VPN does not connect to only user, stops at "Negotiating Policies"
I have Cisco 515E ver 6.3, on which I configured remote vpn client profile. All of my 5 clients were able to access my LAN with the remote vpn client profile for all these years. After I upgraded to ver 7.0, Out of 5, One of my client trying to connect Cisco PIX using the vpn dialer, but it stops after "Negotiating Policies". Any Idea. This problem happens only when he is connecting in the following Order.
Laptop-------->Belkin wireless Router---------->Nokia Siemens Router---------->Internet-------->Cisco PIX---------->My LAN
Debug information on PIX during this time
Nov 21 13:33:26 x.x.x.x %PIX-5-713201: Group = remoteclient, IP = x.x.x.x, Duplicate Phase 2 packet detected. Retransmitting last packet
Nov 21 13:33:31 x.x.x.x %PIX-5-713201: Group = remoteclient, IP = x.x.x.x, Duplicate Phase 2 packet detected. Retransmitting last packet.
For other users when they connect directly through the Broad band router who access from different location does have problem.
I was not able to get any idea with the log number on cisco site :-(
This setup was same, when I had ver.6.3 running, during that time he was able to connect & access but not after upgrading my pix ver 7.0. SO as a temporary fix, he was able to connect in this following manner.
Laptop-------->Nokia Siemens Router---------->Internet-------->Cisco PIX---------->My LAN
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...