×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Pix515 VPN Client Connectivity Problem

Pix515 VPN Client Connectivity Problem

Pix515 VPN Client Connectivity Problem

(OP)
I have a Pix 515E with a VPN setup. I recently tried to connect Cisco VPN Client and get the following error:
"Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding"
I have previously been able to connect to this VPN using Cisco VPN Client, but i am unsure if this was before or after our last ISP change (the only thing that was changed on the config was the outside IP & route info). We went from DSL to Newwave Communications Cable Internet.
Below is a copy of my config and VPN Client log. I also just found out the the ISP has recently implemented DOCSIS 3.0 Thank you in advance for any assistance!

*******************************************************************************************************************************************
pix1(config)# sh run
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ********encrypted
passwd ******** encrypted
hostname ABC
domain-name abc.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 102 permit ip 10.10.10.0 255.255.255.0 192.168.100.0 255.255.255.0
pager lines 24
logging on
icmp deny any outside
mtu outside 1500
mtu inside 1500
ip address outside xx.xx.xx.xx xx.xx.xx.xx
ip address inside 10.10.10.200 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool1 192.168.100.1-192.168.100.254
arp timeout 14400
global (outside) 1 xx.xx.xx.xx
nat (inside) 0 access-list 102
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
outbound 10 deny 0.0.0.0 0.0.0.0 0 tcp
outbound 10 deny 0.0.0.0 0.0.0.0 0 esp
outbound 10 permit 10.10.0.0 255.255.0.0 21 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 53 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 53 udp
outbound 10 permit 10.10.0.0 255.255.0.0 443 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 443 udp
outbound 10 permit 10.10.0.0 255.255.0.0 21 udp
outbound 10 permit 10.10.0.0 255.255.0.0 110 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 143 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 80 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 20 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 23 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 25 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 1494 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 22 tcp
outbound 10 permit 10.10.0.0 255.255.0.0 22 udp
outbound 10 permit 0.0.0.0 0.0.0.0 0 udp
outbound 10 permit 10.10.10.0 255.255.255.0 0 udp
outbound 11 permit 0.0.0.0 0.0.0.0 0 tcp
outbound 11 permit 0.0.0.0 0.0.0.0 0 udp
outbound 11 permit 0.0.0.0 0.0.0.0 0 esp
apply (inside) 10 outgoing_src
route outside 0.0.0.0 0.0.0.0 63.142.125.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community ABC-manage
no snmp-server enable traps
tftp-server inside 10.10.10.230 \
floodguard enable
sysopt connection tcpmss 0
sysopt connection permit-ipsec
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
crypto dynamic-map map2 10 set transform-set trmset1
crypto map map1 10 ipsec-isakmp dynamic map2
crypto map map1 interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup VPN1 address-pool vpnpool1
vpngroup VPN1 dns-server 10.10.10.1
vpngroup VPN1 wins-server 10.10.10.1
vpngroup VPN1 split-tunnel 102
vpngroup VPN1 idle-time 1800
vpngroup VPN1 password ********
telnet timeout 15
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:296bd7d8bf19bb87f2545918c45288bd
: end
FRKpix1(config)#
**************************************************************************************************************************
VPN Client Log

Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1

2206 16:05:24.654 12/17/12 Sev=Info/4 CM/0x63100002
Begin connection process

2207 16:05:24.657 12/17/12 Sev=Info/4 CM/0x63100004
Establish secure connection

2208 16:05:24.657 12/17/12 Sev=Info/4 CM/0x63100024
Attempt connection with server "x.x.x.x"

2209 16:05:24.659 12/17/12 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.

2210 16:05:24.662 12/17/12 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation

2211 16:05:24.665 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x

2212 16:05:25.584 12/17/12 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

2213 16:05:25.584 12/17/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

2214 16:05:30.139 12/17/12 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

2215 16:05:30.139 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x

2216 16:05:35.224 12/17/12 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

2217 16:05:35.224 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x

2218 16:05:40.295 12/17/12 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

2219 16:05:40.295 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to x.x.x.x

2220 16:05:45.364 12/17/12 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=6184BB1B3C3B2746 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

2221 16:05:45.864 12/17/12 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=6184BB1B3C3B2746 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

2222 16:05:45.864 12/17/12 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "x.x.x.x" because of "DEL_REASON_PEER_NOT_RESPONDING"

2223 16:05:45.864 12/17/12 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

2224 16:05:45.870 12/17/12 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.

2225 16:05:45.870 12/17/12 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

2226 16:05:46.378 12/17/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

2227 16:05:46.378 12/17/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

2228 16:05:46.378 12/17/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

2229 16:05:46.378 12/17/12 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close