03-26-2015 07:13 AM
03-28-2015 03:01 PM
You can run debug isakmp sa as well as look at the Cisco VPN client logs. If you are trying to connect from behind a firewall, you need to make sure that udp 500 and 4500 are permitted through that firewall.
Another possibility is that there is a NAT statement on the VPN server messing things up for you.
--
Please remember to select a correct answer and rate helpful posts
03-30-2015 09:01 AM
Please confirm if the other clients are able to connect via VPN and if you are facing issues with a specific location.
- Captures of UDP port 500 & 4500 on VPN headend is needed to confirm if the client is able to reach out to the VPN server.
- If you have a lot of VPN clients connecting on the VPN headend than try to perform conditional debugs for the client's public address as below:
debug crypto condition peer x.x.x.x / debug crypto condition peer ipv4 x.x.x.x
debug crypto isakmp
- If you dont have the access to the VPN server than you can take wireshark capture on the client machine's physical adapter to see if the you are able to get UDP (port 500/4500) packet back from the VPN server.
Regards,
Tushar Bangia
Note - Please do rate the post if you find it helpful!!
--------------------------------------------------------------------
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: