Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
4
Replies

VPN does not connect to only user, stops at "Negotiating Policies"

Anand Narayana
Level 6
Level 6

‎11-22-2008 07:40 PM

I have Cisco 515E ver 6.3, on which I configured remote vpn client profile. All of my 5 clients were able to access my LAN with the remote vpn client profile for all these years. After I upgraded to ver 7.0, Out of 5, One of my client trying to connect Cisco PIX using the vpn dialer, but it stops after "Negotiating Policies". Any Idea. This problem happens only when he is connecting in the following Order.

Laptop-------->Belkin wireless Router---------->Nokia Siemens Router---------->Internet-------->Cisco PIX---------->My LAN

Debug information on PIX during this time

Nov 21 13:33:26 x.x.x.x %PIX-5-713201: Group = remoteclient, IP = x.x.x.x, Duplicate Phase 2 packet detected. Retransmitting last packet

Nov 21 13:33:31 x.x.x.x %PIX-5-713201: Group = remoteclient, IP = x.x.x.x, Duplicate Phase 2 packet detected. Retransmitting last packet.

For other users when they connect directly through the Broad band router who access from different location does have problem.

I was not able to get any idea with the log number on cisco site :-(

This setup was same, when I had ver.6.3 running, during that time he was able to connect & access but not after upgrading my pix ver 7.0. SO as a temporary fix, he was able to connect in this following manner.

Laptop-------->Nokia Siemens Router---------->Internet-------->Cisco PIX---------->My LAN

IP Address Details

Belkin Wi-fi LAN - 192.168.2.0/24

Nokia Siemens LAN - 192.168.1.0/24

My LAN - 172.16.2.0/24

Labels:
0 Helpful
4 Replies 4

yvannpaillet
Level 1
Level 1

‎11-24-2008 12:37 AM

Hi

I have the same materiel with you

pix 515E ver 6.3 but i can not connect with my vpn client, i have the following message:

Secure vpn connection terminated localy by client raison 413

0 Helpful

yvannpaillet
Level 1
Level 1
In response to yvannpaillet

‎11-24-2008 12:42 AM

i did forget, please would you like to send my your config so that i could compare with my own config.

many thinks

0 Helpful

Jason Gervia
Cisco Employee
Cisco Employee

‎11-25-2008 06:59 AM

Hello,

Check to make sure that 'crypto isakmp nat-traversal' is enabled, and that udp 4500 is allowed from the client to the pix/ASA.

0 Helpful

yvannpaillet
Level 1
Level 1
In response to Jason Gervia

‎11-25-2008 10:52 AM

Hi

How can allow udp 4500 from the client to the pix ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents