09-20-2010 08:58 AM
Hello,
I have PIX 515 setup as Cisco VPN server for Cisco clients. When users connect using Cisco client ver 3.5, they are able to get to the login prompt. But users trying to connect using Cisco client higher than version 3.5 (like ver 4.6) it just times out.
When I look at the debug logs I see PIX trying to send phase 1 packets back, but the client does not see a response.
I am using esp-3des esp-md5-hmac with pre-share.
Does anyone know why I cannot use client version above 3.5??
Thank you.
Solved! Go to Solution.
09-21-2010 06:22 AM
Hi,
Please check the below link (release notes for 6.2 (2)) - Section: Cisco VPN Client Interoperability
http://www.cisco.com/en/US/docs/security/pix/pix62/release/notes/pixrn622.html#wp88393
If you are using windows client it only support 3.x. You may need IOS upgrade or Linux, Solaris, and Macintosh platforms client to use with 3.5 or higher.
If your client is compatible from the above, then you may need to run 'debug' on PIX to see whats going on when the client requests connection.
hth
MS
09-20-2010 10:21 AM
Hi,
Is PIX is running version 6.2 or higher?
Thanks
MS
09-20-2010 10:27 AM
PIX is running ver 6.2
Thanks
09-20-2010 11:21 AM
Hi,
Have you tried with multiple clients PC/laptop with 4.x installed? Also, please check to see if the response from PIX reaching out to client at all (vpn client gives basic info, but using wireshark or anyother pkt capture may give more info).
Thanks
MS
09-20-2010 11:39 AM
I have tried using multiple laptops with Client versions higher than 3.5. Since I get response when I try to connect using Cisco Client ver 3.5, I assume I have IP connectivity and nothing is blocking the IPSec packets. But I will do a packet capture on the client and find out exactly if the return packets reach the client when I use verions above 3.5.
09-20-2010 11:57 AM
ok..I know you confirmed this already.. exact version for IOS is : Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
Thanks
MS
09-20-2010 12:53 PM
Its
Cisco PIX Firewall Version 6.2(2)
Thanks
09-20-2010 07:30 PM
I also did packet capture using both client versions. I see return packets from VPN server when using client 3.5. But when I use ver 4.x or 5.x there is no response back from the PIX. Do you know what could be causing this?
Thank you.
09-21-2010 06:22 AM
Hi,
Please check the below link (release notes for 6.2 (2)) - Section: Cisco VPN Client Interoperability
http://www.cisco.com/en/US/docs/security/pix/pix62/release/notes/pixrn622.html#wp88393
If you are using windows client it only support 3.x. You may need IOS upgrade or Linux, Solaris, and Macintosh platforms client to use with 3.5 or higher.
If your client is compatible from the above, then you may need to run 'debug' on PIX to see whats going on when the client requests connection.
hth
MS
09-21-2010 06:51 AM
Thank you MS! That is exactly the reason I cannot use client versions above 3.5 on Windows. I was beating around the bushes to find out the issue. Thanks a lot!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: