PIX 7.2(2) Remote Access VPN issue

Unanswered Question
Feb 26th, 2007

Hello,

I have been trying to connect a VPN Client for remote access to a PIX515E (using version 7.2(2). I can get to the user authentication window, but after I enter the username and password, I get the status "Not Connected". I tried to run "debug crypto isakmp" but only the following screen output is appearing:

PIX(config)#

Jun 27 17:00:08 [IKEv1]: Group = testgroup, Username = testuser, IP

= 173.5.1.4, Removing peer from peer table failed, no match!

Jun 27 17:00:08 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,

Error: Unable to remove PeerTblEntry

Can anybody help me identify the cause of the problem? Your response will be greatly appreciated.

Lorenz

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Mon, 02/26/2007 - 07:02

You also appear to be missing

access-list outside_cryptomap_dyn_10 extended permit ip any 192.168.1.0 255.255.255.0

crypto dynamic-map pixdyna 10 match address outside_cryptomap_dyn_10

l.tating Tue, 02/27/2007 - 18:33

Hello,

Thank you guys, for the additional input, however, after I applied them, I still cannot get connected. I still keep on getting the same message. Thank you for your further assistance.

Lorenz

Wizzle Wed, 02/28/2007 - 07:17

Hey l.tating , I had the exact same problem with connecting to a pix. Under the aaa-server line I didn't have the correct key. So I would recommend that you check they key to verify. You can use this command also - debug crypto isakmp 7

l.tating Thu, 03/01/2007 - 00:00

Hello Wizzle,

I am not using aaa for authentication. Im just using local database. I still cannot make it work. My debug crypto isakmp 7 has something in it that showed "cannot obtain an IP address for remote peer". Please see debug messages below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 30 15:46:22 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,

Cannot obtain an IP address for remote peer

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, IKE TM V6 FSM error history (struct &0x27a61b8) , : TM_DO

NE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY

, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ,

EV_HASH_OK-->TM_WAIT_REQ, NullEvent

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, IKE AM Responder FSM error history (struct &0x27db608) , :

AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6

H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_M

SG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM

_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, IKE SA AM:f7413097 terminating: flags 0x0945c001, refcnt 0, tuncnt 0

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, sending delete/delete with reason message

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, constructing blank hash payload

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, constructing IKE delete payload

Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.

5.1.4, constructing qm hash payload

Jun 30 15:46:22 [IKEv1]: IP = 173.5.1.4, IKE_DECODE SENDING Message (msgid=8ba4c

5b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80

Jun 30 15:46:22 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,

Removing peer from peer table failed, no match!

Jun 30 15:46:22 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,

Error: Unable to remove PeerTblEntry

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lorenz

at Mon, 03/19/2007 - 16:34

hi,

please can you send me your current configuration from your pix

regards

alex

Actions

This Discussion