VPN termination errors

eriklozano · ‎02-09-2009

Hopefully someone can help with a termination issue I'm having with a PIX-515e firewall; software version 6.3.4, pdm version 3.0.2.

We're getting constant vpn termination errors (reason 412 and 413) from a group of users at one location. I am by no means a pix guru, but I've verified that nat-t is configured. I can't figure out how to determine if there is a group policy set. I'd be happy to post or email the current config if that will help - it's about 150 lines long.

Ivan Martinon · ‎02-09-2009

Go ahead and post it, we need to see if you are missing some lines there

eriklozano · ‎02-10-2009

Config is attached. Let me know if I need to post it inline. Thanks.

Ivan Martinon · ‎02-10-2009

Well it all looks good on your config, can you turn on the following debugs?

debug crypto isakmp

debug crypto ipsec

eriklozano · ‎02-12-2009

Using the CLI, I entered the two commands you listed. But, I'm not sure what to do next.

Ivan Martinon · ‎02-12-2009

You need to get a vpn client to try to connect to your pix to generate debug logs

eriklozano · ‎03-04-2009

Now that the debug logs have been enabled for several weeks, where do I find the log files?

Ivan Martinon · ‎03-04-2009

If you did not set any syslog servers, you need to get the output of the show log, however this log is a circular buffer most likely some events have been overwritten.

eriklozano · ‎03-04-2009

And how exactly do I get the output of the show log?

Ivan Martinon · ‎03-04-2009

on CLI you type "show log"