09-29-2003 11:28 AM - edited 02-21-2020 12:47 PM
Hi,
I have clients running VPN client 3.5.1 on windows computer, ipsec connect to PIX 515 with version 6.0.
There is only one connection has this strange problem.
After the connection establish from Branch with this computer, it access the server inside the HQ, no problem, but someimtes it just cannot browse this server and lost the vpn connection.
From the log viewer , I got these error message everytime:
69 09:51:15.562 09/15/03 Sev=Info/6 FIREWALL/0x63A00005
FORWARD: ESP 206.191.101.26 to 192.168.0.142
70 09:51:15.625 09/15/03 Sev=Info/6 FIREWALL/0x63A00005
FORWARD: ESP 206.191.101.26 to 192.168.0.142
71 09:51:15.859 09/15/03 Sev=Info/6 FIREWALL/0x63A00005
FORWARD: ESP 206.191.101.26 to 192.168.0.142
.
.
.229 09:51:51.359 09/15/03 Sev=Info/4 FIREWALL/0x63A00003
BLOCK: UDP 192.168.0.118:137 to 192.168.0.255:137
230 09:51:53.359 09/15/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 206.191.101.26, seq# = 2722692459
231 09:51:53.359 09/15/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26
232 09:51:53.421 09/15/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 206.191.101.26
233 09:51:53.421 09/15/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 206.191.101.26
234 09:51:53.421 09/15/03 Sev=Info/5 IKE/0x6300003F
Received DPD ACK from 206.191.101.26, seq# received = 2722692459, seq# expected = 2722692459
235 09:52:21.359 09/15/03 Sev=Info/4 FIREWALL/0x63A00003
BLOCK: UDP 192.168.0.148:138 to 192.168.0.255:138
.
.
241 09:56:53.343 09/15/03 Sev=Info/4 FIREWALL/0x63A00003
BLOCK: UDP 206.191.101.26:500 to 192.168.0.142:500
.
.
249 10:00:58.843 09/15/03 Sev=Info/4 FIREWALL/0x63A00003
BLOCK: UDP 192.168.0.106:138 to 192.168.0.255:138
250 10:02:08.859 09/15/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 206.191.101.26, seq# = 2722692460
251 10:02:08.859 09/15/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26
252 10:02:13.859 09/15/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 206.191.101.26, seq# = 2722692461
253 10:02:13.859 09/15/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26
254 10:02:18.859 09/15/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 206.191.101.26, seq# = 2722692462
255 10:02:18.859 09/15/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26
256 10:02:21.187 09/15/03 Sev=Info/4 FIREWALL/0x63A00003
BLOCK: UDP 192.168.0.118:138 to 192.168.0.255:138
257 10:02:23.859 09/15/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 206.191.101.26, seq# = 2722692463
258 10:02:23.859 09/15/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26
259 10:02:28.859 09/15/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 206.191.101.26, seq# = 2722692464
260 10:02:28.859 09/15/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26
261 10:02:32.125 09/15/03 Sev=Info/4 FIREWALL/0x63A00003
BLOCK: UDP 192.168.0.106:137 to 192.168.0.255:137
262 10:02:32.375 09/15/03 Sev=Info/6 DIALER/0x63300006
Disconnecting connection.
263 10:02:32.375 09/15/03 Sev=Info/4 CM/0x6310000A
Secure connections terminated
I found it looks like a Cisco vpn client Vulnerabilities for verion earlier than 3.0 .
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
But my version is later than3.0 .
And looks another possibality is if I eanble the stateful firewall on in vpn client , I will get the same error message from log viewer.But stateful firewall is not on on that computer.Is it the possible it is enable by a mistake in vpn client?
I uninstall and reinstall the vpn client already , nothing change.
Anybody has any idea?
Thanks,
David
10-06-2003 07:25 AM
Did you check in the bug tool kit if the bug has been resolved??
10-06-2003 08:38 AM
I checked, it said the bug only happened at version earlier than 3.0, at version 3.51 there is not affected.
But looks my problem is very similar as this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide