Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco VPN client not connecting to another company's network

Both sites are using ASA's.  I can connect if I am outside our LAN.  Log from the Cisco VPN Client:

 

Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
 
1      11:07:38.938  07/07/14  Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
 
2      11:07:38.938  07/07/14  Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
 
3      11:07:38.944  07/07/14  Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
 
4      11:07:38.944  07/07/14  Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
 
5      11:07:38.950  07/07/14  Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
 
6      11:07:38.951  07/07/14  Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
 
7      11:07:38.953  07/07/14  Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
 
8      11:07:42.249  07/07/14  Sev=Info/4 CM/0x63100002
Begin connection process
 
9      11:07:42.266  07/07/14  Sev=Info/4 CM/0x63100004
Establish secure connection
 
10     11:07:42.266  07/07/14  Sev=Info/4 CM/0x63100024
Attempt connection with server "RochesterVPN.XXX.XXX"
 
11     11:07:42.325  07/07/14  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 161.242.XXX.XXX.
 
12     11:07:42.331  07/07/14  Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
 
13     11:07:42.335  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 161.242.XXX.XXX
 
14     11:07:42.343  07/07/14  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
 
15     11:07:42.344  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
16     11:07:42.344  07/07/14  Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (172.30.235.172)
 
17     11:07:47.406  07/07/14  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
 
18     11:07:47.406  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 161.242.XXX.XXX
 
19     11:07:52.507  07/07/14  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
 
20     11:07:52.507  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 161.242.XXX.XXX
 
21     11:07:57.586  07/07/14  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
 
22     11:07:57.586  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 161.242.XXX.XXX
 
23     11:08:02.647  07/07/14  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=75D8C6A8CBF683AD R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
 
24     11:08:03.161  07/07/14  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=75D8C6A8CBF683AD R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
 
25     11:08:03.161  07/07/14  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "RochesterVPN.XXX.XXX" because of "DEL_REASON_PEER_NOT_RESPONDING"
 
26     11:08:03.161  07/07/14  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
 
27     11:08:03.208  07/07/14  Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
 
28     11:08:03.209  07/07/14  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
 
29     11:08:04.229  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
30     11:08:04.229  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
31     11:08:04.230  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
32     11:08:04.230  07/07/14  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
 

Partial ASA config:

class-map ipsecpassthru-traffic
 match access-list ipsecpassthru
class-map inspection_default
 match default-inspection-traffic
class-map mss-class
 match access-list mss-list
class-map http-map1
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map type inspect ipsec-pass-thru iptmap
 parameters
  esp 
  ah 
policy-map inspection_policy
 class ipsecpassthru-traffic
  inspect ipsec-pass-thru iptmap 
policy-map global_policy
 class http-map1
  set connection advanced-options mss-map
 class inspection_default
  inspect pptp 
  inspect ftp 
  inspect ip-options 
  inspect ipsec-pass-thru 
 class class-default
policy-map type inspect esmtp esmtp_map
 parameters
  allow-tls action log
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map mss-class
 class mss-class
  set connection advanced-options mss-map
  inspect ipsec-pass-thru iptmap 
policy-map type inspect ftp Test
 parameters

 

Let me know what else you need.  TIA!!!

  • VPN
Everyone's tags (1)
44
Views
0
Helpful
0
Replies