02-26-2007 01:29 AM - edited 03-11-2019 02:38 AM
Hello,
I have been trying to connect a VPN Client for remote access to a PIX515E (using version 7.2(2). I can get to the user authentication window, but after I enter the username and password, I get the status "Not Connected". I tried to run "debug crypto isakmp" but only the following screen output is appearing:
PIX(config)#
Jun 27 17:00:08 [IKEv1]: Group = testgroup, Username = testuser, IP
= 173.5.1.4, Removing peer from peer table failed, no match!
Jun 27 17:00:08 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,
Error: Unable to remove PeerTblEntry
Can anybody help me identify the cause of the problem? Your response will be greatly appreciated.
Lorenz
02-26-2007 06:31 AM
hi
i think you should define nonat for the remote access ip-subnet.
1.
access-list Inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
2.
nat (Inside) 0 access-list Inside_nat0_outbound
Look at
hope this helps
regards
alex
02-26-2007 07:02 AM
You also appear to be missing
access-list outside_cryptomap_dyn_10 extended permit ip any 192.168.1.0 255.255.255.0
crypto dynamic-map pixdyna 10 match address outside_cryptomap_dyn_10
02-27-2007 06:33 PM
Hello,
Thank you guys, for the additional input, however, after I applied them, I still cannot get connected. I still keep on getting the same message. Thank you for your further assistance.
Lorenz
02-28-2007 07:17 AM
Hey l.tating , I had the exact same problem with connecting to a pix. Under the aaa-server line I didn't have the correct key. So I would recommend that you check they key to verify. You can use this command also - debug crypto isakmp 7
03-01-2007 12:00 AM
Hello Wizzle,
I am not using aaa for authentication. Im just using local database. I still cannot make it work. My debug crypto isakmp 7 has something in it that showed "cannot obtain an IP address for remote peer". Please see debug messages below:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jun 30 15:46:22 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,
Cannot obtain an IP address for remote peer
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, IKE TM V6 FSM error history (struct &0x27a61b8)
NE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY
, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ,
EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, IKE AM Responder FSM error history (struct &0x27db608)
AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6
H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_M
SG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM
_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, IKE SA AM:f7413097 terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, sending delete/delete with reason message
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, constructing blank hash payload
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, constructing IKE delete payload
Jun 30 15:46:22 [IKEv1 DEBUG]: Group = testgroup, Username = testuser, IP = 173.
5.1.4, constructing qm hash payload
Jun 30 15:46:22 [IKEv1]: IP = 173.5.1.4, IKE_DECODE SENDING Message (msgid=8ba4c
5b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Jun 30 15:46:22 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,
Removing peer from peer table failed, no match!
Jun 30 15:46:22 [IKEv1]: Group = testgroup, Username = testuser, IP = 173.5.1.4,
Error: Unable to remove PeerTblEntry
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lorenz
03-19-2007 04:34 PM
hi,
please can you send me your current configuration from your pix
regards
alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: