Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
1
Replies

Newer VPN clients cannot terminate to ASA

jake.kappus
Level 1
Level 1

‎06-15-2007 05:38 PM - edited ‎03-11-2019 03:31 AM

I have a customer where after the 4.8.02 VPN client came out, it stopped connecting to their Pix 501 running 6.3(5). The local VPN logs show dropped UDP packets. A debug crypto isakmp doesn't even report an attempt to perform a phase 1 key exchange. Not even a connection. This happens on both XP and Vista.

Once we downgrade to 4.8.01.0300 then we can make a perfect connection to the Pix. Thinking it was a hardware issue (and they wanted the Anti-X capability anyway), I installed an ASA 5510 running 7.2(2), and low and behold, the same issue.

Note, there is an Adtran 3200 series router in front of the ASA. It is running the firewall feature set, but we've opened it wide open and we still have the problem.

A quick check of the documentation and bug check finds nothing that relates to this issue. I plan to open a TAC case next week on this, but I'm hoping someone here may have seen or heard of this before.

We're all stumped on this one...

Thanks in advance...

Jake

Labels:
Preview file
12 KB
0 Helpful
1 Reply 1

khary
Level 1
Level 1

‎06-15-2007 08:36 PM

On the client, did you verify that transport is IPSec only. Nothing should be checked under tunnel transport in the modification menu.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card