I can't get Quick VPN or the Cisco IPSEC VPN clients to connect on any machine to my SA 520.
The IPSEC VPN client says there's no matching profile despite being set to aggressive.
Quick VPN returns the following on all machines. Any ideas?
there are a few things to check on the error that you are getting for the quick vpn.
1. Can you ping the WAN IP address of the router.
2. Is a firewall on the machine that you are using to try to connect.
3. Make sure the network addressing are not the same on the lan sides.
There is also a log in the folder of the quick vpn cleint that may help diagnosing the issue with the connection.
I've verified the three things and can get this far now, but it just hangs. Router shows it's connected.
Here's what the log says:
2009/12/13 14:44:01 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2009/12/13 14:44:04 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2009/12/13 14:44:08 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2009/12/13 14:44:11 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
As soon as I am able to reset the device I will. I'm trying to login from the LAN and the WAN and am just getting a white screen now. Running 1.0.39.
Can I just say I am suffering from this exact problem also, same revision software and everything, and am monitoring this thread closely for an answer. If there is any info I can provide just ask.
Could you please post your log file that is saved in the above mentioned folder? It would be very helpful in locating your issue.
Also, what operating system are you using? 32 or 64 bit? Is the firewall on or off? Have you made an exception in the firewall for the QVPN client software?
Bill, I have attached logs from both the Appliance and the Client. I have Vista on the Server and XP Pro on the Client, both 32bit. Firewalls are turned off on both.
One observation that may be of use is when I try to ping the router on it's internal address from the client when the tunnel is Configured, that is before hitting No on the Retry Box, I get "Negotiating IP Security". When pinging after hitting No on the Retry Box I get "Request timed out".
Bill, I uploaded the logs as requested. Do you have any news for me yet. I am desperate to get this box going. I bought it six weeks ago and have not been able to put it into service yet.
Yes, remote management is enabled. Presumably this is remote administration. I am not forwarding any ports. What ports should I be forwarding?
I apologize I didn't respond quickly to this post. I had posted some information about VPN clients on another thread, and unfortuantely it was not this one. Try what I suggest on this thread:
Bill. I am far from happy. I have seen that link and it just gives a list of chargeable phone numbers in differnent countries for Small Business Support. I am looking at the top of this page and it is saying 'Small Business Support Community' so why do I have to phone a chargeable number when I am already talking to you. I am being pushed around from Pillar to Post and getting nowhere fast. Has anyone looked at the Logs that you asked me to send ten days ago? Judging by the amount of chat on this forum there are a lot of people suffering with this product and no-one in Cisco is worried. I realise that sounding off like this is likely to alienate you people against me and I will be pushed to the bottom of the list but that is a risk I am prepaired to take, for the sake of other people if nothing else. If you do nothing else with this can you bring it to the attention of somone in authority who can get something moving.
To be clear, the support forums do not replace the phone support. Only so much can be done on the forums, but I don't think we are at that point yet. I have asked around and shown the logs to a few people, and they want to know what NAT router you have in front of the quick vpn client?
Disregard my lst post. I have connected two ways and get the same result. 1. via a mobile phone connected to the laptop and 2. via a wifi link through a Belkin N router.
QVPN doesn't work on either but Shrewsoft works on both so I am going to stick with that.
Hi. In my last post to this forum I said Shrewsofts Client was working for me and I was sticking with that. However since upgrading to the latest firmware I have now lost that in that I can't ping the internal lan from the client, also the box has slowed down in that the bootup time is about double. The web throughput however appears unchanged.
On the VPN would it be possible for Cisco to make a statement that the vpn does or doesn't work on the SA500 series. If the statement says it does work can the circumstanses and settings under which it has been tried and tested be published. If the statements says it doesn't work then we will know where we stand and can make alternative arrangements.
If anyone reading this has got it working do you think you could post your circumstanses and settings here.
Thanks and regards
If you have a case open for your issue, press your TAC person to offer a refund. I've had a problem since early December. Since downgrading to 10.0.17, I have not had problems using the IPSEC VPN, however it's useless for firewalling since it has the NAT bug. On version 1.0.39 and higher, the device tends to lockup and in the best scenario, reboot. The newest version won't even pass voice traffic reliably. The RTP stream starts and about 30 seconds into the conversation, the tunnel drops and won't reconnect. Even going to do a reboot via the GUI doesn't work, you have to hit the power switch to reboot. Hope you have better luck than I do. It took this long for them to admit there's a huge problem. Now I just have damage control with the clients we rolled this product out to.
I've got the same problem !!!
Tests: Cisco SA 54, firmeware 1.1.21
Test1 : Windows XP, no firewall, quick VPN 1.3.03 => OK
Test 2: Vista, no firewall, quick VPN 1.3.03 => FAILED
Test 3: Seven 64b, firewall Bit Defender disabled , quick VPN 1.3.03 => Failed
Test 4: Seven 64b, firewall Bit Defender disabled , quick VPN 1.3.03. Compatibilité to XP SP3, Admin mode => Failed
... Any solution ?
Test 4 log:
2010/02/11 21:40:33 [STATUS]OS Version: Windows XP
2010/02/11 21:40:33 [STATUS]Windows Firewall is OFF
2010/02/11 21:40:35 [STATUS]One network interface detected with IP address 10.159.103.22
2010/02/11 21:40:35 [STATUS]Connecting...
2010/02/11 21:40:35 [STATUS]Connecting to remote gateway with IP address: 188.8.131.52
2010/02/11 21:40:37 [STATUS]Remote gateway was reached by https ...
2010/02/11 21:40:37 [STATUS]Provisioning...
2010/02/11 21:40:43 [STATUS]Tunnel is configured. Ping test is about to start.
2010/02/11 21:40:43 [STATUS]Verifying Network...
2010/02/11 21:40:49 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:40:52 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:40:55 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:40:58 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:01 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:06 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/02/11 21:41:23 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:26 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:29 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:32 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:35 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/11 21:41:38 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/02/11 21:41:42 [STATUS]Disconnecting...
2010/02/11 21:41:49 [STATUS]Tunnel is disconnected successfully.
Stephane your log is the same as one posted by Mat on the 13 Dec 09 and the same as the one in an attachment that I uploaded on the 31 Dec 09 and Cisco have not come up with anything that addresses it apart from to provide a list of phone numbers to call which are chargeable. Recently I asked if they can make a statement on whether this products VPN server works at all and if it does what are the settings, but as yet there has been no response. Can Cisco break the silence and give us some constructive guidance on where we stand with this product, like will it be fixed or shall it be returned for full credit, because as it stands it is clearly not fit for purpose.
We are looking into issues with the SA500, including VPN issues. I would like to speak to directly about the issues that you are having. I am sending you a PM with my contact information so that we can your concerns addressed.
Any full solution should be better than a PM ...
Any idea on QuickVPN issues ? or any workaround to use VPN / SA 500 series firewall ?
Not trying to hide anything with a PM. We don't have a full solution yet. We are working on a few issues and I want to document every issue the customer is having and troubleshooting to make sure that all known problems are addressed in the next release.
For the QuickVPN issue, we can troubleshoot this, but it would probably be best to open a case. If you are having problems getting that to work, might I recommend the shrew soft vpn client. It is a free client that can be configured for the SA500. If you read the SA500 admin guide, it will describe how to do this with a Greenbow VPN client. It is the same procedure for that client.
I just check the admin guide but the 'how to setup' for remote access is not very clear for me ...
I just try to setup a remote access VPN using shrew VPN but it does not work ...
Does anyone have already done this ?
I setup a site to site VPN in a minute but remote access sound not so easy (at least for me)
It appears that upgrade problem to 1.1.21 didn't cause the problem, but we are unsure of what fixed the problem. The problem went away, which could mean it was a Windows Firewall problem or something else. It is working now for Florence09, but now we are looking at a WAN port ping problem. Sometimes configuring the box to respond to ping on the WAN port doesn't work. We are investigating that now.