Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connection through Watchguard Firebox 500

I have a traveling user that is attempting to connect using his VPN. The location where he is connecting has a Watchguard Firebox firewall. He is connecting to a 3020 oncentrator.

When he tries to connect the concentrator reports phase one and phase 2 completing then in about 30 seconds reports a disconnect from the peer. All that I currently have access to are the logs from the concentrator. Does anyone know what I may need to get the admin for the Watchguard to verify??

Here is what I am seeing from the client ...

Cisco Systems VPN Client Version 5.0.01.0600

Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 6.0.6000

Config file directory: C:\Program Files\Cisco Systems\VPN Client\

Cisco Systems VPN Client Version 5.0.01.0600

Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 6.0.6000

Config file directory: C:\Program Files\Cisco Systems\VPN Client\

1 11:24:01.957 08/20/07 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route: code 5010

Destination 0.0.0.0

Netmask 0.0.0.0

Gateway 192.168.49.1

Interface 192.168.49.27

2 11:24:01.957 08/20/07 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: 0, Netmask: 0, Interface: c0a8311b, Gateway: c0a83101.

3 11:24:01.957 08/20/07 Sev=Warning/2 CVPND/0xA3400015

Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 1168

4 11:24:01.957 08/20/07 Sev=Warning/2 CM/0xA3100025

Unable to delete route. Network: c0a86eff, Netmask: ffffffff, Interface: c0a86e17, Gateway: c0a86e17.

5 11:25:44.714 08/20/07 Sev=Warning/3 IKE/0xE3000066

Could not find an IKE SA for 172.16.4.243. KEY_REQ aborted.

6 11:25:44.714 08/20/07 Sev=Warning/2 IKE/0xE300009B

Failed to initiate P2 rekey: Error dectected (Initiate:176)

7 11:25:44.714 08/20/07 Sev=Warning/2 IKE/0xE300009B

Unable to initiate QM (IKE_MAIN:458)

1 REPLY
Silver

Re: VPN connection through Watchguard Firebox 500

RSA SecurID authentication methods include physical RSA SecurID cards and keychain fobs, and PC software called RSA SecurID for passcode generation. RSA SecurID cards can vary. The passcode might be combination of a PIN and a card code, or you might be required to enter a PIN on the card to display the passcode. Ask your network administrator for the correct procedure. When you use RSA SecurID passcodes for authentication:

The process varies slightly for different operating systems. If you use physical RSA SecurID cards or keychain fobs, the VPN Client displays the appropriate RSA user authentication dialog box. If you use RSA SecurID for passcode generation, it must be running on your workstation

652
Views
0
Helpful
1
Replies
CreatePlease to create content