04-29-2003 03:49 PM - edited 02-21-2020 12:30 PM
I have a vpn 3x client hangs on securing connection to a pix6.31 firewall. I have run the log viewer in high mode and received the folowing output. I show no error on the pix. Here is a output of the vpnclient log file. I have change the vpn pool address of the pix to z.z.z.z, the outside interface is now x.x.x.x. and the inside network is y.y.y.y
*********************************************
10 19:36:43.215 04/29/03 Sev=Info/6 DIALER/0x63300002
Initiating connection.
11 19:36:43.215 04/29/03 Sev=Info/4 CM/0x63100002
Begin connection process
12 19:36:43.215 04/29/03 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
13 19:36:43.215 04/29/03 Sev=Info/4 CM/0x63100024
Attempt connection with server "x.x.x.x"
14 19:36:43.215 04/29/03 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x..x.x.
15 19:36:43.225 04/29/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID, VID) to x.x.x.x
16 19:36:43.315 04/29/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
17 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
18 19:36:43.645 04/29/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID, VID, VID, VID, KE, ID, NON, HASH) from x.x.x.x
19 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 09002689DFD6B712
20 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
21 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100
22 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000001
Peer supports DPD
23 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100
24 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
25 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 38EA3C252ECC3C491DF1128F3F850491
26 19:36:43.655 04/29/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to x.x.x.x
27 19:36:43.655 04/29/03 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Phase 1 SA in the system
28 19:36:43.665 04/29/03 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator
29 19:36:43.665 04/29/03 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).
30 19:36:43.665 04/29/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
31 19:36:43.705 04/29/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
32 19:36:43.705 04/29/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
33 19:36:43.705 04/29/03 Sev=Info/5 IKE/0x63000044
RESPONDER-LIFETIME notify has value of 86400 seconds
34 19:36:43.705 04/29/03 Sev=Info/5 IKE/0x63000046
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now
35 19:36:43.715 04/29/03 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator
36 19:36:43.715 04/29/03 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).
37 19:36:43.715 04/29/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
38 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
39 19:36:43.725 04/29/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
40 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = z.z.z.z
41 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = y.y.y.y
42 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = y.y.y.y
43 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = yourdomaincom
44 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000003
45 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = y.y.y.y
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
46 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #2
subnet = y.y.y.y
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
47 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #3
subnet = y.y.y.y
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
48 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
49 19:36:43.725 04/29/03 Sev=Info/4 CM/0x63100019
Mode Config data received
50 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000055
Received a key request from Driver for IP address x.x.x.x, GW IP = x.x.x.x
51 19:36:43.725 04/29/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x
52 19:36:43.775 04/29/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
53 19:36:43.775 04/29/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ) from x.x.x.x
54 19:36:43.775 04/29/03 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0xE1DD7110)
55 19:36:43.806 04/29/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
56 19:36:43.806 04/29/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x
57 19:36:43.806 04/29/03 Sev=Warning/3 IKE/0xA300004B
Received a NOTIFY message with an invalid protocol id (0)
05-05-2003 10:25 AM
This kind of a problem is normaly associated with misconfigurations. Revisiting your configuration will help. Another thing that you should probably do is to set the MTU on the VPN client. Also, check if you have assigned an pool to your vpngroup settings for IPSEC on your PIX using the command vpngroup ts-admin ip pool client-pool.
05-15-2003 09:17 PM
(Deleted)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide