Lately, it seems that I'm getting a specific issue arise when users are trying to connect to our VPN3005. They get fully connected and authenticated, but they are unable to pass any traffic at all. Here is the line from the log when then end the connection:
Mar 13 21:35:15 vermeer3005 162584 03/13/2006 21:35:14.620 SEV=4 AUTH/28 RPT=3213 nnn.nnn.nnn.nnn User [xxxxxxxxxx] Group [yyyyyyyyyy] disconnected: Session Type: IPSec/UDP Duration: 1:21:14 Bytes xmt: 0 Bytes rcv: 0 Reason: User Requested
I realize this is a very brief message, but I was just curious if anyone else has been seeing this problem. I'm running VPN 3000 Concentrator Version 4.7.2.C and this particular client is version 4.6.01.0019. I will be glad to share more information with anyone, I just wanted to get a feel if anyone else has seen this type of behavior. Thank you for your time.
The secure connection is called a tunnel, and the VPN Concentrator uses tunneling protocols to negotiate security parameters, create and manage tunnels, encapsulate packets, transmit or receive them through the tunnel, and unencapsulate them. The VPN Concentrator functions as a bidirectional tunnel endpoint: it can receive plain packets, encapsulate them, and send them to the other end of the tunnel where they are unencapsulated and sent to their final destination. It can also receive encapsulated packets, unencapsulate them, and send them to their final destination.
The VPN Concentrator performs the following functions:
Negotiates tunnel parameters
Assigns user addresses
Encrypts and decrypts data
Manages security keys
Manages data transfer across the tunnel
Manages data transfer inbound and outbound as a tunnel endpoint or router
The VPN Concentrator invokes various standard protocols to accomplish these functions
I have similar problems, too. We are running VPN3000 ver Version 4.1.6 and Client 3.6.4. The problem happens to users who use wireless internet access or internet access from Hotels on their business trips.
I searched Cisco Web site and found one suggestion regarding this problem which is "Change MTU setting to smaller than 1300".
I tried this solution and it worked on some PCs, but not on the others.
the authenication do directly to the server. normal one udp 4500. but once authencited the tunnel start. this uses udp port 500. i think something in you network blocking udp port 500. ensure that all you device have this open and have IPSEC enbaled.
also only one person can use these poer if you using NAT. have you tryed TCP mode. don't forget to open the ports up.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...