Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client won't connect "Reason 412"

I am unable to connect to the Cisco ASA that I have setup. It says that the peer stop responding, any ideas?

Here is the log.

Thansk for all the help.

Cisco Systems VPN Client Version 5.0.07.0440

Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 6.2.9200

Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

1      14:55:52.434  10/08/13  Sev=Info/4          CM/0x63100002

Begin connection process

2      14:55:52.454  10/08/13  Sev=Info/4          CM/0x63100004

Establish secure connection

3      14:55:52.454  10/08/13  Sev=Info/4          CM/0x63100024

Attempt connection with server "555.555.555.555"

4      14:55:52.456  10/08/13  Sev=Info/6          IKE/0x6300003B

Attempting to establish a connection with 74.95.248.157.

5      14:55:52.465  10/08/13  Sev=Info/4          IKE/0x63000001

Starting IKE Phase 1 Negotiation

6      14:55:52.468  10/08/13  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 555.555.555.555

7      14:55:52.470  10/08/13  Sev=Info/4          IPSEC/0x63700008

IPSec driver successfully started

8      14:55:52.470  10/08/13  Sev=Info/4          IPSEC/0x63700014

Deleted all keys

9      14:55:57.792  10/08/13  Sev=Info/4          IKE/0x63000021

Retransmitting last packet!

10     14:55:57.792  10/08/13  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 555.555.555.555

11     14:56:03.289  10/08/13  Sev=Info/4          IKE/0x63000021

Retransmitting last packet!

12     14:56:03.289  10/08/13  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 555.555.555.555

13     14:56:08.801  10/08/13  Sev=Info/4          IKE/0x63000021

Retransmitting last packet!

14     14:56:08.801  10/08/13  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 555.555.555.555

15     14:56:14.293  10/08/13  Sev=Info/4          IKE/0x63000017

Marking IKE SA for deletion  (I_Cookie=0A1D0887292FD514 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

16     14:56:14.794  10/08/13  Sev=Info/4          IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=0A1D0887292FD514 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

17     14:56:14.794  10/08/13  Sev=Info/4          CM/0x63100014

Unable to establish Phase 1 SA with server "555.555.555.555" because of "DEL_REASON_PEER_NOT_RESPONDING"

18     14:56:14.794  10/08/13  Sev=Info/5          CM/0x63100025

Initializing CVPNDrv

19     14:56:14.797  10/08/13  Sev=Info/6          CM/0x63100046

Set tunnel established flag in registry to 0.

20     14:56:14.797  10/08/13  Sev=Info/4          IKE/0x63000001

IKE received signal to terminate VPN connection

21     14:56:15.794  10/08/13  Sev=Info/4          IPSEC/0x63700014

Deleted all keys

22     14:56:15.794  10/08/13  Sev=Info/4          IPSEC/0x63700014

Deleted all keys

23     14:56:15.794  10/08/13  Sev=Info/4          IPSEC/0x63700014

Deleted all keys

24     14:56:15.794  10/08/13  Sev=Info/4          IPSEC/0x6370000A

IPSec driver successfully stopped

1 REPLY
Cisco Employee

VPN client won't connect "Reason 412"

Hi Ariel,

This client logs suggest that it intiated the phase 1 negotiation but did not get any response from ASA.

Do you have the access of the ASA? If yes then please enable the following debugs:

debug crypto condition  peer x.x.x.x (use the public IP of the VPN client, you can check it by going to whatismyip.com)

debug cry isa 125

debug cry ips 125

Because debug on ASA will tell us why exactly it is not responding to the Phase 1 request from the client.

Make sure you have profile configured correctly. The IP address or the FQDN of the ASA is correct and accessible from the client.

If yes then provide us the debugs to troubleshoot further.

Thanks

Jeet Kumar

2180
Views
5
Helpful
1
Replies