cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3421
Views
12
Helpful
6
Replies

VPN does NOT work in SOME Hotel NetWorks ?!?

Didier1966
Level 1
Level 1

Hello,

Any idea why in some places I can not switch on my VPN ?

The strange thing is when I use the VPN server of my office , this work OK and it is the same VPN client.

So this means that I do something wrong in my private CISCO 1841 ROUTER.

Here bellow what does not work and at the bottom the same computer same network , but other VPN server :

Cisco Systems VPN Client Version 5.0.03.0560
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

36     10:13:40.625  03/11/11  Sev=Info/4 CM/0x63100002
Begin connection process

37     10:13:40.640  03/11/11  Sev=Info/4 CM/0x63100004
Establish secure connection

38     10:13:40.640  03/11/11  Sev=Info/4 CM/0x63100024
Attempt connection with server "mlgw.dyndns.info"

39     10:13:40.718  03/11/11  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 81.83.201.32.

40     10:13:40.734  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 81.83.201.32

41     10:13:40.984  03/11/11  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

42     10:13:40.984  03/11/11  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

43     10:13:45.984  03/11/11  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

44     10:13:45.984  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 81.83.201.32

45     10:13:50.984  03/11/11  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

46     10:13:50.984  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 81.83.201.32

47     10:13:55.984  03/11/11  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

48     10:13:55.984  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 81.83.201.32

49     10:14:00.984  03/11/11  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=0EACC63815AC9551 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

50     10:14:01.484  03/11/11  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=0EACC63815AC9551 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

51     10:14:01.484  03/11/11  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "mlgw.dyndns.info" because of "DEL_REASON_PEER_NOT_RESPONDING"

52     10:14:01.484  03/11/11  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

53     10:14:01.484  03/11/11  Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.

54     10:14:01.484  03/11/11  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

55     10:14:01.500  03/11/11  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

56     10:14:01.500  03/11/11  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

57     10:14:01.500  03/11/11  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

58     10:14:01.500  03/11/11  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

THIS WORK OK :

Cisco Systems VPN Client Version 5.0.03.0560
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

59     10:25:37.953  03/11/11  Sev=Info/4 CM/0x63100002
Begin connection process

60     10:25:38.203  03/11/11  Sev=Info/4 CM/0x63100004
Establish secure connection

61     10:25:38.203  03/11/11  Sev=Info/4 CM/0x63100024
Attempt connection with server "193.89.221.13"

62     10:25:38.265  03/11/11  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 193.89.221.13.

63     10:25:38.359  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 193.89.221.13

64     10:25:38.437  03/11/11  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

65     10:25:38.437  03/11/11  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

66     x0:25:38.437  03/11/11  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 1x3.89.221.13

67     10:25:38.437  03/11/11  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 193.89.221.13

68     10:25:38.437  03/11/11  Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer

69     10:25:38.437  03/11/11  Sev=Info/5 IKE/0x63000001
Peer supports XAUTH

70     10:25:38.437  03/11/11  Sev=Info/5 IKE/0x63000001
Peer supports DPD

71     10:25:38.437  03/11/11  Sev=Info/5 IKE/0x63000001
Peer supports NAT-T

72     10:25:38.437  03/11/11  Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads

73     10:25:38.703  03/11/11  Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 87h.

74     10:25:38.468  03/11/11  Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful

75     10:25:38.468  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 1x3.89.221.13

76     10:25:38.500  03/11/11  Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA

77     10:25:38.500  03/11/11  Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port =  0x0584, Remote Port = 0x1194

78     10:25:38.500  03/11/11  Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

79     10:25:38.500  03/11/11  Sev=Info/4 CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

80     10:25:38.515  03/11/11  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 1x3.89.221.13

81     10:25:38.531  03/11/11  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 193.89.221.13

82     10:25:38.531  03/11/11  Sev=Info/4 CM/0x63100015
Launch xAuth application

83     10:25:47.078  03/11/11  Sev=Info/4 CM/0x63100017
xAuth application returned

84     10:25:47.078  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 1x3.89.221.13

85     10:25:47.140  03/11/11  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 193.89.221.13

86     10:25:47.140  03/11/11  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 193.89.221.13

87     10:25:47.140  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 193.89.221.13

88     10:25:47.140  03/11/11  Sev=Info/4 CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

89     10:25:47.453  03/11/11  Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator

90     10:25:47.468  03/11/11  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 193.89.221.13

91     10:25:47.937  03/11/11  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 193.89.221.13

92     10:25:47.937  03/11/11  Sev=Info/4 IKE/0x63000014

This SA has already been alive for 10 seconds, setting expiry to 86390 seconds from now

Thank you in advance for your help,

Best Regards,

Didier

6 Replies 6

Yudong Wu
Level 7
Level 7

From client log, you could see "Retransmitting last packet!" and "DEL_REASON_PEER_NOT_RESPONDING".

So, you need run a debug on your home router to see if it receives IKE negociation packet. If yes, why it did not reply it.

Hello,

Thank you for your prompt reply

What kind of debug do you recommend I can put ON , to follow up on this ?

I have put on this one :

ROUTER1841_1#debug vpn authorization event

Best Regards,

Didier

Please run the following two debug.

debug crypto isa

debug crypto ipsec

Hello,

Thank You for your HELP

I have a other small question not directly related to this , but to the monitor part.

The problem I have , I can see the LOG when I am connected directly to my router via the CONSOL RS232 connector.

How can I see this monitoring when I use TELNET or SSH ?

A plan B can be to leave a computer connected directly to the ROUTER , while a other computer try to connect via VPN.

But I think their is a way to save or see the LOG while we are in TELNET or SSH mode , but I do not know how

Any idea is welcome

Best Regards,

Didier.

try "terminal monitor"

make sure the logging level for monitor session is set to debugging -- "logging monitor debug"

You can also increase you logging biffer size "logging buffered 2000000" - 2M

and then check your buffer logging by 'show log"

Hello,

Thank you for this useful information , I have just put it ON , now I just have to wait.

Best Regards,

Didier

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: