i have a problem with my IPSEC Remote VPN. I have ASA and VPN-Client 4.8.
Some homeworkers can connect to the Policy and some can't.
They Connect to the Policy sign up their username and passwort and then, at "negotiation communication...." there is the point where the client stops.
At the Client log comes then "retransmitting last packet" and "Phase-2 retransmission count exceeded: MsgID=D1679B64"
Then the client ends.
Have you got an idee.
hwat method are the problem remote people using to get connected to the net?
No other firewalls involved anywhere you are aware of?
the problem is that the passwort query from our AAA server is appearing,the AAA Server accepts the username but then the client isn't able to connect.
At "Negotiation communication..." the clients can't continue.
Other User can connect.
Only Windows XP SP2 FW is involved and a Hardware-WLAN Router at the Homeoffice.
Ensure ipsec protocols are not blocked by devices on the way between the pix and the client.
When the client attempts a session w/ the pix, is there an error in the pix syslog?
No, IPSEC is not blocked, becuase with the PIX it works and with the ASA it doesn't work.
In the ASA-Log there are no Error or Informations.
Does the client receive is IP from a dhcp-server or from the device? Ensure there is no IP overlapping network between ip-pool's.
Give it a try and change the transport mode on the client. At my business place, it was reported to me some clients needed to configure ipsec/udp protocol to establish a connection w/ my first device, and ipsec proto to my second device.
Not sure but does the ASA must be purchased w/ a valid license for vpn connections?
They receive IP from ASA-Adresspool. Overlapping can't be.
Ok, i try to change the transport mode at the client.
Yes, we bought several licenes for VPN.
Sorry for my late response.
Look's there is a misconfiguration on the ASA.
If I understand well, the same client is able to connect on the pix but not on the asa?
Are the pix and asa running simultaneously? If yes the vpn-ip-pool should be different between pix and asa.
Ensure the ASA does not nat the encrypted traffic.
BTW did you upgrade the ASA from the pix configuration?