Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN -using PIX (Remte peer is no longer responding)

Hi,

We've installed and working on VPN connectivity using PIX 515 Firewall IPSec Server and Cisco VPN Client 3.0.3. All our clients are connecting the internet using the dialup account and they are connecting our PIX VPN Gateway. Our client are located in varoius places of out country. The problem is, when they are connecting using VPN Dialer its oftenly giving error as "Remote peer is no longer responding".

Also we are facing some problems in starting the VPN Client 3.0.3 itself. While starting the VPN Dialer its giving the error shows in the pop-up window as "The necessary VPN sub-system is not available. You will not be able to make a connection to the remote IPSec server."

All comments are welcome and appriciatable.

Karthikeyan V

Unity Electro Systems (P) Ltd.,

Coimbatore.

3 REPLIES
Community Member

Re: VPN -using PIX (Remte peer is no longer responding)

1 "Remote peer is no longer responding"

There is an connectivity issues between the VPN client to the PIX.

When your clients dialup to the internet, make sure they can the PIX outside interface before launch the client.

Make sure your client's PC not behind a PAT or NAT eqiupment (ADSL router).

Make sure the dial-up ISP not block UDP 500 and protocol 50 (ESP)

2 "The necessary VPN sub-system is not available. You will not be able to make a connection to the remote IPSec server."

There is BUG filed for that: CSCdw73886

If an attempt to load the VPN Client is made before the CVPND service loads, the following error occurs:

"The necessary VPN sub-system is not available. You will not be able to make a connection to the remote IPSec server."

If an attempt to start the VPN Client is attempted after all services have loaded

the error does not occur. This is misleading and could cause unnecessary

support calls. If the Client could check to verify that the service is loaded

and if it isn't give a more descriptive message informing the customer that the

service is loading, please wait..., etc, I think that would avoid possible

confusion.

To Reproduce:

1. Reboot Windows XP and log into the local PC.

2. As soon as the desktop is visible, click on a shortcut to launch the VPN Client.

3. The error will occur.

Workaround:

If an attempt to load the VPN Client is made before the Clients Service loads, the following error will occur:

"The necessary VPN sub-system is not available. You will not be able to make a connection to the remote IPSec server."

If this occurs, simply wait until the Service has loaded, then start the VPN

Client.

Best Regards,

Community Member

Re: VPN -using PIX (Remte peer is no longer responding)

Hi

Thanks for your valuable comments.

We have tested from the client side to ping the PIX VPN Gateway and all our clients are facing timout for sometime and success reply for sometime (While the VPN client gives the "remote peer is no longer responding" error.)

I've enables the split-tunnel in PIX VPN Gateway. Sometimes there are packet drop in between the client and PIX while I test using ping. If that is the case shall I increase the peer timeout(default is 90 secs) and will this be a one of the reason.

Is there could be any configuration issues in PIX, If that is the case could U please tell me the possibilites of issues.

Welcoming all of your suggestions.

Thanks

karthik

Community Member

Re: VPN -using PIX (Remte peer is no longer responding)

Hi,

I have a doubt for the above problem may be due to the ISAKMP which is working under UDP protocol(port No.500) and using the Digital Certificates. If there is a packet loss, while VPN Connection establishes and the peer timeout is less than that is required for the connection, the connection peer (PIX) may not be responding to the VPN Client.

Because the same person who is using VPN Client can send a mail with many no of attachments to the mail server which is located behind the PIX firewall (DMZ Segment).

Regards,

karthik

242
Views
0
Helpful
3
Replies
CreatePlease to create content