Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Newer VPN clients cannot terminate to ASA

I have a customer where after the 4.8.02 VPN client came out, it stopped connecting to their Pix 501 running 6.3(5). The local VPN logs show dropped UDP packets. A debug crypto isakmp doesn't even report an attempt to perform a phase 1 key exchange. Not even a connection. This happens on both XP and Vista.

Once we downgrade to 4.8.01.0300 then we can make a perfect connection to the Pix. Thinking it was a hardware issue (and they wanted the Anti-X capability anyway), I installed an ASA 5510 running 7.2(2), and low and behold, the same issue.

Note, there is an Adtran 3200 series router in front of the ASA. It is running the firewall feature set, but we've opened it wide open and we still have the problem.

A quick check of the documentation and bug check finds nothing that relates to this issue. I plan to open a TAC case next week on this, but I'm hoping someone here may have seen or heard of this before.

We're all stumped on this one...

Thanks in advance...

Jake

1 REPLY
Community Member

Re: Newer VPN clients cannot terminate to ASA

On the client, did you verify that transport is IPSec only. Nothing should be checked under tunnel transport in the modification menu.

136
Views
0
Helpful
1
Replies
CreatePlease to create content