I have a 3000 VPN concentrator, running version 184.108.40.206, and WIN XP clients running ver 3.6.3. Occasionally when connecting to the VPN, after the user has typed in the VPN USER/PASS and the Win USER/PASS, the connection is dropped immediately. Looking at the Log on the concentrator shows:-
13685 08/25/2005 08:58:36.580 SEV=4 IKE/52 RPT=7692 220.127.116.11 Group [VPN-MM] User [markh] User (markh) authenticated
13686 08/25/2005 08:58:36.630 SEV=4 IKEDBG/65 RPT=9462 18.104.22.168 Group [VPN-MM] User [markh] IKE TM V6 FSM error history (struct &0x43ba2b4) , : TM_DONE, EV_ERROR TM_BLD_REPLY, EV_IP_FAIL TM_BLD_REPLY, NullEvent TM_BLD_REPLY, EV_GET_IP
Once the connection has failed once, it continues to fail, we are using ACS to authenticate against, and the error can be cleared by changing the IP type from static to dynamic on the ACS server. This will then work for a while then fail again further down the Line.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...