Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client's can no longer make a connection.

This afternoon my pix appears to have stopped accepting connections from vpn client software. All of my pix-2-pix tunnels are still up but I can't get and clients to connect I have a case open with cisco but am awaiting a response from the engineer. Has anyone scene this before? No configuration changes had taken place prior to the incident. The connections just stopped. I can't seem to get a capture of just the crypto debugs. As soon as I turn on debugs I have to enable logging to console and there is so much information it is next to impossible to capture the data I ned to troubleshoot this. If anyone has any recomendations please let me know. I do not want to reboot the pix as this will disrupt other things that are still working and I also will not beable to determine what actually is causing the issue.

4 REPLIES
Gold

Re: VPN Client's can no longer make a connection.

just wondering how many users are affected. is it possible that the issue is related to the remote user pc?

New Member

Re: VPN Client's can no longer make a connection.

It was service affecting across the board. I ended up getting frustrated and just clearing the xlate. THis fixed the issue. The only thing that I can figure is possibly translations were not getting removed from the table after a termination of the connection and filled up all the sockets used for UDP connections - or something like that - not really sure. But after clearing the xlate table all connections began functiong correctly again.

Thanks

David

MY ISSUE IS RESOLVED!

Gold

Re: VPN Client's can no longer make a connection.

it's good to learn that your issue has been resolved.

just wondering if the pix is 501. if so, then the issue may be related to number of inside user.

e.g. do "sh ver"

pix# sh ver

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(2)

Compiled on Fri 02-Jul-04 00:07 by morlee

pix up 229 days 14 hours

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0012.80cb.d613, irq 9

1: ethernet1: address is 0012.80cb.d614, irq 10

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces: 2

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: 10

Throughput: Unlimited

IKE peers: 10

New Member

Re: VPN Client's can no longer make a connection.

Nope, that is not the problem. Thank you though. I have resolved the issue. There were some issues in the translations table.

108
Views
0
Helpful
4
Replies
CreatePlease login to create content