Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
0
Helpful
9
Replies

Remote VPN on PIX 515 and Cisco VPN Client ver 4.x and higher.

Go to solution
shivani.sharma
Level 1
Level 1

‎09-20-2010 08:58 AM

Hello,

I have PIX 515 setup as Cisco VPN server for Cisco clients. When users connect using Cisco client ver 3.5, they are able to get to the login prompt. But users trying to connect using Cisco client higher than version 3.5 (like ver 4.6) it just times out.

When I look at the debug logs I see PIX trying to send phase 1 packets back, but the client does not see a response.

I am using esp-3des esp-md5-hmac with pre-share.

Does anyone know why I cannot use client version above 3.5??

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mvsheik123
Level 7
Level 7
In response to shivani.sharma

‎09-21-2010 06:22 AM

Hi,

Please check the below link (release notes for 6.2 (2)) - Section:  Cisco VPN Client Interoperability

http://www.cisco.com/en/US/docs/security/pix/pix62/release/notes/pixrn622.html#wp88393

If you are using windows client it only support 3.x.  You may need IOS upgrade or Linux, Solaris, and Macintosh platforms client to use with 3.5 or higher.

If your client is compatible from the above, then you may need to run 'debug' on PIX to see whats going on when the client requests connection.

hth

MS

View solution in original post

0 Helpful
9 Replies 9

Go to solution
mvsheik123
Level 7
Level 7

‎09-20-2010 10:21 AM

Hi,

Is PIX is running version 6.2 or higher?

Thanks

MS

0 Helpful

Go to solution
shivani.sharma
Level 1
Level 1
In response to mvsheik123

‎09-20-2010 10:27 AM

PIX is running ver 6.2

Thanks

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to shivani.sharma

‎09-20-2010 11:21 AM

Hi,

Have you tried with multiple clients PC/laptop with 4.x installed? Also, please  check to see if the response from PIX reaching out to client at all (vpn client gives basic info, but using wireshark or anyother pkt capture may give more info).

Thanks

MS

0 Helpful

Go to solution
shivani.sharma
Level 1
Level 1
In response to mvsheik123

‎09-20-2010 11:39 AM

I have tried using multiple laptops with Client versions higher than 3.5. Since I get response when I try to connect using Cisco Client ver 3.5, I assume I have IP connectivity and nothing is blocking the IPSec packets. But I will do a packet capture on the client and find out exactly if the return packets reach the client when I use verions above 3.5.

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to shivani.sharma

‎09-20-2010 11:57 AM

ok..I know you confirmed this already.. exact version for IOS is : Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).

Thanks

MS

0 Helpful

Go to solution
shivani.sharma
Level 1
Level 1
In response to mvsheik123

‎09-20-2010 12:53 PM

Its

Cisco PIX Firewall Version 6.2(2)

Thanks

0 Helpful

Go to solution
shivani.sharma
Level 1
Level 1
In response to shivani.sharma

‎09-20-2010 07:30 PM

I also did packet capture using both client versions. I see return packets from VPN server when using client 3.5. But when I use ver 4.x or 5.x there is no response back from the PIX. Do you know what could be causing this?

Thank you.

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to shivani.sharma

‎09-21-2010 06:22 AM

Hi,

Please check the below link (release notes for 6.2 (2)) - Section:  Cisco VPN Client Interoperability

http://www.cisco.com/en/US/docs/security/pix/pix62/release/notes/pixrn622.html#wp88393

If you are using windows client it only support 3.x.  You may need IOS upgrade or Linux, Solaris, and Macintosh platforms client to use with 3.5 or higher.

If your client is compatible from the above, then you may need to run 'debug' on PIX to see whats going on when the client requests connection.

hth

MS

0 Helpful

Go to solution
shivani.sharma
Level 1
Level 1
In response to mvsheik123

‎09-21-2010 06:51 AM

Thank you MS! That is exactly the reason I cannot use client versions above 3.5 on Windows. I was beating around the bushes to find out the issue. Thanks a lot!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents