Re: Cisco client 4.6 - PIX-506e remote access - Page 2

ddidpm506 · ‎05-15-2007

I'm trying to get VPN remote access working.

I used the example in http://cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html#wp1076294

as a template; my resulting config file is attached, as is my client profile.

When I try to attach with the VPN client software I get the following error:

Cisco Systems VPN Client Version 4.6.00.0045

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

Config file directory: C:\Program Files\Cisco Systems\VPN Client

1 11:49:25.821 05/14/07 Sev=Warning/2 IKE/0xE3000099

Invalid SPI size (PayloadNotify:116)

2 11:49:25.821 05/14/07 Sev=Warning/3 IKE/0xA3000058

Received malformed message or negotiation no longer active (message id: 0x00000000)

At this point I'm kind of at a loss; this seems to imply that the basic connectivity is corrupt, but I can get internet traffic through the firewall.

Or is the client complaining about the security parameters I've set in the PIX?

Any advice? Is there a way to enable a log at the PIX to see what it thinks is happening?

Thanks,

dpm

sdesteuben · ‎07-02-2007

1. i would guess you were using des and sha which doesn't seem to work for me. if i use des then i use md5 and if i 3des i use sha. not sure exactly why but thats how i've alwyas done it and its worked.

2. can't you just split tunnel it?