08-26-2007 08:55 PM
Can anyone give some inputs to the below problem ?
VPN client version V5.0.00.0340 with win2000 server
VPN Concentrator Type: 3060
Serial Number:CAM00420043
Bootcode Rev: Altiga Networks/VPN Concentrator Version 1.1.Rel Mar 16 1999 10:04:11
Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003 11:16:43
Up For: 364d 18:43:40
Up Since: 08/24/2006 21:12:18
RAM Size: 256 MB (Memory Status: Green)
Below is the error message when trying to connect the VPN from the Windows 2000 server / advance server. Its working fine from the Windows XP.
Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding.
log from the VPN Client...
22 16:11:14.078 05/15/07 Sev=Info/6 CERT/0x63600026
Found a Certificate using Serial Hash.
23 16:11:14.093 05/15/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to <IP Removed>
24 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
25 16:11:19.578 05/15/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>
26 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
27 16:11:24.578 05/15/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>
28 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
29 16:11:29.578 05/15/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (Retransmission) to <IP Removed>
30 16:11:34.578 05/15/07 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
31 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=56FB3AA55C302105 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
32 16:11:35.078 05/15/07 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "<Host Removed>" because of "DEL_REASON_PEER_NOT_RESPONDING"
33 16:11:35.078 05/15/07 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
34 16:11:35.078 05/15/07 Sev=Info/4 CM/0x6310002D
Resetting TCP connection on port 10000
35 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100030
Removed local TCP port 3608 for TCP connection.
36 16:11:35.078 05/15/07 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
37 16:11:35.078 05/15/07 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
38 16:11:35.093 05/15/07 Sev=Info/6 IPSEC/0x63700023
TCP RST sent to <IP Removed>, src port 3608, dst port 10000
39 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
40 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
41 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
42 16:11:35.093 05/15/07 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Is there any compatibility issue with the VPN concentrator 3000 and Cisco VPN clients loaded on win2k server/advance server.
What is the s/w version in Concentrator & vpn client that will work with win 2k server/adv. server.
08-28-2007 11:20 AM
Client is not been configured properly:
Instead of your LOGS it should be looks like this way:
SENDING >>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG,
NOTIFY:STATUS_INITIAL_CONTACT) to 172.18.124.135
Look in client configuration.
Regards,
Dharmesh Purohit
08-30-2007 08:59 PM
yes it might be....but with the same config the VPN client is working fine with XP... Not sure about any particular settings in Win2k Server
08-28-2007 07:03 PM
I've had issues like this before. It's usually a minor config issue. First, go through all the client settings and make sure they are exactly the same as on the XP machine - particularly the transport settings. If there is a firewall in between, it may be possible that TCP 10000 is not open so set it to whatever it is on the XP box.
Perhaps the Win2K server has a software firewall? If so, disable it for testing purposes.
Still not working? Might need to dig into it at the packet level - WireShark can be your friend - and it's free. Run it on the XP first so you can see what the packet exchange is supposed to look like then on the Win2K server - note the differences.
Let me know what you see and we'll go from there.
08-30-2007 08:54 PM
Thanks a lot for your reply....I will check that and let you know.
Secondly, do you suspect any compatibility issue ?
e.g. vpn client version 5.0 with win2k Server
or
s/w version of vpn concentrator
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: