Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client can't Communicate

What ports need to be open for a VPN Client to establish a session behind a NAT device? The VPN client is configured for NAT Transparency.

Currently I have the following open:

udp 500

udp 10000

udp 4500

Here is the log file:

1 13:35:00.128 07/06/06 Sev=Info/4 CM/0x63100002

Begin connection process

2 13:35:00.148 07/06/06 Sev=Info/4 CM/0x63100004

Establish secure connection using Ethernet

3 13:35:00.148 07/06/06 Sev=Info/4 CM/0x63100024

Attempt connection with server "vpn.XXX.com"

4 13:35:01.150 07/06/06 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with 204.XX.XXX.XXX.

5 13:35:01.160 07/06/06 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 204.XX.XXX.XXX.

6 13:35:01.160 07/06/06 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

7 13:35:01.160 07/06/06 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

8 13:35:06.588 07/06/06 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

9 13:35:06.588 07/06/06 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 204.XX.XXX.XXX.

10 13:35:11.595 07/06/06 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

11 13:35:11.595 07/06/06 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 204.XX.XXX.XXX.

12 13:35:16.602 07/06/06 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

13 13:35:16.602 07/06/06 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 204.XX.XXX.XXX.

14 13:35:21.609 07/06/06 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=1D70BC3A707633B7 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

15 13:35:22.120 07/06/06 Sev=Info/4 IKE/0x6300004A

Discarding IKE SA negotiation (I_Cookie=1D70BC3A707633B7 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

16 13:35:22.120 07/06/06 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "vpn.XXX.com" because of "DEL_REASON_PEER_NOT_RESPONDING"

17 13:35:22.120 07/06/06 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

18 13:35:22.120 07/06/06 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

19 13:35:22.120 07/06/06 Sev=Info/4 IKE/0x63000085

Microsoft IPSec Policy Agent service started successfully

20 13:35:22.611 07/06/06 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

21 13:35:22.611 07/06/06 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

22 13:35:22.611 07/06/06 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

23 13:35:22.611 07/06/06 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

2 REPLIES
Cisco Employee

Re: VPN Client can't Communicate

Hello cplatt01,

Can you ping 204.XX.XXX.XXX? If you are using NAT-T, then udp 500 and udp 4500 are what you need. Does the head-end see the incoming ISAKMP packet?

Hope this helps! If so, please rate.

Thanks

New Member

Re: VPN Client can't Communicate

Unfortuantely this is a contractor so I can't see the other end....

138
Views
0
Helpful
2
Replies
CreatePlease to create content