I have a vpn 3x client hangs on securing connection to a pix6.31 firewall. I have run the log viewer in high mode and received the folowing output. I show no error on the pix. Here is a output of the vpnclient log file. I have change the vpn pool address of the pix to z.z.z.z, the outside interface is now x.x.x.x. and the inside network is y.y.y.y

*********************************************

10 19:36:43.215 04/29/03 Sev=Info/6 DIALER/0x63300002

Initiating connection.

11 19:36:43.215 04/29/03 Sev=Info/4 CM/0x63100002

Begin connection process

12 19:36:43.215 04/29/03 Sev=Info/4 CM/0x63100004

Establish secure connection using Ethernet

13 19:36:43.215 04/29/03 Sev=Info/4 CM/0x63100024

Attempt connection with server "x.x.x.x"

14 19:36:43.215 04/29/03 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with x.x..x.x.

15 19:36:43.225 04/29/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID, VID) to x.x.x.x

16 19:36:43.315 04/29/03 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

17 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

18 19:36:43.645 04/29/03 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID, VID, VID, VID, KE, ID, NON, HASH) from x.x.x.x

19 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 09002689DFD6B712

20 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000001

Peer supports XAUTH

21 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059

Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100

22 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000001

Peer supports DPD

23 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100

24 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000001

Peer is a Cisco-Unity compliant peer

25 19:36:43.645 04/29/03 Sev=Info/5 IKE/0x63000059

Vendor ID payload = 38EA3C252ECC3C491DF1128F3F850491

26 19:36:43.655 04/29/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to x.x.x.x

27 19:36:43.655 04/29/03 Sev=Info/4 CM/0x6310000E

Established Phase 1 SA. 1 Phase 1 SA in the system

28 19:36:43.665 04/29/03 Sev=Info/5 IKE/0x6300005D

Client sending a firewall request to concentrator

29 19:36:43.665 04/29/03 Sev=Info/5 IKE/0x6300005C

Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).

30 19:36:43.665 04/29/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

31 19:36:43.705 04/29/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

32 19:36:43.705 04/29/03 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x

33 19:36:43.705 04/29/03 Sev=Info/5 IKE/0x63000044

RESPONDER-LIFETIME notify has value of 86400 seconds

34 19:36:43.705 04/29/03 Sev=Info/5 IKE/0x63000046

This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now

35 19:36:43.715 04/29/03 Sev=Info/5 IKE/0x6300005D

Client sending a firewall request to concentrator

36 19:36:43.715 04/29/03 Sev=Info/5 IKE/0x6300005C

Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).

37 19:36:43.715 04/29/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x

38 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

39 19:36:43.725 04/29/03 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x

40 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = z.z.z.z

41 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = y.y.y.y

42 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = y.y.y.y

43 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = yourdomaincom

44 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000003

45 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #1

subnet = y.y.y.y

mask = 255.255.255.0

protocol = 0

src port = 0

dest port=0

46 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #2

subnet = y.y.y.y

mask = 255.255.255.0

protocol = 0

src port = 0

dest port=0

47 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000F

SPLIT_NET #3

subnet = y.y.y.y

mask = 255.255.255.0

protocol = 0

src port = 0

dest port=0

48 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000

49 19:36:43.725 04/29/03 Sev=Info/4 CM/0x63100019

Mode Config data received

50 19:36:43.725 04/29/03 Sev=Info/5 IKE/0x63000055

Received a key request from Driver for IP address x.x.x.x, GW IP = x.x.x.x

51 19:36:43.725 04/29/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x

52 19:36:43.775 04/29/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

53 19:36:43.775 04/29/03 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ) from x.x.x.x

54 19:36:43.775 04/29/03 Sev=Warning/3 IKE/0xA3000058

Received malformed message or negotiation no longer active (message id: 0xE1DD7110)

55 19:36:43.806 04/29/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x

56 19:36:43.806 04/29/03 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from x.x.x.x

57 19:36:43.806 04/29/03 Sev=Warning/3 IKE/0xA300004B

Received a NOTIFY message with an invalid protocol id (0)