01-02-2008 04:38 AM - edited 02-21-2020 01:50 AM
Hello,
I have a Cisco PIX 515e firewall with the 6.2 version of the software, and I have a working VPN solution using Windows 2000 and The Cisco VPN client 3.5
I have been trying without success to get VPN to work with Windows XP. I've tried using the builtin VPN functionality, installing the Client, disabling ICS then installing the client, and it never seems to connect properly.
Does anyone know if connecting to this firewall via Windows XP is even possible?
Thanks,
-Matt
01-08-2008 04:44 AM
Hi Matt
it is possible.
If you have a cisco client installed on your XP machine now could you try to connect and then post the log from the client please?
01-08-2008 06:18 AM
I switched to a later version of the client, and I'm still having similar problems... Here's the log: (ip address replaced with x.x.x.x)
Cisco Systems VPN Client Version 4.8.02.0010
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
27 08:14:10.366 01/08/08 Sev=Info/4 CM/0x63100002
Begin connection process
28 08:14:10.382 01/08/08 Sev=Info/4 CM/0x63100004
Establish secure connection
29 08:14:10.382 01/08/08 Sev=Info/4 CM/0x63100024
Attempt connection with server "x.x.x.x"
30 08:14:10.382 01/08/08 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.
31 08:14:10.382 01/08/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
32 08:14:10.382 01/08/08 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
33 08:14:10.382 01/08/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
34 08:14:15.397 01/08/08 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
35 08:14:15.397 01/08/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x
36 08:14:20.397 01/08/08 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
37 08:14:20.397 01/08/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x
38 08:14:25.397 01/08/08 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
39 08:14:25.397 01/08/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x
40 08:14:30.896 01/08/08 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=89065E1D9081EF27 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
41 08:14:31.396 01/08/08 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=89065E1D9081EF27 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
42 08:14:31.396 01/08/08 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "209.240.170.2" because of "DEL_REASON_PEER_NOT_RESPONDING"
43 08:14:31.396 01/08/08 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
44 08:14:31.443 01/08/08 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
45 08:14:31.443 01/08/08 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
46 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
47 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
48 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
49 08:14:31.896 01/08/08 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
01-09-2008 09:35 AM
The logs basically says that the VPN Client is not getting a response from the server.
What kind of connection do you have to the internet. If you are behind a firewall, can you try using a dial up connection and see if the VPN Client works. What about the logs from the VPN Server, do you see your connection initiation hitting the VPN Server.
Regards,
Arul
01-09-2008 10:05 AM
I am on a high-speed DSL connection and behind an old consumer-grade LinkSys Router/Firewall. VPN has worked to the same Pix515e through this same Linksys router before with no changes, except when I installed Windows XP, it won't connect.
How would I see the logs from the VPN server to see if my other IP is attempting a connection?
Thanks!
01-09-2008 07:21 PM
You could run debugs on the Pix 515e. That is "deb cry is" and " deb cry ipsec".
Regards,
Arul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: