Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
4
Replies

VPN concentrator 3000, VPN client v5.0 on Win2k server/adv. server

sudiptapaul
Level 1
Level 1

‎08-26-2007 08:55 PM

Can anyone give some inputs to the below problem ?

VPN client version V5.0.00.0340 with win2000 server

VPN Concentrator Type: 3060

Serial Number:CAM00420043

Bootcode Rev: Altiga Networks/VPN Concentrator Version 1.1.Rel Mar 16 1999 10:04:11

Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003 11:16:43

Up For: 364d 18:43:40

Up Since: 08/24/2006 21:12:18

RAM Size: 256 MB (Memory Status: Green)

Below is the error message when trying to connect the VPN from the Windows 2000 server / advance server. Its working fine from the Windows XP.

Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding.

log from the VPN Client...

22 16:11:14.078 05/15/07 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.

23 16:11:14.093 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to <IP Removed>

24 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

25 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>

26 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

27 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>

28 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

29 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>

30 16:11:34.578 05/15/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

31 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

32 16:11:35.078 05/15/07 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "<Host Removed>" because of "DEL_REASON_PEER_NOT_RESPONDING"

33 16:11:35.078 05/15/07 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

34 16:11:35.078 05/15/07 Sev=Info/4 CM/0x6310002D

Resetting TCP connection on port 10000

35 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100030

Removed local TCP port 3608 for TCP connection.

36 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

37 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

38 16:11:35.093 05/15/07 Sev=Info/6 IPSEC/0x63700023

TCP RST sent to <IP Removed>, src port 3608, dst port 10000

39 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

40 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

41 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

42 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

Is there any compatibility issue with the VPN concentrator 3000 and Cisco VPN clients loaded on win2k server/advance server.

What is the s/w version in Concentrator & vpn client that will work with win 2k server/adv. server.

Labels:
0 Helpful
4 Replies 4

purohit_810
Level 5
Level 5

‎08-28-2007 11:20 AM

Client is not been configured properly:

Instead of your LOGS it should be looks like this way:

SENDING >>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG,

NOTIFY:STATUS_INITIAL_CONTACT) to 172.18.124.135

Look in client configuration.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801c3f28.shtml

Regards,

Dharmesh Purohit

0 Helpful

sudiptapaul
Level 1
Level 1
In response to purohit_810

‎08-30-2007 08:59 PM

yes it might be....but with the same config the VPN client is working fine with XP... Not sure about any particular settings in Win2k Server

0 Helpful

jeremyault
Level 1
Level 1

‎08-28-2007 07:03 PM

I've had issues like this before. It's usually a minor config issue. First, go through all the client settings and make sure they are exactly the same as on the XP machine - particularly the transport settings. If there is a firewall in between, it may be possible that TCP 10000 is not open so set it to whatever it is on the XP box.

Perhaps the Win2K server has a software firewall? If so, disable it for testing purposes.

Still not working? Might need to dig into it at the packet level - WireShark can be your friend - and it's free. Run it on the XP first so you can see what the packet exchange is supposed to look like then on the Win2K server - note the differences.

Let me know what you see and we'll go from there.

0 Helpful

sudiptapaul
Level 1
Level 1
In response to jeremyault

‎08-30-2007 08:54 PM

Thanks a lot for your reply....I will check that and let you know.

Secondly, do you suspect any compatibility issue ?

e.g. vpn client version 5.0 with win2k Server

or

s/w version of vpn concentrator

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents