Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
1
Replies

Need HELP - Linux VPN Client not connecting to PIX

cdelcastillo
Level 1
Level 1

‎11-29-2001 12:22 PM - edited ‎02-21-2020 11:31 AM

am having this problem.

I have a Dell Laptop running Red Hat 7.2

VPN Client 3.0.8

connecting to a PIX525 with 6.0.1.

I run the client and get the following:

Initializing the IPSec link.

Contacting the security gateway at xxx.xxx.xxx.xxx.xxx

Negotiating security policies.

Failed to contact the security gateway.

Now I know the last entry is incorrect, because when I look at the log I see that the pix has passed to the

laptop an ip, domain name, dns ip address, etc.

It then receives the following error:

Error -1 obtaining host interfaces on the system while creating dynamic ACL entries

Failed to enumerate interfaces on the system

and finally:

API Failure - Function call IPSecDriverInitialize returned 1.

I know that everything else works because I can make the same connection with my Windows 2000 box and

it works.

Any assistance would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

cjacinto
Cisco Employee
Cisco Employee

‎12-01-2001 07:47 PM

Check the following:

Make sure you are using the latest 3.5 client.

* You must run "/etc/rc.d/init.d/vpnclient_init start" before using the client

* This script will be run AUTOMATICALLY every time you reboot your computer.

Firewalls installed on a Linux box such as IpTables, Ipchaining.

You need to make sure that the following are allowed to pass through:

UDP port 500

UDP port 10,000 or whaterver port you are needing for Ipsec thru Nat functionality

IP protocol 50 (ESP)

Tip to check that Ipchains is setup on the Linux Box:

more /etc/sysconfig/ipchains

Look for

-A input -p udp -s 0/0 -d 0/0/ 0:1023 -j REJECT

-A input -p udp -s 0/0 -d

To make sure that UDP traffic is allowed through DELETE THESE lines and Stop Ipchaining and Restart with your changes:

/etc/init.d/ipchains stop

/etc/ini.d/ipchains start

0 Helpful
Customers Also Viewed These Support Documents