Using a VPN Client though a Cisco PIX firewall

I have a client who is setting up a new office and is trying to VPN back to their main office. We are using a Netgear FVL328 ProSafe firewall router. We can successfully use the Netgear VPN client to access the network from home locations. Our issue is that the office is in a location behind a cisco pix firewall. The consultant on their end has opened up all of the ports that he can think of but we are still not getting the VPN client to work.

This following are the logs of both a successful VPN connection and their failed connection:

A correct connection log (from my last connection)

[2007-06-13 08:39:40][==== IKE PHASE 1(from 75.4.94.214) START (responder) ====]
[2007-06-13 08:39:40]**** RECEIVED  FIRST MESSAGE OF AGGR MODE ****
[2007-06-13 08:39:40]<POLICY: > PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,VID,VID,VID,VID,VID
[2007-06-13 08:39:40]<LocalRID> Type=ID_FQDN,ID Data=VPNClient
[2007-06-13 08:39:40]<RemoteLID> Type=ID_FQDN,ID Data=VPNClient
[2007-06-13 08:39:41]<POLICY: VPNClient> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,HASH
[2007-06-13 08:39:41]**** SENT OUT SECOND MESSAGE OF AGGR MODE ****
[2007-06-13 08:39:42]**** RECEIVED  THIRD MESSAGE OF AGGR MODE ****
[2007-06-13 08:39:42]<POLICY: VPNClient> PAYLOADS: HASH,NOTIFY
[2007-06-13 08:39:42]**** AGGR MODE COMPLETED ****
[2007-06-13 08:39:42][==== IKE PHASE 1 ESTABLISHED====]
[2007-06-13 08:39:43][==== IKE PHASE 2(from 75.4.94.214) START (responder) ====]
[2007-06-13 08:39:43]**** RECEIVED  FIRST MESSAGE OF QUICK MODE ****
[2007-06-13 08:39:43]**** FOUND IDs,EXTRACE ID INFO ****
[2007-06-13 08:39:43]<Initiator IPADDR=192.168.0.200>
[2007-06-13 08:39:43]<Responder IPADDR=192.168.1.0 MASK=255.255.255.0>
[2007-06-13 08:39:43]**** SENT OUT SECOND MESSAGE OF QUICK MODE ****
[2007-06-13 08:39:43]**** RECEIVED  THIRD MESSAGE OF QUICK MODE ****
[2007-06-13 08:39:43]<POLICY: VPNClient> PAYLOADS: HASH
[2007-06-13 08:39:44]**** QUICK MODE COMPLETED ****
[2007-06-13 08:39:44][==== IKE PHASE 2 ESTABLISHED====]
[2007-06-13 08:39:48]DISCARDING RETRANSMITTED PACKET...
[2007-06-13 08:39:53]DISCARDING RETRANSMITTED PACKET...
[2007-06-13 08:39:58]DISCARDING RETRANSMITTED PACKET...

The incomplete connection log (from other location)

[2007-06-12 18:21:38][==== IKE PHASE 1(from 68.255.10.3) START (responder) ====]
[2007-06-12 18:21:38]**** RECEIVED  FIRST MESSAGE OF AGGR MODE ****
[2007-06-12 18:21:38]<POLICY: > PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,VID,VID,VID,VID,VID
[2007-06-12 18:21:38]<LocalRID> Type=ID_FQDN,ID Data=VPNClient
[2007-06-12 18:21:38]<RemoteLID> Type=ID_FQDN,ID Data=VPNClient
[2007-06-12 18:21:39]<POLICY: VPNClient> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,HASH
[2007-06-12 18:21:39]**** SENT OUT SECOND MESSAGE OF AGGR MODE ****
[2007-06-12 18:21:53][==== IKE PHASE 1(from 68.255.10.3) START (responder) ====]
[2007-06-12 18:21:58]**** SENT OUT INFORMATIONAL EXCHANGE MESSAGE(DELETE_PAYLOAD) ****
[2007-06-12 18:22:08][==== IKE PHASE 1(from 68.255.10.3) START (responder) ====]
[2007-06-12 18:22:08]**** RECEIVED  FIRST MESSAGE OF AGGR MODE ****
[2007-06-12 18:22:08]<POLICY: > PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,VID,VID,VID,VID,VID
[2007-06-12 18:22:08]<LocalRID> Type=ID_FQDN,ID Data=VPNClient
[2007-06-12 18:22:08]<RemoteLID> Type=ID_FQDN,ID Data=VPNClient
[2007-06-12 18:22:09]<POLICY: VPNClient> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,HASH
[2007-06-12 18:22:09]**** SENT OUT SECOND MESSAGE OF AGGR MODE ****

After the last line, everything stops. There is no further connection attempt until they try to reinitiate the connection and it just repeats the same sequence again.

It looks like the Second Message of AGGR Mode probably isnt being received / responded to through the Cisco PIX. We never get anything back receiving the 3rd AGGR message.

Does anyone have an idea of how we can make this work?

Thanks,

Bill
Start Free Trial