.695 02/18/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (Retransmission) from 59.165.249.162



25 10:50:10.695 02/18/09 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!



26 10:50:10.695 02/18/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(Retransmission) to 59.165.249.162



27 10:50:13.085 02/18/09 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA



28 10:50:18.695 02/18/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 59.165.249.162



29 10:50:18.695 02/18/09 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (Retransmission) from 59.165.249.162



30 10:50:18.695 02/18/09 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!



31 10:50:18.695 02/18/09 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(Retransmission) to 59.165.249.162



32 10:50:23.085 02/18/09 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA



33 10:50:26.695 02/18/09 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 59.165.249.162

Can any one help in resolving this issue.

Thanks in Advance
Rudresh
 
Reply With Quote
 
 
 
 
rudresh02 rudresh02 is offline
Junior Member
Join Date: Feb 2008
Posts: 3
 
      02-24-2009
Hi,
The problem is resolved. The issue is when, a natted devices try to contact the vpn gateway, it will not launch the xauth prompt. After much trouble shooting, we found that, we need to disable the Nat-T option .

Regards,
Rudresh
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to access the PDM of a Cisco pix over a Remote Access VPN withCisco VPN Client BF Cisco 2 09-07-2008 03:00 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Cisco 506e - remote-access vpn, split tunnel, client has no internet access. Rohan Cisco 1 11-29-2006 12:37 AM
Remote access fun with Cisco 837 and locally auth'd Cisco VPN client Christian Hewitt Cisco 0 04-24-2005 09:48 AM



Advertisments