VPN concentrator 3000, VPN client v5.0 on Win2k server/adv. server

Unanswered Question
Aug 26th, 2007

Can anyone give some inputs to the below problem ?

VPN client version V5.0.00.0340 with win2000 server

VPN Concentrator Type: 3060

Serial Number:CAM00420043

Bootcode Rev: Altiga Networks/VPN Concentrator Version 1.1.Rel Mar 16 1999 10:04:11

Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003 11:16:43

Up For: 364d 18:43:40

Up Since: 08/24/2006 21:12:18

RAM Size: 256 MB (Memory Status: Green)

Below is the error message when trying to connect the VPN from the Windows 2000 server / advance server. Its working fine from the Windows XP.

Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding.

log from the VPN Client...

22 16:11:14.078 05/15/07 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.

23 16:11:14.093 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to <IP Removed>

24 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

25 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>

26 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

27 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>

28 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

29 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>

30 16:11:34.578 05/15/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

31 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

32 16:11:35.078 05/15/07 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "<Host Removed>" because of "DEL_REASON_PEER_NOT_RESPONDING"

33 16:11:35.078 05/15/07 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

34 16:11:35.078 05/15/07 Sev=Info/4 CM/0x6310002D

Resetting TCP connection on port 10000

35 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100030

Removed local TCP port 3608 for TCP connection.

36 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

37 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

38 16:11:35.093 05/15/07 Sev=Info/6 IPSEC/0x63700023

TCP RST sent to <IP Removed>, src port 3608, dst port 10000

39 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

40 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

41 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

42 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

Is there any compatibility issue with the VPN concentrator 3000 and Cisco VPN clients loaded on win2k server/advance server.

What is the s/w version in Concentrator & vpn client that will work with win 2k server/adv. server.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sudiptapaul Thu, 08/30/2007 - 20:59

yes it might be....but with the same config the VPN client is working fine with XP... Not sure about any particular settings in Win2k Server

jeremyault Tue, 08/28/2007 - 19:03

I've had issues like this before. It's usually a minor config issue. First, go through all the client settings and make sure they are exactly the same as on the XP machine - particularly the transport settings. If there is a firewall in between, it may be possible that TCP 10000 is not open so set it to whatever it is on the XP box.

Perhaps the Win2K server has a software firewall? If so, disable it for testing purposes.

Still not working? Might need to dig into it at the packet level - WireShark can be your friend - and it's free. Run it on the XP first so you can see what the packet exchange is supposed to look like then on the Win2K server - note the differences.

Let me know what you see and we'll go from there.

sudiptapaul Thu, 08/30/2007 - 20:54

Thanks a lot for your reply....I will check that and let you know.

Secondly, do you suspect any compatibility issue ?

e.g. vpn client version 5.0 with win2k Server

or

s/w version of vpn concentrator

Actions

This Discussion