Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client Issue

We can successfully connect to a PIX 501 via an ADSL connnection running Windows XP SP2, using client version 4.0.4D. This connection fails when attempting to connect to the same PIX 501 via an ADSL connection running Windows SBS Server 2003. We can ping the PIX501 from this location. The reason code 412 is returned. The 2 ADSL accounts are hosted by the same ISP, but at different locations (business, home).

5 REPLIES
Cisco Employee

Re: VPN Client Issue

The log shows at event 6 that the PC sends a tunnel establishment packet to the 501. Then 5 seconds later at event 9, after not receiving anything back from the 501, it re-sends the same packet. This pattern repeats a couple more times until eventually the client gives up.

So, either the issue is that these initial packets from the client are not making it to the PIX, or the replies from the PIX back to this client is not making it back. Doing a "debug crypto isakmp" on the PIX when this tunnel is trying to be built will tell you one way or the other.

Things to check for though are firewalling or filtering. Is there a firewall on the PC itself that would be blocking these packets (either outbound or inbound). Is the ADSL router blocking anything, or doing NAT/PAT of the packets at this location and not the other?

New Member

Re: VPN Client Issue

Thanks for the quick response. One detail I left out is that I can connect to other vpn servers from the business site. The site I cannot connect to from the business site responds to pings without packet loss. Could the Pix501 be blocking my IP but still allow a ping to propagate?

New Member

Re: VPN Client Issue

The big detail. If I connect directly to the ADSL router, outside of the Windows SBS 2003 domain I can connect. What configuration item within SBS Server 2003 prevent accessing specfic vpn sites?

Cisco Employee

Re: VPN Client Issue

Are you using a proxy server on that network? If so IPsec will not work through proxy servers, it affects the anti-replay mechanisms of IPsec.

New Member

Re: VPN Client Issue

Thanx for the comment. We are not using proxy server. Do we need to add any configuration items to sbs server 2003 to handle outgoing vpn connections of this particular variety? Does this particular vpn connection use l2tp vs pptp? Does that matter?

234
Views
0
Helpful
5
Replies
CreatePlease login to create content