We can successfully connect to a PIX 501 via an ADSL connnection running Windows XP SP2, using client version 4.0.4D. This connection fails when attempting to connect to the same PIX 501 via an ADSL connection running Windows SBS Server 2003. We can ping the PIX501 from this location. The reason code 412 is returned. The 2 ADSL accounts are hosted by the same ISP, but at different locations (business, home).
The log shows at event 6 that the PC sends a tunnel establishment packet to the 501. Then 5 seconds later at event 9, after not receiving anything back from the 501, it re-sends the same packet. This pattern repeats a couple more times until eventually the client gives up.
So, either the issue is that these initial packets from the client are not making it to the PIX, or the replies from the PIX back to this client is not making it back. Doing a "debug crypto isakmp" on the PIX when this tunnel is trying to be built will tell you one way or the other.
Things to check for though are firewalling or filtering. Is there a firewall on the PC itself that would be blocking these packets (either outbound or inbound). Is the ADSL router blocking anything, or doing NAT/PAT of the packets at this location and not the other?
Thanks for the quick response. One detail I left out is that I can connect to other vpn servers from the business site. The site I cannot connect to from the business site responds to pings without packet loss. Could the Pix501 be blocking my IP but still allow a ping to propagate?
Thanx for the comment. We are not using proxy server. Do we need to add any configuration items to sbs server 2003 to handle outgoing vpn connections of this particular variety? Does this particular vpn connection use l2tp vs pptp? Does that matter?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :