Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn client 3.6.2 gets "remote peer is no longer responding" error

I have a router setup to vpn to a number of remote sites and to communicate with vpn clients. The lan-lan vpn tunnels work fine but the vpn clients (3.6.2) are giving the above error when i try and make the connection. What / how does the client contact the gateway in question? Any suggestions as its seems a very basic connection problem.?

3 REPLIES
Cisco Employee

Re: vpn client 3.6.2 gets "remote peer is no longer responding"

This indicates that the router looses contact with the VPN client during the connection process. Check your VPN pool of addresses that you're giving to the clients, and make sure they're routed out the interface with the crypto map on it.

Is this happening to all the remote clients? Can you include the config of the router, make sure to x.x.x.x out the outside IP address and pre-shared key though?

New Member

Re: vpn client 3.6.2 gets "remote peer is no longer responding"

hi thanks for the reply, here is a copy of the configs.. i have removed the access-lists in the copy to you.

service tcp-keepalives-in

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname xxxxx

!

boot system flash:c1700-k9o3sy7-mz.122-11.T2.bin

logging buffered 12000 debugging

aaa new-model

!

!

aaa authentication login default local

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

enable secret xxxxxxxxxxxxxxxx

!

username bbb

clock timezone GMT 0

clock summer-time BST recurring

ip subnet-zero

no ip source-route

!

!

no ip domain lookup

ip host xxx 192.168.1.13 xxx.xxx.xxx.xxx

ip host xxx 192.168.1.14 xxx.xxx.xxx.xxx

ip host xxx 192.168.1.2 xxx.xxx.xxx.xxx

ip host xxxx 192.168.1.10 xxx.xxx.xxx.xxx

ip host xxxl 192.168.1.6 xxx.xxx.xxx.xxx

ip dhcp excluded-address 10.10.5.1 10.10.5.30

!

ip dhcp pool HOME

import all

network 10.10.5.0 255.255.255.0

default-router 10.10.5.1

lease 2 12

!

ip inspect name ethernetin cuseeme timeout 3600

ip inspect name ethernetin ftp timeout 3600

ip inspect name ethernetin http timeout 3600

ip inspect name ethernetin realaudio timeout 3600

ip inspect name ethernetin smtp timeout 3600

ip inspect name ethernetin tcp timeout 3600

ip inspect name ethernetin udp timeout 15

ip audit notify log

ip audit po max-events 100

!

key chain ddddddddd

key 1

key-string 7 xxxxxxxxxxxxxxxxxxxxxxxxxx

accept-lifetime local 20:00:00 Nov 4 2002 infinite

send-lifetime local 20:00:00 Nov 4 2002 infinite

!

!

crypto isakmp policy 51

authentication pre-share

!

crypto isakmp policy 55

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key xxxxxxxxxxxxx7890 address xxx.xxx.xxx.xxx no-xauth

!

crypto isakmp client configuration group client

key xxxx

dns xxx.xxx.xxx.xxx

domain xxxxx.com

pool ippool

!

!

crypto ipsec transform-set policy esp-3des esp-sha-hmac

crypto ipsec transform-set policy2 esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set policy2

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 1 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set policy

match address 136

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface Tunnel3

ip address 192.168.1.14 255.255.255.252

ip authentication mode eigrp 2 md5

ip authentication key-chain eigrp 2 xxxxxxx1

tunnel source Dialer1

tunnel destination xxx.xxx.xxx.xxx

crypto map clientmap

!

interface ATM0/0

no ip address

no ip unreachables

no ip mroute-cache

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

no fair-queue

!

interface FastEthernet0/0

ip address 10.10.5.1 255.255.255.0

ip access-group 141 in

ip nat inside

ip inspect ethernetin in

speed 100

full-duplex

no cdp enable

!

interface Dialer1

ip address negotiated

ip access-group 105 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname A061164xxxxxxxxxx

ppp chap password 7 xxxxxxxxxxx

ppp ipcp dns request

crypto map clientmap

hold-queue 224 in

!

router eigrp 2

network 10.0.0.0

network 192.168.1.0

no auto-summary

eigrp log-neighbor-changes

!

ip local pool ippool 172.16.1.100 172.16.1.150

ip nat inside source list 112 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

ip pim bidir-enable

!

!

logging trap debugging

logging 10.10.1.253

thanks

New Member

Re: vpn client 3.6.2 gets "remote peer is no longer responding"

Well, as you're running firewall and have an access-group applied to your dialer interface it could make the difference. I'd remove "ip access-group 105 in" for testing. Also remove "crypto map clientmap client authentication list userauthen". On the router turn on "debug crypto ipsec" and "debug crypto isakmp" as well as turning your client logging to high. Post the debugs.

Kurtis Durrett

104
Views
0
Helpful
3
Replies