cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
749
Views
0
Helpful
5
Replies

VPN with Windows XP and PIX 515e / Cisco VPN Client 3.5

mattholemew
Level 1
Level 1

Hello,

I have a Cisco PIX 515e firewall with the 6.2 version of the software, and I have a working VPN solution using Windows 2000 and The Cisco VPN client 3.5

I have been trying without success to get VPN to work with Windows XP. I've tried using the builtin VPN functionality, installing the Client, disabling ICS then installing the client, and it never seems to connect properly.

Does anyone know if connecting to this firewall via Windows XP is even possible?

Thanks,

-Matt

5 Replies 5

VictorAKur
Level 1
Level 1

Hi Matt

it is possible.

If you have a cisco client installed on your XP machine now could you try to connect and then post the log from the client please?

I switched to a later version of the client, and I'm still having similar problems... Here's the log: (ip address replaced with x.x.x.x)

Cisco Systems VPN Client Version 4.8.02.0010

Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

27 08:14:10.366 01/08/08 Sev=Info/4 CM/0x63100002

Begin connection process

28 08:14:10.382 01/08/08 Sev=Info/4 CM/0x63100004

Establish secure connection

29 08:14:10.382 01/08/08 Sev=Info/4 CM/0x63100024

Attempt connection with server "x.x.x.x"

30 08:14:10.382 01/08/08 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x.x.x.

31 08:14:10.382 01/08/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

32 08:14:10.382 01/08/08 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

33 08:14:10.382 01/08/08 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

34 08:14:15.397 01/08/08 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

35 08:14:15.397 01/08/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x

36 08:14:20.397 01/08/08 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

37 08:14:20.397 01/08/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x

38 08:14:25.397 01/08/08 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

39 08:14:25.397 01/08/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x

40 08:14:30.896 01/08/08 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=89065E1D9081EF27 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

41 08:14:31.396 01/08/08 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=89065E1D9081EF27 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

42 08:14:31.396 01/08/08 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "209.240.170.2" because of "DEL_REASON_PEER_NOT_RESPONDING"

43 08:14:31.396 01/08/08 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

44 08:14:31.443 01/08/08 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

45 08:14:31.443 01/08/08 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

46 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

47 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

48 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

49 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

The logs basically says that the VPN Client is not getting a response from the server.

What kind of connection do you have to the internet. If you are behind a firewall, can you try using a dial up connection and see if the VPN Client works. What about the logs from the VPN Server, do you see your connection initiation hitting the VPN Server.

Regards,

Arul

I am on a high-speed DSL connection and behind an old consumer-grade LinkSys Router/Firewall. VPN has worked to the same Pix515e through this same Linksys router before with no changes, except when I installed Windows XP, it won't connect.

How would I see the logs from the VPN server to see if my other IP is attempting a connection?

Thanks!

You could run debugs on the Pix 515e. That is "deb cry is" and " deb cry ipsec".

Regards,

Arul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: