Jennifer Halim Wed, 03/24/2010 - 04:47
User Badges:
  • Cisco Employee,

Please share debug output when trying to connect to the router.


debug cry isa

debug cry ipsec


Thanks.

miroslavpetkovic Wed, 03/24/2010 - 05:41
User Badges:

There is not any output from debug commands when I tried to connect with remote cisco vpn client.


Router1841#debug cry isa
Crypto ISAKMP debugging is on


Router1841#debug cry ipsec
Crypto IPSEC debugging is on


I recived message from VPN Client:


Secure VPN Connection terminated locally by the Client

Reason 412: The remote peer is no longer responding.


Best regards,

Miroslav Petkovic

Jennifer Halim Wed, 03/24/2010 - 14:30
User Badges:
  • Cisco Employee,

What is your logging level? If you are telnetting or ssh into the ASA, please turn on "logging mon 7" and "logging on". You should see debugs when you are trying to connect.

miroslavpetkovic Thu, 03/25/2010 - 03:53
User Badges:

Hi,


this is router cisco 1841. I tried:


Router1841(config)#logging monitor 7
Router1841(config)#logging on
Router1841#terminal monitor
Router1841#debug cry ipsec
Crypto IPSEC debugging is on
Router1841#debug cry isa


but I din't receive any log when I tried to establish remote access vpn.


Best regards,

Miroslav Petkovic

Jennifer Halim Thu, 03/25/2010 - 03:55
User Badges:
  • Cisco Employee,

Maybe the VPN connection is not even reaching your router.


What about the VPN Client logs? Can you share, please?

Jennifer Halim Thu, 03/25/2010 - 05:15
User Badges:
  • Cisco Employee,

On your vpn client, go to Log --> Log Settings --> change everything to High, then enable the logs.

Tried to connect again, and grab the logs from the logs tab after you are prompted with that error message.

miroslavpetkovic Thu, 03/25/2010 - 05:37
User Badges:

Hi,


This is log:


Attempt connection with server "118.159.110.241"


4      13:24:50.412  03/25/10  Sev=Info/6    IKE/0x6300003B
Attempting to establish a connection with 118.159.110.241.


5      13:24:50.419  03/25/10  Sev=Info/4    IKE/0x63000001
Starting IKE Phase 1 Negotiation


6      13:24:50.425  03/25/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 118.159.110.241


7      13:24:50.429  03/25/10  Sev=Info/4    IPSEC/0x63700008
IPSec driver successfully started


8      13:24:50.429  03/25/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys


9      13:24:50.430  03/25/10  Sev=Info/4    IPSEC/0x6370000D
Key(s) deleted by Interface (10.1.0.103)


10     13:24:55.553  03/25/10  Sev=Info/4    IKE/0x63000021
Retransmitting last packet!


11     13:24:55.554  03/25/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 118.159.110.241


12     13:25:00.625  03/25/10  Sev=Info/4    IKE/0x63000021
Retransmitting last packet!


13     13:25:00.626  03/25/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 118.159.110.241


14     13:25:05.695  03/25/10  Sev=Info/4    IKE/0x63000021
Retransmitting last packet!


15     13:25:05.695  03/25/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 118.159.110.241


16     13:25:10.765  03/25/10  Sev=Info/4    IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=CD66FFF7820A7902 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING


17     13:25:11.266  03/25/10  Sev=Info/4    IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=CD66FFF7820A7902 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING


18     13:25:11.266  03/25/10  Sev=Info/4    CM/0x63100014
Unable to establish Phase 1 SA with server "118.159.110.241" because of "DEL_REASON_PEER_NOT_RESPONDING"


19     13:25:11.266  03/25/10  Sev=Info/5    CM/0x63100025
Initializing CVPNDrv


20     13:25:11.288  03/25/10  Sev=Info/6    CM/0x63100046
Set tunnel established flag in registry to 0.


21     13:25:11.289  03/25/10  Sev=Info/4    IKE/0x63000001
IKE received signal to terminate VPN connection


22     13:25:12.298  03/25/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys


23     13:25:12.298  03/25/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys


24     13:25:12.298  03/25/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys


25     13:25:12.298  03/25/10  Sev=Info/4    IPSEC/0x6370000A
IPSec driver successfully stopped



Best regards,

Miroslav Petkovic

Jennifer Halim Thu, 03/25/2010 - 05:42
User Badges:
  • Cisco Employee,

Yup, doesn't look like the VPN traffic is reaching your router.


Checked if UDP/500 is being blocked by your router/modem/etc or ISP or if there is a firewall.

Actions

This Discussion