Cisco VPN Client and PIX-515E Unable to add route

Unanswered Question
Nov 12th, 2009
User Badges:

Hi,


I'm encountering a problem with my Cisco VPN Client. I try version 4.8 and 5 with the same issues. I can successfully establish the ipsec tunnel but the routing table of my computer is not good.


Here is the log of the cisco vpn client :


Cisco Systems VPN Client Version 4.8.02.0010

Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

Config file directory: C:\Program Files\Cisco Systems\VPN Client\


1 11:42:58.299 11/12/09 Sev=Warning/2 IKE/0xA3000067

Received Unexpected InitialContact Notify (PLMgrNotify:886)


2 11:43:13.659 11/12/09 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route: code 87

Destination 172.16.255.255

Netmask 255.255.255.255

Gateway 10.0.0.1

Interface 192.168.65.41


3 11:43:13.659 11/12/09 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: ac10ffff, Netmask: ffffffff, Interface: aaa4129, Gateway: a000001.


4 11:46:02.512 11/12/09 Sev=Warning/2 IKE/0xA3000067

Received Unexpected InitialContact Notify (PLMgrNotify:886)


5 11:46:42.843 11/12/09 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route: code 87

Destination 172.16.255.255

Netmask 255.255.255.255

Gateway 10.0.0.1

Interface 192.168.65.41


6 11:46:42.843 11/12/09 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: ac10ffff, Netmask: ffffffff, Interface: aaa4129, Gateway: a000001.




and here is my PIX Version 6.3(3) configuration :


ip local pool vpnclient 192.168.65.1-192.168.65.254



crypto ipsec transform-set test esp-des esp-md5-hmac

crypto dynamic-map DMAP 10 set transform-set test

crypto map vpnclient 10 ipsec-isakmp dynamic DMAP

crypto map vpnclient client configuration address initiate

crypto map vpnclient client configuration address respond

crypto map vpnclient client authentication RADIUS

crypto map vpnclient interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp keepalive 10 3

isakmp client configuration address-pool local vpnclient outside

isakmp nat-traversal 20

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

isakmp policy 2 authentication rsa-sig

isakmp policy 2 encryption des

isakmp policy 2 hash md5

isakmp policy 2 group 1

isakmp policy 2 lifetime 86400

vpngroup info idle-time 1800

vpngroup vpnclient address-pool vpnclient

vpngroup vpnclient dns-server dns_server

vpngroup vpnclient wins-server dns_server

vpngroup vpnclient default-domain MENA

vpngroup vpnclient split-tunnel 102

vpngroup vpnclient idle-time 1800

vpngroup vpnclient password ********


Thank you for your help !


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion