Communication

dianewalker · ‎09-20-2006

We have a VPN 3005 Concentrator, running ver. 4.7. The user was able to login through the Cisco VPN client. However, when I looked at the Monitoring, Sessions, under Remote Access Sessions, Bytes Tx/Bytes RX. The Bytes are zeros. Does it mean there is no communication between the workstation and the VPN Concentrator? After a few minutes, the VPN Client is disconnected. Could it be that the firewall at the workstation is being blocked? Is there a way to troubleshoot this type of problem when the Bytes Transmitted and received are zeros? Thanks.

puagarwa · ‎09-24-2006

when you click the session under Remote Access Sessions, do you see an IPSec SA established?

we would need some logs from the 3000 for further troubleshotting the issue:

1. Goto Configuration->System->Events->Classes, add IKE, IKEDBG, IKEDECODE, IPSEC, IPSECDBG and IPSECDECODE with sevirities from 1-9 under events to log.

2. Goto Monitoring->Live Event Log and collect the logs and see whether Phase 2 COmpleted message appears or not.

if the phase 2 is complete then you have to check whether you can first ping the vpn client IP from the concentrator itself, if not try adding a static route for the client pool pointing to your default gateway of the 3000.

check whether vpn client pool is not conflicting with any other ipsec tunnel?

also check for routing behind 3000. there can be a firewall issue on the client side as well but you should be able to initiate traffic from the vpn client though.

paste the log here if you are not able to look into it and I can help you.