Issue with cisco vpn client in accessing remote vpn access

Discussion in 'Cisco' started by rudresh02, Feb 18, 2009.

  1. rudresh02

    rudresh02

    Joined:
    Feb 27, 2008
    Messages:
    3
    Hi,
    I am facing a typical problem. I have configured remote access on cisco 3020 vpn concentrator. The same is tested by having the system connected in public network. This is tested in 3 locations from my branch office without any issues. But when users try to connect from their home but it is not getting connected. It just says contacting the security gateway and keeps on trying. I too tried from my office PC, the issue is same and I am not able to connect. My PC is in lan and I have to go through NAT for contacting the vpn server. I have attached the logs from the vpn client generated.

    Cisco Systems VPN Client Version 5.0.01.0600
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Windows, WinNT
    Running on: 5.1.2600 Service Pack 2
    Config file directory: C:\Program Files\Cisco Systems\VPN Client\

    1 10:49:49.024 02/18/09 Sev=Info/6 GUI/0x63B00011

    Reloaded the Certificates in all Certificate Stores successfully.



    2 10:50:02.273 02/18/09 Sev=Info/4 CM/0x63100002

    Begin connection process



    3 10:50:02.336 02/18/09 Sev=Info/4 CM/0x63100004

    Establish secure connection



    4 10:50:02.336 02/18/09 Sev=Info/4 CM/0x63100024

    Attempt connection with server "59.165.249.162"



    5 10:50:02.336 02/18/09 Sev=Info/6 IKE/0x6300003B

    Attempting to establish a connection with 59.165.249.162.



    6 10:50:02.492 02/18/09 Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 59.165.249.162



    7 10:50:02.586 02/18/09 Sev=Info/4 IPSEC/0x63700008

    IPSec driver successfully started



    8 10:50:02.586 02/18/09 Sev=Info/4 IPSEC/0x63700014

    Deleted all keys



    9 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = 59.165.249.162



    10 10:50:02.758 02/18/09 Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?), VID(?)) from 59.165.249.162



    11 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

    Peer is a Cisco-Unity compliant peer



    12 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

    Peer supports XAUTH



    13 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

    Peer supports DPD



    14 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

    Peer supports NAT-T



    15 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

    Peer supports IKE fragmentation payloads



    16 10:50:02.758 02/18/09 Sev=Info/5 IKE/0x63000001

    Peer supports DWR Code and DWR Text



    17 10:50:02.773 02/18/09 Sev=Info/6 IKE/0x63000001

    IOS Vendor ID Contruction successful



    18 10:50:02.773 02/18/09 Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 59.165.249.162



    19 10:50:02.773 02/18/09 Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA



    20 10:50:02.773 02/18/09 Sev=Info/4 IKE/0x63000083

    IKE Port in use - Local Port = 0x0468, Remote Port = 0x1194



    21 10:50:02.773 02/18/09 Sev=Info/5 IKE/0x63000072

    Automatic NAT Detection Status:
    Remote end is NOT behind a NAT device
    This end IS behind a NAT device



    22 10:50:02.773 02/18/09 Sev=Info/4 CM/0x6310000E

    Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system



    23 10:50:10.695 02/18/09 Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = 59.165.249.162



    24 10:50:10.695 02/18/09 Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (Retransmission) from 59.165.249.162



    25 10:50:10.695 02/18/09 Sev=Info/4 IKE/0x63000021

    Retransmitting last packet!



    26 10:50:10.695 02/18/09 Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(Retransmission) to 59.165.249.162



    27 10:50:13.085 02/18/09 Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA



    28 10:50:18.695 02/18/09 Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = 59.165.249.162



    29 10:50:18.695 02/18/09 Sev=Info/4 IKE/0x63000014

    RECEIVING <<< ISAKMP OAK AG (Retransmission) from 59.165.249.162



    30 10:50:18.695 02/18/09 Sev=Info/4 IKE/0x63000021

    Retransmitting last packet!



    31 10:50:18.695 02/18/09 Sev=Info/4 IKE/0x63000013

    SENDING >>> ISAKMP OAK AG *(Retransmission) to 59.165.249.162



    32 10:50:23.085 02/18/09 Sev=Info/6 IKE/0x63000055

    Sent a keepalive on the IPSec SA



    33 10:50:26.695 02/18/09 Sev=Info/5 IKE/0x6300002F

    Received ISAKMP packet: peer = 59.165.249.162

    Can any one help in resolving this issue.

    Thanks in Advance
    Rudresh
     
    rudresh02, Feb 18, 2009
    #1
    1. Advertising

  2. rudresh02

    rudresh02

    Joined:
    Feb 27, 2008
    Messages:
    3
    Hi,
    The problem is resolved. The issue is when, a natted devices try to contact the vpn gateway, it will not launch the xauth prompt. After much trouble shooting, we found that, we need to disable the Nat-T option .

    Regards,
    Rudresh
     
    rudresh02, Feb 24, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christian Hewitt
    Replies:
    0
    Views:
    2,991
    Christian Hewitt
    Apr 24, 2005
  2. Rohan
    Replies:
    1
    Views:
    1,415
    tweety
    Nov 29, 2006
  3. pasatealinux
    Replies:
    1
    Views:
    2,079
    pasatealinux
    Dec 17, 2007
  4. BF
    Replies:
    2
    Views:
    779
  5. mgummert
    Replies:
    2
    Views:
    1,076
    Uli Link
    Apr 1, 2009
Loading...

Share This Page