VPN termination errors

Unanswered Question
Feb 9th, 2009
User Badges:

Hopefully someone can help with a termination issue I'm having with a PIX-515e firewall; software version 6.3.4, pdm version 3.0.2.


We're getting constant vpn termination errors (reason 412 and 413) from a group of users at one location. I am by no means a pix guru, but I've verified that nat-t is configured. I can't figure out how to determine if there is a group policy set. I'd be happy to post or email the current config if that will help - it's about 150 lines long.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Mon, 02/09/2009 - 14:24
User Badges:
  • Cisco Employee,

Go ahead and post it, we need to see if you are missing some lines there

Ivan Martinon Tue, 02/10/2009 - 13:32
User Badges:
  • Cisco Employee,

Well it all looks good on your config, can you turn on the following debugs?

debug crypto isakmp

debug crypto ipsec

eriklozano Thu, 02/12/2009 - 10:03
User Badges:

Using the CLI, I entered the two commands you listed. But, I'm not sure what to do next.

Ivan Martinon Thu, 02/12/2009 - 10:04
User Badges:
  • Cisco Employee,

You need to get a vpn client to try to connect to your pix to generate debug logs

eriklozano Wed, 03/04/2009 - 05:53
User Badges:

Now that the debug logs have been enabled for several weeks, where do I find the log files?

Ivan Martinon Wed, 03/04/2009 - 06:56
User Badges:
  • Cisco Employee,

If you did not set any syslog servers, you need to get the output of the show log, however this log is a circular buffer most likely some events have been overwritten.

eriklozano Wed, 03/04/2009 - 09:07
User Badges:

And how exactly do I get the output of the show log?

Actions

This Discussion