Newer VPN clients cannot terminate to ASA

Unanswered Question
Jun 15th, 2007
User Badges:

I have a customer where after the 4.8.02 VPN client came out, it stopped connecting to their Pix 501 running 6.3(5). The local VPN logs show dropped UDP packets. A debug crypto isakmp doesn't even report an attempt to perform a phase 1 key exchange. Not even a connection. This happens on both XP and Vista.


Once we downgrade to 4.8.01.0300 then we can make a perfect connection to the Pix. Thinking it was a hardware issue (and they wanted the Anti-X capability anyway), I installed an ASA 5510 running 7.2(2), and low and behold, the same issue.


Note, there is an Adtran 3200 series router in front of the ASA. It is running the firewall feature set, but we've opened it wide open and we still have the problem.


A quick check of the documentation and bug check finds nothing that relates to this issue. I plan to open a TAC case next week on this, but I'm hoping someone here may have seen or heard of this before.


We're all stumped on this one...


Thanks in advance...


Jake



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
khary Fri, 06/15/2007 - 20:36
User Badges:

On the client, did you verify that transport is IPSec only. Nothing should be checked under tunnel transport in the modification menu.

Actions

This Discussion