Re: Peer Info for x.x.x.x not found error

slongewa · ‎05-27-2009

Hello,

I'm running into an error and I hope someone can help. On AT&T I have a site-to-site VPN connection that works fine between a PIX 501 and a PIX 515. When I change ISP's to Comcast however, I begin to get an error "peer info for x.x.x.x not found." Does anyone know why changing ISP's would cause this error or what i can do to troubleshoot it? Any help that anyone can offer would be greatly appreciated as I am a bit stumped.

Thanks,

Steve

pradeepde · ‎06-02-2009

NAT-Traversal or NAT-T allows VPN traffic to pass through NAT or PAT devices, such as a Linksys SOHO router. If NAT-T is not enabled, VPN Client users often appear to connect to the PIX or ASA without a problem, but they are unable to access the internal network behind the security appliance.

If you do not enable the NAT-T in the NAT/PAT Device, you can receive the regular translation creation failed for protocol 50 src inside:10.0.1.26 dst outside:10.9.69.4 error message in the PIX/ASA.

Similarly, if you are unable to do simultaneous login from the same IP address, the Secure VPN connection terminated locally by client. Reason 412: The remote peer is no longer responding. error message appears. Enable NAT-T in the head end VPN device in order to resolve this error.

Note: With Cisco IOS Software Release 12.2(13)T and later, NAT-T is enabled by default in Cisco IOS.

Here is the command to enable NAT-T on a Cisco Security Appliance. The 20 in this example is the keepalive time (default).

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

slongewa · ‎06-03-2009

I have NAT-T Enabled, but am still running into the issue. Any additional ideas on what would be causing this error?

Thanks,

Steve