03-14-2006 06:42 AM - edited 02-21-2020 02:18 PM
Lately, it seems that I'm getting a specific issue arise when users are trying to connect to our VPN3005. They get fully connected and authenticated, but they are unable to pass any traffic at all. Here is the line from the log when then end the connection:
Mar 13 21:35:15 vermeer3005 162584 03/13/2006 21:35:14.620 SEV=4 AUTH/28 RPT=3213 nnn.nnn.nnn.nnn User [xxxxxxxxxx] Group [yyyyyyyyyy] disconnected: Session Type: IPSec/UDP Duration: 1:21:14 Bytes xmt: 0 Bytes rcv: 0 Reason: User Requested
I realize this is a very brief message, but I was just curious if anyone else has been seeing this problem. I'm running VPN 3000 Concentrator Version 4.7.2.C and this particular client is version 4.6.01.0019. I will be glad to share more information with anyone, I just wanted to get a feel if anyone else has seen this type of behavior. Thank you for your time.
03-20-2006 07:20 AM
The secure connection is called a tunnel, and the VPN Concentrator uses tunneling protocols to negotiate security parameters, create and manage tunnels, encapsulate packets, transmit or receive them through the tunnel, and unencapsulate them. The VPN Concentrator functions as a bidirectional tunnel endpoint: it can receive plain packets, encapsulate them, and send them to the other end of the tunnel where they are unencapsulated and sent to their final destination. It can also receive encapsulated packets, unencapsulate them, and send them to their final destination.
The VPN Concentrator performs the following functions:
Establishes tunnels
Negotiates tunnel parameters
Authenticates users
Assigns user addresses
Encrypts and decrypts data
Manages security keys
Manages data transfer across the tunnel
Manages data transfer inbound and outbound as a tunnel endpoint or router
The VPN Concentrator invokes various standard protocols to accomplish these functions
03-20-2006 11:36 AM
Hello,
I have similar problems, too. We are running VPN3000 ver Version 4.1.6 and Client 3.6.4. The problem happens to users who use wireless internet access or internet access from Hotels on their business trips.
I searched Cisco Web site and found one suggestion regarding this problem which is "Change MTU setting to smaller than 1300".
I tried this solution and it worked on some PCs, but not on the others.
03-21-2006 02:21 PM
same problem.
the authenication do directly to the server. normal one udp 4500. but once authencited the tunnel start. this uses udp port 500. i think something in you network blocking udp port 500. ensure that all you device have this open and have IPSEC enbaled.
also only one person can use these poer if you using NAT. have you tryed TCP mode. don't forget to open the ports up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide