I am trying to connect to our network via VPN 3000 Client Dialer. I have no problems connecting from any location except for one site. And I can take the same equipment from the one site and it will work at any other site so I believe my problem is site specific and not a concentrator or software problem.
The only site specific items are a DSL connection through Verizon and the ISP .
One workstation cannot connect at all. The other workstation gets a connection only about 75% of the time.
I can get onto the internet on both workstations without a problem. I can always ping the VPN server.
I've tried changing the MTU down to as low as 300. My connection is through a Fujitsu speedport DSL modem. I do use a Linksys BEFSR41 router, but I have the same problems when I connect directly from the DSL modem.
I've used my log viewer and filtered the IKE to high.
The following is the log on a good connection:
1 13:54:30.075 06/11/02 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 22.214.171.124.
2 13:54:30.135 06/11/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID) to 126.96.36.199
3 13:54:30.405 06/11/02 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 188.8.131.52
4 13:54:30.405 06/11/02 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID, VID, VID, KE, ID, NON, HASH) from 184.108.40.206
5 13:54:30.405 06/11/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100
6 13:54:30.405 06/11/02 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
7 13:54:30.405 06/11/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100
8 13:54:30.405 06/11/02 Sev=Info/5 IKE/0x63000001
Peer supports DPD
9 13:54:30.405 06/11/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = CFE5E554E5BA09A82BF49BB3FC2A434B
Sounds to me like you have a signaling problem with the ISP, though the trace looks relatively clean. The fact you can take the same equipment to another site and it works well solidifies this. Definitely make sure you dont have some sort of layer 2 issues at your local DSLAM, which can cause all sorts of anomalies.
I am not exactly aware of how you are connecting to the intenet and re-distributing it over your LAN , one thing i can say ..
Since you are using a DSL modem to connect to the ISP it gets one public IP address (correct me i i am wrong ) this is probaly NAT ed into your private IP address. if your DSL modem does not support NAT ing then this public IP address can be assigned to one internal IP and the moment the second user connects the first user shall be disconnected.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :