VPN concentrator 3000, VPN client v5.0 on Win2k server/adv. server

Unanswered Question
Aug 26th, 2007
User Badges:

Can anyone give some inputs to the below problem ?


VPN client version V5.0.00.0340 with win2000 server



VPN Concentrator Type: 3060

Serial Number:CAM00420043

Bootcode Rev: Altiga Networks/VPN Concentrator Version 1.1.Rel Mar 16 1999 10:04:11

Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003 11:16:43

Up For: 364d 18:43:40

Up Since: 08/24/2006 21:12:18

RAM Size: 256 MB (Memory Status: Green)



Below is the error message when trying to connect the VPN from the Windows 2000 server / advance server. Its working fine from the Windows XP.

Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding.



log from the VPN Client...



22 16:11:14.078 05/15/07 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.


23 16:11:14.093 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to <IP Removed>


24 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!


25 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>


26 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!


27 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>


28 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!


29 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>


30 16:11:34.578 05/15/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING


31 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING


32 16:11:35.078 05/15/07 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "<Host Removed>" because of "DEL_REASON_PEER_NOT_RESPONDING"


33 16:11:35.078 05/15/07 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv


34 16:11:35.078 05/15/07 Sev=Info/4 CM/0x6310002D

Resetting TCP connection on port 10000


35 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100030

Removed local TCP port 3608 for TCP connection.


36 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.


37 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection


38 16:11:35.093 05/15/07 Sev=Info/6 IPSEC/0x63700023

TCP RST sent to <IP Removed>, src port 3608, dst port 10000


39 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


40 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


41 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


42 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped



Is there any compatibility issue with the VPN concentrator 3000 and Cisco VPN clients loaded on win2k server/advance server.

What is the s/w version in Concentrator & vpn client that will work with win 2k server/adv. server.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
purohit_810 Tue, 08/28/2007 - 11:20
User Badges:
  • Silver, 250 points or more

Client is not been configured properly:


Instead of your LOGS it should be looks like this way:


SENDING >>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG,

NOTIFY:STATUS_INITIAL_CONTACT) to 172.18.124.135


Look in client configuration.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801c3f28.shtml


Regards,

Dharmesh Purohit



sudiptapaul Thu, 08/30/2007 - 20:59
User Badges:

yes it might be....but with the same config the VPN client is working fine with XP... Not sure about any particular settings in Win2k Server

jeremyault Tue, 08/28/2007 - 19:03
User Badges:

I've had issues like this before. It's usually a minor config issue. First, go through all the client settings and make sure they are exactly the same as on the XP machine - particularly the transport settings. If there is a firewall in between, it may be possible that TCP 10000 is not open so set it to whatever it is on the XP box.


Perhaps the Win2K server has a software firewall? If so, disable it for testing purposes.


Still not working? Might need to dig into it at the packet level - WireShark can be your friend - and it's free. Run it on the XP first so you can see what the packet exchange is supposed to look like then on the Win2K server - note the differences.


Let me know what you see and we'll go from there.

sudiptapaul Thu, 08/30/2007 - 20:54
User Badges:

Thanks a lot for your reply....I will check that and let you know.


Secondly, do you suspect any compatibility issue ?

e.g. vpn client version 5.0 with win2k Server

or

s/w version of vpn concentrator


Actions

This Discussion