VPN not working from one site

dirkmelvin · ‎08-22-2008

Can someone explain to me these errors?

This is from 2 separate connection attempts, from one PC. It will not connect to my PIX, but I have 2 other PCs at different locations that can connect with no problem.

What I am assuming is there is a firewall or router blocking something about VPN from the inside to the outside world?

Richard Burts · ‎08-22-2008

Dirk

The logs that you posted show that the intial phase 1 negotiation of ISAKMP are successful and the phase 1 SA is established as shown in these messages:

74 14:02:40.986 08/22/08 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

75 14:02:40.986 08/22/08 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

The next thing is this:

Client sending a firewall request to concentrator

and it seems that then the negotiations do not progress and there is a series of retransmissions and eventual failure.

I wonder if the other PCs that are working are set up the same way that this one is, especially relative to any firewall?

I also noticed these messages in the logs:

Remote end is NOT behind a NAT device

This end IS behind a NAT device

and I wonder if the other PCs that work are also begind a NAT device?

HTH

Rick

HTH

Rick

thiru.vel10 · ‎08-22-2008

Click this link for the error referance

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_tech_note09186a00801f253d.shtml

dirkmelvin · ‎08-25-2008

Thank you both so much for the feedback, I will look into this over the next day or two and post my findings.