Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot connect via VPN

I have ran the VPN wizard on my PIX 501 choosing the option to connect with Cisco VPN client 3 or higher. i am using client version 5.0.04 with the group name, IP Address of the PIX and the username /password set. the rest are defaults. when i try to connect i get the error message "Secure VPN connection terminated locally by the client. reason 412: the remote peer is no longer responding.

When looking at the firewall logs on my DSL router that i am connecting through the log entry reads: src= My IP Address dst= PIX IP Address ipprot=17 sport1704 dport=500 packet dropped. i am assuming thet this entry is telling me that it got as far as the PIX but the connection was refused. i have attached 2 copies of the show run 1 before the wizard and one after so that somebody can view it to see if i have missed anything.

Thanks in advance,

James.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cannot connect via VPN

James,

You need to add a rule on your router to allow the following traffic:

udp 500 to your pix

udp 4500 to your pix

and then turn on nat-traversal as the previous person suggested

The VPN client negotiates p1/p2 over udp 500. If your router (which I assume is before the pix, or after your client) is dropping that traffic (it shows as being dropped) then the pix is *not* receiving it.

3 REPLIES
Cisco Employee

Re: Cannot connect via VPN

Hi,

Can you enable this command "isakmp nat-traversal" and try connecting again. In case if you are still having issues, can you post the outputs of "deb cry is", "deb cry ips" and also logs from the VPN Client with logging level set to high.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: Cannot connect via VPN

Hi,

Thanks for the prompt response.

I added the line you suggested and still could not connect. I have attached the log from the Client after that connection attempt.

Regards,

James

Cisco Employee

Re: Cannot connect via VPN

James,

You need to add a rule on your router to allow the following traffic:

udp 500 to your pix

udp 4500 to your pix

and then turn on nat-traversal as the previous person suggested

The VPN client negotiates p1/p2 over udp 500. If your router (which I assume is before the pix, or after your client) is dropping that traffic (it shows as being dropped) then the pix is *not* receiving it.

244
Views
0
Helpful
3
Replies