Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with Remote Access VPN

Hello,

i have a problem with my IPSEC Remote VPN. I have ASA and VPN-Client 4.8.

Some homeworkers can connect to the Policy and some can't.

They Connect to the Policy sign up their username and passwort and then, at "negotiation communication...." there is the point where the client stops.

At the Client log comes then "retransmitting last packet" and "Phase-2 retransmission count exceeded: MsgID=D1679B64"

Then the client ends.

Have you got an idee.

Thanks

  • VPN
16 REPLIES
New Member

Re: Problem with Remote Access VPN

hwat method are the problem remote people using to get connected to the net?

No other firewalls involved anywhere you are aware of?

New Member

Re: Problem with Remote Access VPN

the problem is that the passwort query from our AAA server is appearing,the AAA Server accepts the username but then the client isn't able to connect.

At "Negotiation communication..." the clients can't continue.

Other User can connect.

Only Windows XP SP2 FW is involved and a Hardware-WLAN Router at the Homeoffice.

Thanks

New Member

Re: Problem with Remote Access VPN

Is nat-traversal enabled on the asa/pix?

New Member

Re: Problem with Remote Access VPN

yes, nat-traversal (isakmp nat-traversal) is enabled.

New Member

Re: Problem with Remote Access VPN

Ensure ipsec protocols are not blocked by devices on the way between the pix and the client.

When the client attempts a session w/ the pix, is there an error in the pix syslog?

New Member

Re: Problem with Remote Access VPN

No, IPSEC is not blocked, becuase with the PIX it works and with the ASA it doesn't work.

In the ASA-Log there are no Error or Informations.

Thanks

New Member

Re: Problem with Remote Access VPN

Does the client receive is IP from a dhcp-server or from the device? Ensure there is no IP overlapping network between ip-pool's.

Give it a try and change the transport mode on the client. At my business place, it was reported to me some clients needed to configure ipsec/udp protocol to establish a connection w/ my first device, and ipsec proto to my second device.

Not sure but does the ASA must be purchased w/ a valid license for vpn connections?

Mike

New Member

Re: Problem with Remote Access VPN

They receive IP from ASA-Adresspool. Overlapping can't be.

Ok, i try to change the transport mode at the client.

Yes, we bought several licenes for VPN.

Thanks

New Member

Re: Problem with Remote Access VPN

Sorry for my late response.

Look's there is a misconfiguration on the ASA.

If I understand well, the same client is able to connect on the pix but not on the asa?

Are the pix and asa running simultaneously? If yes the vpn-ip-pool should be different between pix and asa.

Ensure the ASA does not nat the encrypted traffic.

BTW did you upgrade the ASA from the pix configuration?

Mike

616
Views
0
Helpful
16
Replies