05-07-2007 06:07 AM
Im having a problem with my vpn connection. My network consists of VPNClient-- ROUTER--PIX--WEBSERVER. From the pix I can ping to the VPN client and thethe webserver. However, I tried to connect using VPN client (v4.8) i got this error message:
========================================
10 15:55:47.750 05/07/07 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
11 15:55:52.750 05/07/07 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
12 15:55:52.750 05/07/07 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
========================================
Here is my config on the PIX, any ideas please?
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
!
access-list ACLIN extended permit tcp 11.0.1.0 255.255.255.0 host 10.0.1.10 eq www
access-list 101 extended permit ip 10.0.1.0 255.255.255.0 11.0.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool MYPOOL 11.0.1.1-11.0.1.254
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list 101
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username sales password 9rmzFe5tYq5ocahT encrypted privilege 3
username admin password TOyVyM6G6TXcuQ5w encrypted privilege 15
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set RAVPN esp-des esp-md5-hmac
crypto dynamic-map DYNOMAP 10 set transform-set RAVPN
crypto map VPNPEER 20 ipsec-isakmp dynamic DYNOMAP
crypto map VPNPEER interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
tunnel-group training type ipsec-ra
tunnel-group training general-attributes
address-pool MYPOOL
tunnel-group training ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
05-09-2007 07:41 AM
Cisco experts, could some one help me out please... Ive been trying for days but getting the same error message. I'm running out of resources, ideas and hair.
What is wrong with my configuration? HELP ME PLEASE. Ive been waiting for for a few days for a response.
Thank you very much for your time.
Tony
05-09-2007 07:46 AM
Does DES works on VPN client? Do I need a TACACS server in order to run VPN client? I believed it is possible to create the users locally.
Cisco experts, I need you to rescue me...
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide