cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
328
Views
0
Helpful
2
Replies

VPN client 3.5.1 to PIX, VPN connection is blocked ,connection lost

david.xu
Level 1
Level 1

Hi,

I have clients running VPN client 3.5.1 on windows computer, ipsec connect to PIX 515 with version 6.0.

There is only one connection has this strange problem.

After the connection establish from Branch with this computer, it access the server inside the HQ, no problem, but someimtes it just cannot browse this server and lost the vpn connection.

From the log viewer , I got these error message everytime:

69 09:51:15.562 09/15/03 Sev=Info/6 FIREWALL/0x63A00005

FORWARD: ESP 206.191.101.26 to 192.168.0.142

70 09:51:15.625 09/15/03 Sev=Info/6 FIREWALL/0x63A00005

FORWARD: ESP 206.191.101.26 to 192.168.0.142

71 09:51:15.859 09/15/03 Sev=Info/6 FIREWALL/0x63A00005

FORWARD: ESP 206.191.101.26 to 192.168.0.142

.

.

.229 09:51:51.359 09/15/03 Sev=Info/4 FIREWALL/0x63A00003

BLOCK: UDP 192.168.0.118:137 to 192.168.0.255:137

230 09:51:53.359 09/15/03 Sev=Info/6 IKE/0x6300003D

Sending DPD request to 206.191.101.26, seq# = 2722692459

231 09:51:53.359 09/15/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26

232 09:51:53.421 09/15/03 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 206.191.101.26

233 09:51:53.421 09/15/03 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 206.191.101.26

234 09:51:53.421 09/15/03 Sev=Info/5 IKE/0x6300003F

Received DPD ACK from 206.191.101.26, seq# received = 2722692459, seq# expected = 2722692459

235 09:52:21.359 09/15/03 Sev=Info/4 FIREWALL/0x63A00003

BLOCK: UDP 192.168.0.148:138 to 192.168.0.255:138

.

.

241 09:56:53.343 09/15/03 Sev=Info/4 FIREWALL/0x63A00003

BLOCK: UDP 206.191.101.26:500 to 192.168.0.142:500

.

.

249 10:00:58.843 09/15/03 Sev=Info/4 FIREWALL/0x63A00003

BLOCK: UDP 192.168.0.106:138 to 192.168.0.255:138

250 10:02:08.859 09/15/03 Sev=Info/6 IKE/0x6300003D

Sending DPD request to 206.191.101.26, seq# = 2722692460

251 10:02:08.859 09/15/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26

252 10:02:13.859 09/15/03 Sev=Info/6 IKE/0x6300003D

Sending DPD request to 206.191.101.26, seq# = 2722692461

253 10:02:13.859 09/15/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26

254 10:02:18.859 09/15/03 Sev=Info/6 IKE/0x6300003D

Sending DPD request to 206.191.101.26, seq# = 2722692462

255 10:02:18.859 09/15/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26

256 10:02:21.187 09/15/03 Sev=Info/4 FIREWALL/0x63A00003

BLOCK: UDP 192.168.0.118:138 to 192.168.0.255:138

257 10:02:23.859 09/15/03 Sev=Info/6 IKE/0x6300003D

Sending DPD request to 206.191.101.26, seq# = 2722692463

258 10:02:23.859 09/15/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26

259 10:02:28.859 09/15/03 Sev=Info/6 IKE/0x6300003D

Sending DPD request to 206.191.101.26, seq# = 2722692464

260 10:02:28.859 09/15/03 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 206.191.101.26

261 10:02:32.125 09/15/03 Sev=Info/4 FIREWALL/0x63A00003

BLOCK: UDP 192.168.0.106:137 to 192.168.0.255:137

262 10:02:32.375 09/15/03 Sev=Info/6 DIALER/0x63300006

Disconnecting connection.

263 10:02:32.375 09/15/03 Sev=Info/4 CM/0x6310000A

Secure connections terminated

I found it looks like a Cisco vpn client Vulnerabilities for verion earlier than 3.0 .

http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

But my version is later than3.0 .

And looks another possibality is if I eanble the stateful firewall on in vpn client , I will get the same error message from log viewer.But stateful firewall is not on on that computer.Is it the possible it is enable by a mistake in vpn client?

I uninstall and reinstall the vpn client already , nothing change.

Anybody has any idea?

Thanks,

David

2 Replies 2

a-vazquez
Level 6
Level 6

Did you check in the bug tool kit if the bug has been resolved??

I checked, it said the bug only happened at version earlier than 3.0, at version 3.51 there is not affected.

But looks my problem is very similar as this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: