06-08-2009 05:12 AM
Dear all,
i have configured remote access vpn on cisco asa 5510 it was running cisco IOS 7.2 version and then i upgrgaded it to cisco IOS 8.0 but still the cisco vpn clients cannot connect to VPN following is the log on the cisco vpn client
Cisco Systems VPN Client Version 5.0.02.0090
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
49 16:53:59.236 06/08/09 Sev=Info/4 CM/0x63100002
Begin connection process
50 16:53:59.249 06/08/09 Sev=Info/4 CM/0x63100004
Establish secure connection
51 16:53:59.250 06/08/09 Sev=Info/4 CM/0x63100024
Attempt connection with server "ajmdubai.dyndns.org"
52 16:53:59.269 06/08/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 217.165.146.206
53 16:53:59.468 06/08/09 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
54 16:53:59.468 06/08/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
55 16:54:04.538 06/08/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
56 16:54:04.539 06/08/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 217.165.146.206
57 16:54:09.609 06/08/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
58 16:54:09.609 06/08/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 217.165.146.206
59 16:54:14.679 06/08/09 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
60 16:54:14.679 06/08/09 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 217.165.146.206
61 16:54:19.749 06/08/09 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=99EAAB2E98CFE782 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
62 16:54:20.262 06/08/09 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=99EAAB2E98CFE782 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
63 16:54:20.263 06/08/09 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "ajmdubai.dyndns.org" because of "DEL_REASON_PEER_NOT_RESPONDING"
64 16:54:20.263 06/08/09 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
65 16:54:20.268 06/08/09 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
66 16:54:20.271 06/08/09 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
67 16:54:20.762 06/08/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
68 16:54:20.763 06/08/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
69 16:54:20.763 06/08/09 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
70 16:54:20.763 06/08/09 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
following is the error captured on the cisco asa 5510
group=ajmremote ip=x.x.x.x removing peer from peer table failed no match
error unable to remove peer tblentry
recieved invalid cookie message for non-existent SA
iam attaching the config done on the cisco asa 5510 please go through it and please advise asap as iam facing a deadline on it to fix as from wednesday the users are about to work from home and i need this remote access vpn to be working
please see the config done on cisco asa 5510 for remote access vpn it is in the attachment
06-09-2009 08:51 PM
The VPN Client is not getting a response from the ASA, as inidicated by DEL_REASON_PEER_NOT_RESPONDING. I see that the client debug indicates a destination address of 217.165.146.206, but your config has an outside address of 10.0.0.2...
06-10-2009 06:04 AM
In addition to the issue raised by kstiver, I'm wondering whether your outside-entry access list is too restrictive.
06-11-2009 12:45 AM
yes the outside address is 10.0.0.2 it is working behind an adsl router and i have done port forwarding for ports 4500 and 500 udp on the adsl router to the firewall.
one more interesting thing i have noticed is that no one can initiate vpn client connection from that office . i believe that the asa 5510 is blocking outgoing client vpn connections.
waiting eagerly for the response
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: