11-18-2008 04:28 AM - edited 02-21-2020 03:06 AM
I have ran the VPN wizard on my PIX 501 choosing the option to connect with Cisco VPN client 3 or higher. i am using client version 5.0.04 with the group name, IP Address of the PIX and the username /password set. the rest are defaults. when i try to connect i get the error message "Secure VPN connection terminated locally by the client. reason 412: the remote peer is no longer responding.
When looking at the firewall logs on my DSL router that i am connecting through the log entry reads: src= My IP Address dst= PIX IP Address ipprot=17 sport1704 dport=500 packet dropped. i am assuming thet this entry is telling me that it got as far as the PIX but the connection was refused. i have attached 2 copies of the show run 1 before the wizard and one after so that somebody can view it to see if i have missed anything.
Thanks in advance,
James.
Solved! Go to Solution.
11-18-2008 08:22 AM
James,
You need to add a rule on your router to allow the following traffic:
udp 500 to your pix
udp 4500 to your pix
and then turn on nat-traversal as the previous person suggested
The VPN client negotiates p1/p2 over udp 500. If your router (which I assume is before the pix, or after your client) is dropping that traffic (it shows as being dropped) then the pix is *not* receiving it.
11-18-2008 05:32 AM
Hi,
Can you enable this command "isakmp nat-traversal" and try connecting again. In case if you are still having issues, can you post the outputs of "deb cry is", "deb cry ips" and also logs from the VPN Client with logging level set to high.
Regards,
Arul
*Pls rate if it helps*
11-18-2008 07:02 AM
11-18-2008 08:22 AM
James,
You need to add a rule on your router to allow the following traffic:
udp 500 to your pix
udp 4500 to your pix
and then turn on nat-traversal as the previous person suggested
The VPN client negotiates p1/p2 over udp 500. If your router (which I assume is before the pix, or after your client) is dropping that traffic (it shows as being dropped) then the pix is *not* receiving it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide