Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No VPN over ADSL connection. Dial-Up no problem.

We're using a Cisco VPN 3000 series Concentrator and the Cisco VPN Client (both running v3.6.1).

Connecting to the internet via Dial-Up a(ISDN) and then setting-up a VPN works fine.

However, when connecting to the internet via ADSL and then setting-up a VPN does time-out with a "Remote peer is no longer responding".

Hereby the the log from the concentrator.

(I've replaced our ADSL-connections's IP-address with x.x.x.x for security-reasons)

1981 09/24/2002 14:26:20.280 SEV=4 IKE/52 RPT=22 x.x.x.x

Group [TestGroup] User [testuser]

User (testuser) authenticated.

1982 09/24/2002 14:26:20.440 SEV=5 IKE/184 RPT=22 x.x.x.x

Group [TestGroup] User [testuser]

Client OS: WinNT

Client Application Version: 3.6.1 (Rel)

1984 09/24/2002 14:26:52.440 SEV=4 IKEDBG/65 RPT=21 x.x.x.x

Group [TestGroup] User [testuser]

IKE TM V6 FSM error history (struct &0x1c718e4)

<state>, <event>:

TM_DONE, EV_ERROR

TM_WAIT_QM_MSG, EV_TIMEOUT

TM_WAIT_QM_MSG, NullEvent

TM_SND_REPLY, EV_SND_MSG

1989 09/24/2002 14:26:52.440 SEV=4 IKEDBG/65 RPT=22 x.x.x.x

Group [TestGroup] User [testuser]

IKE AM Responder FSM error history (struct &0x1ead230)

<state>, <event>:

AM_DONE, EV_ERROR

AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL

AM_TM_INIT_MODECFG_V6H, NullEvent

AM_TM_INIT_MODECFG, EV_WAIT

1995 09/24/2002 14:26:52.440 SEV=5 IP/43 RPT=21

Deleting TCP entry for device x.x.x.x on port 2796

17 REPLIES

Re: No VPN over ADSL connection. Dial-Up no problem.

Please specify the number of VPN tunnels you are having over any link at a given time. ALso ADSL has different speeds for upstream / downstream traffic. This could be an issue, if the number of tunnels are more.

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

I'm not sure if I understand you correctly.

In this test setup user "testuser" is the only user setting up a VPN-connection.

I was under the impression that it had something to do with the new 3.6.1 release for both Concentrator and VPN Client.

The same setup worked some time ago with the 3.5.x releases. Only difference then, was that we were using an ADSL-router (827) instead of an ADSL-modem (Alcatel Speedtouch Home) as we do now (PPTP between workstation and ADSL-modem)

FYI; we're using IPSec over TCP.

Kind regards,

Marcel

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

We had the same problem with some of our xDSL provider and the fix aroud was changing the MTU size on the VPN Client. Also if your Concentrator or client is behind a NAT or fw device you will need to enable keepalives on the client (on the *.pcf file).

We still having problems for xDSL or Cable modem clients connecting to the VCA address (load balancing address) and Cisco TAC is dealing with our problem as it seems to be a bug.

I hope it helps.

Ta,

G.

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi

- Ensure that you are using TCP encapsulation on the VPN client as your ADSL router is almost definitely doing PAT. This is in the general tab, under "enable transparent tunnelling".

- Ensure that your VPN concentrator is configured to allow TCP connections (and on the same port that the VPN client is configured to use - default 10000)

- If your 3000 is behind a firewall, ensure that port 10000 is open inbound in the rule base.

Hope this helps.

Regards, Barry

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi Barry,

Thanks for your reply.

We are using transparent tunneling (IPSec over TCP) so that is not the problem (hence, from the same workstation we are able to setup a VPN connection with Dial-Up networking just fine).

As we're using an ADSL-modem (PPTP connection between workstation and ADSL-modem) I was thinking that maybe this conflicts with the AES encryption used with the v3.6.1 release (both Concentrator and VPN Client).

The error-messages from the Concentrator log are also not very descriptive. I was hoping for someone else with this same issue and their solution or it.

Kind regards,

Marcel

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi Marcel

Does the Log Viewer (on the client) tell you anything useful..? I have had problems in the past caused by MTU sizes on the VPN 3000 which manifest themselves with messages like

Unexpected message (Exchange type 6) while negotiating IKE. Message discarded.

appearing in the log.

Providing your PPTP (is it really PPTP and not PPoE/A?) provides a transparent IP connection as far as your workstation is concerned, I would expect all of this to work.

Let me know how you get on with the Log Viewer....

Regards, Barry

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi Barry,

This is a copy&paste from the VPN Client Log viewer:

1 14:50:19.859 09/24/02 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).

It's the only entry in this log.

I will try if changing the MTU has any effect.

Cheers,

Marcel

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Marcel

Ensure that you have "verbose" turned on the message viewer.

Start the log viewer, Options -> Filter. Right click on each category and ensure that they are all set to high....

Barry

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi Barry,

Ok, here's the log from the VPN Client.

I've replaced the following listed IP-addresses for security.

VPN Concentrators's Ip-addresses = x.x.x.x

Primary DNS/Wins = y.y.y.y

Secondary DNS/Wins = z.z.z.z

Workstations given IP-address (from pool in VPN Concentrator) = v.v.v.v

Workstations own IP-address = w.w.w.w

ADSL-connection static IP-address = t.t.t.t

I think maybe lines 108, 111 and 117 might be useful information for you.

1 15:10:39.222 09/27/02 Sev=Info/6 DIALER/0x63300002

Initiating connection.

2 15:10:39.252 09/27/02 Sev=Info/4 CM/0x63100002

Begin connection process

3 15:10:39.322 09/27/02 Sev=Info/4 CM/0x63100004

Establish secure connection using Ethernet

4 15:10:39.322 09/27/02 Sev=Info/4 CM/0x63100026

Attempt connection with server "x.x.x.x"

5 15:10:39.332 09/27/02 Sev=Info/6 CM/0x63100033

Allocated local TCP port 2083 for TCP connection.

6 15:10:39.482 09/27/02 Sev=Info/4 CM/0x6310002D

TCP connection established on port 10001 with server "x.x.x.x"

7 15:10:39.592 09/27/02 Sev=Info/4 CM/0x63100026

Attempt connection with server "x.x.x.x"

8 15:10:39.592 09/27/02 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x.x.x.

9 15:10:39.752 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID) to x.x.x.x

10 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

11 15:10:40.223 09/27/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, VID, VID, VID, VID) from x.x.x.x

12 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100

13 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

14 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 09002689DFD6B712

15 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

16 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100

17 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000001

Peer supports DPD

18 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000

19 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 1F07F70EAA6514D3B0FA96542A500306

20 15:10:40.253 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to x.x.x.x

21 15:10:40.253 09/27/02 Sev=Info/6 IPSEC/0x6370001F

TCP SYN sent to x.x.x.x, src port 2083, dst port 10001

22 15:10:40.253 09/27/02 Sev=Info/6 IPSEC/0x6370001C

TCP SYN-ACK received from x.x.x.x, src port 10001, dst port 2083

23 15:10:40.253 09/27/02 Sev=Info/6 IPSEC/0x63700020

TCP ACK sent to x.x.x.x, src port 2083, dst port 10001

24 15:10:40.253 09/27/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

25 15:10:40.253 09/27/02 Sev=Info/4 IPSEC/0x6370000D

Key(s) deleted by Interface (w.w.w.w)

26 15:10:40.413 09/27/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

27 15:10:40.413 09/27/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

28 15:10:40.413 09/27/02 Sev=Info/4 CM/0x63100015

Launch xAuth application

29 15:10:48.916 09/27/02 Sev=Info/4 CM/0x63100017

xAuth application returned

30 15:10:48.916 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

31 15:10:51.389 09/27/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

32 15:10:51.389 09/27/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

33 15:10:51.389 09/27/02 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Phase 1 SA in the system

34 15:10:51.389 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

35 15:10:51.469 09/27/02 Sev=Info/5 IKE/0x6300005D

Client sending a firewall request to concentrator

36 15:10:51.469 09/27/02 Sev=Info/5 IKE/0x6300005C

Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).

37 15:10:51.479 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

38 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

39 15:10:51.640 09/27/02 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

40 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = v.v.v.v

41 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = y.y.y.y

42 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = z.z.z.z

43 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = y.y.y.y

44 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(2) (a.k.a. WINS): , value = z.z.z.z

45 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = WARNING:

Unauthorised access or use of this computer system is prohibited.

If you are unauthorised to use this system disconnect now!

46 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

47 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000

48 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.1.Rel built by vmurphy on Aug 29 2002 18:34:44

49 15:10:51.710 09/27/02 Sev=Info/4 CM/0x63100019

Mode Config data received

50 15:10:51.730 09/27/02 Sev=Info/5 IKE/0x63000055

Received a key request from Driver for IP address x.x.x.x, GW IP = x.x.x.x

51 15:10:51.730 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x

52 15:10:51.730 09/27/02 Sev=Info/5 IKE/0x63000055

Received a key request from Driver for IP address 10.10.10.255, GW IP = x.x.x.x

53 15:10:51.770 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x

54 15:10:52.311 09/27/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

55 15:10:52.311 09/27/02 Sev=Info/6 IPSEC/0x6370002B

Sent 5 packets, 0 were fragmented.

56 15:10:56.767 09/27/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0x588D41CA). Retry count: 1

57 15:10:56.767 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x

58 15:10:56.817 09/27/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0x7689694E). Retry count: 1

59 15:10:56.817 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x

60 15:11:01.774 09/27/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0x588D41CA). Retry count: 2

61 15:11:01.774 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x

62 15:11:01.824 09/27/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0x7689694E). Retry count: 2

63 15:11:01.824 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x

64 15:11:06.782 09/27/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0x588D41CA). Retry count: 3

65 15:11:06.782 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x

66 15:11:06.832 09/27/02 Sev=Info/4 IKE/0x63000056

Phase 2 exchange timed out (message id = 0x7689694E). Retry count: 3

67 15:11:06.832 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x

68 15:11:11.789 09/27/02 Sev=Info/4 IKE/0x63000053

Phase-2 retransmission count exceeded, message id = 0x00000003

69 15:11:11.789 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080284

70 15:11:11.789 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

71 15:11:11.839 09/27/02 Sev=Info/4 IKE/0x63000053

Phase-2 retransmission count exceeded, message id = 0x00000003

72 15:11:16.796 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080285

73 15:11:16.796 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

74 15:11:21.804 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080286

75 15:11:21.804 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

76 15:11:26.811 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080287

77 15:11:26.811 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

78 15:11:31.818 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080288

79 15:11:31.818 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

80 15:11:36.825 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080289

81 15:11:36.825 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

82 15:11:41.833 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080290

83 15:11:41.833 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

84 15:11:46.840 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080291

85 15:11:46.840 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

86 15:11:51.847 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080292

87 15:11:51.847 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

88 15:11:56.855 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080293

89 15:11:56.855 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

90 15:12:01.862 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080294

91 15:12:01.862 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

92 15:12:06.869 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080295

93 15:12:06.869 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

94 15:12:11.877 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080296

95 15:12:11.877 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

96 15:12:16.884 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080297

97 15:12:16.884 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

98 15:12:21.891 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080298

99 15:12:21.891 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

100 15:12:26.898 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080299

101 15:12:26.898 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

102 15:12:31.906 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080300

103 15:12:31.906 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

104 15:12:31.906 09/27/02 Sev=Warning/3 IKE/0xE3000068

Failed to send 92 bytes to x.x.x.x, error = 0xFFFFFFF0

105 15:12:36.913 09/27/02 Sev=Info/6 IKE/0x6300003D

Sending DPD request to x.x.x.x, seq# = 1225080301

106 15:12:36.913 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x

107 15:12:36.913 09/27/02 Sev=Warning/3 IKE/0xE3000068

Failed to send 92 bytes to x.x.x.x, error = 0xFFFFFFF0

108 15:12:41.920 09/27/02 Sev=Info/5 IKE/0x63000017

Marking IKE SA for deletion (COOKIES = EF654A83FFBFCCE9 5A2420FEC83E7E1D) reason = DEL_REASON_DONT_NOTIFY_CM

109 15:12:41.920 09/27/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.x

110 15:12:41.920 09/27/02 Sev=Warning/3 IKE/0xE3000068

Failed to send 92 bytes to x.x.x.x, error = 0xFFFFFFF0

111 15:12:41.920 09/27/02 Sev=Info/4 CM/0x63100012

Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_PEER_NOT_RESPONDING". 0 Phase 1 SA currently in the system

112 15:12:41.920 09/27/02 Sev=Info/5 CM/0x63100029

Initializing CVPNDrv

113 15:12:41.920 09/27/02 Sev=Info/4 CM/0x63100031

Resetting TCP connection on port 10001

114 15:12:41.920 09/27/02 Sev=Warning/3 CVPND/0xA3400006

IPC to driver failed: Could not send, error code of -16

115 15:12:41.920 09/27/02 Sev=Info/4 CM/0x63100032

Unable to reset TCP connection

116 15:12:41.920 09/27/02 Sev=Info/6 CM/0x63100034

Removed local TCP port 2083 for TCP connection.

117 15:12:42.021 09/27/02 Sev=Warning/3 DIALER/0xE3300008

GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).

118 15:12:43.022 09/27/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

119 15:12:43.022 09/27/02 Sev=Info/6 IPSEC/0x6370002B

Sent 24 packets, 0 were fragmented.

120 15:12:43.022 09/27/02 Sev=Info/4 IPSEC/0x6370000D

Key(s) deleted by Interface (t.t.t.t)

Thanks in advance for your help. It is much appreciated.

Marcel

P.S. I've experimented with different MTU-sizes to no avail.

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

i've seen this problem before. how are you making your connection to adsl....do you specify a vpn conneciton? if so, that is your problem. you can have only one vpn connection and will need to go back to your provider. your provider is giving you the wrong type of adsl. had the same problem with a european provider, giving the user a business type connection instead of a home users type of connection.

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi,

im getting always the message "Remote peer is no longer responding"

when i start the ipsecdialer .If you are shure you can ping the remote

peer without vpn , then you close the ipsecdialer connection windows

go to ms-dos mode and launch couple of times cvpnd.exe .

Then try again to connect !

Good luck,

Patrizio

Re: No VPN over ADSL connection. Dial-Up no problem.

Hello all,

I have also the same problem.

I'm under W2K, and an ADSL PPTP connexion.

my company use a cisco VPN 3000 with RSA SecureID authentication.

the connexion to the VPN group work correctly, after I enter my username, my password (PIN+secureID code). and after 90s I have "... no longer responding"

In the logs the authentication is correct.

I ask France Telecom to swap my ADSL to PPPOE and all works like that.

Do you know if it will be possible to connect to the VPN 3000 over PPTP ADSL one day ?

thank to everybody for you answers ?

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Most of the problem i've seen depend on the router that connect to the ADSL.

For example with Cisco 827 you must use an Ios image that is aware of the Ipsec protocol (esp on port 50) and the other port involved 500 and 10000 , to let this traffic pass as raw .

Also for your specific probem try to force the keepalives on the VPN software.

Regards,

Patrizio

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

Hi Patrizio,

We're using an ADSL-modem (PPTP between workstation and ADSL-modem), not an ADSL-router. The ADSL-modem is an Alcatel SpeedTouch home.

I believe that in the beginning (releases 3.1 of both Client and Concentrator) everything worked fine. Then we evaluated two ADSL-routers (The Cisco 827 and a Allied Data Technologies CopperJet 810). In the meantime both the VPN Client and the Concentrator were updated to the most recent versions (3.6.2B fot the Client and 3.6.1. for the concentrator as 3.6.3 does not allow AES-encryption). Now back to working over a ADSL-modem the VPN-session can no longer be setup. I've posted the logs from the concentrator and VPN-Client for those interested earlier in this thread.

Somehow I think, our "problem" is thus 3.6.x related.

Cheers,

Marcel

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

I had this problem. To protect our customers against attacks my servicer cable provider was cutting TCP / UDP connections under 1025 comming from Internet to PCs. Because to archieve IKE negotiations we need UDP port 500

open im both directions.

To resolve this problem ; They open this port in my login profile in the cable modem provider

New Member

Re: No VPN over ADSL connection. Dial-Up no problem.

I have also the same problem

No VPN over ADSL connection. Dial-Up no problem

Re: No VPN over ADSL connection. Dial-Up no problem.

VPN over ADSL can work but you have to install the VPN client correctly. Although you will -no-doubt- all know this, its not in the postings.

Connecting a VPN directly over ADSL will not work as this is a PPTP connection only to the Internet provider. On the client-PC you are configuring a VPN connection which is a VPDN in fact. (microsoft PPTP) With the Cisco VPN client, you have to specify this VPDN connection as the required dial-up connection. Doing so will make it use the Internet address allocated from the provider. This adress is directly reachable from the Internet and so VPNs can be set up to it.

I have sucessfully tested a setup as here described as it worked.

1335
Views
0
Helpful
17
Replies
CreatePlease login to create content