SA520 & QuickVPN

Unanswered Question
May 30th, 2010
User Badges:

I managed to get the link past the 'policy' stage but it tells me it fails the 'verifying network' test.  My remote net is 192.168.15.X and the local net is 192.168.16.X  Remote host is XP SP3.  QuickVPN is 1.4.0.5 and the router was recently updated


SA520 IPSec log shows

2010-05-30 09:39:34: INFO:  Adding IPSec configuration with identifier "howard"
2010-05-30 09:39:34: INFO:  Adding IKE configuration with identifer "howard"
2010-05-30 09:39:34: ERROR:  parse error is nothing, but yyerrorcount is 1.

Any suggestions on directions from here - what to do, where to get smarter on the process,....?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Hornstein Sun, 05/30/2010 - 11:43
User Badges:
  • Gold, 750 points or more

Hi Howard,


Your problem from what I gather is not connectivity between two sites  192.168.15.X and the local net is 192.168.16.X.  But a issue with a  Quick VPN client coming into your main site.  Is that correct ?


Also , make sure just for problem determination purposes, that your PC's firewall is disabled.


Just out of interest, when you performed the software upgrade on your SA500's did you check and follow the recommended procedure in the release notes?  I have copied them out below just in case.


Recommended Upgrade Steps as per Release note


When upgrading from version 1.0.15, 1.0.17, or 1.0.39, to 1.1.42 the firmware will reset the router to its factory default and you will need to back up the configuration.


When upgrading from 1.1.21, these steps are not required.

!

CAUTION Do not try swap images if a secondary firmware image is not present. Doing so can cause the to router to not boot up. To upgrade the SA 500 follow these steps.


STEP 1 Back up the existing configuration using the SA 500 Configuration Utility. If you need to revert to the previous firmware version, this allows you to restore the configuration associated with the prior version. To access the configuration back-up options, click Administration on the menu bar, then click Firmware & Configuration > Network in the navigation tree.

Follow the instructions in the Cisco SA 500 Series Security Appliances Administration Guide to back up the configuration.


STEP 2 Write down or take screenshots of your existing configuration settings. After upgrading to firmware version SA500-K9-1.1.42, you must manually re-enter these settings by using the SA 500 Configuration Utility.

This is necessary because the SA 500 is reset to factory defaults as part of the upgrade process and the previous configuration back-up file format is

incompatible with the format required for firmware version SA500-K9-1.1.42.


STEP 3 Perform the upgrade by using the Configuration Utility. To access the upgrade options, see the Upgrade Firmware section of the Getting Started (Basic) page of the Configuration Utility.


STEP 4 Manually re-enter the configuration settings you recorded in Step 2.

STEP 5 Verify that the installation is working properly.;

hweinberger Sun, 05/30/2010 - 13:31
User Badges:

Yes the problem is a connectivity issue. QuickVPN does not connect.


Getting the same results with or without client machine firewall.


Doubt if the problem lies with the upgrade - a) Procedures were followed, b) getting the same behavior on another SA520 that was not upgraded.

Actions

This Discussion

Related Content