02-09-2009 11:45 AM - edited 03-11-2019 07:47 AM
Hopefully someone can help with a termination issue I'm having with a PIX-515e firewall; software version 6.3.4, pdm version 3.0.2.
We're getting constant vpn termination errors (reason 412 and 413) from a group of users at one location. I am by no means a pix guru, but I've verified that nat-t is configured. I can't figure out how to determine if there is a group policy set. I'd be happy to post or email the current config if that will help - it's about 150 lines long.
02-09-2009 02:24 PM
Go ahead and post it, we need to see if you are missing some lines there
02-10-2009 01:23 PM
02-10-2009 01:32 PM
Well it all looks good on your config, can you turn on the following debugs?
debug crypto isakmp
debug crypto ipsec
02-12-2009 10:03 AM
Using the CLI, I entered the two commands you listed. But, I'm not sure what to do next.
02-12-2009 10:04 AM
You need to get a vpn client to try to connect to your pix to generate debug logs
03-04-2009 05:53 AM
Now that the debug logs have been enabled for several weeks, where do I find the log files?
03-04-2009 06:56 AM
If you did not set any syslog servers, you need to get the output of the show log, however this log is a circular buffer most likely some events have been overwritten.
03-04-2009 09:07 AM
And how exactly do I get the output of the show log?
03-04-2009 09:11 AM
on CLI you type "show log"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide