abdmalas
asked on
Cisco VPN Client
dear all i have problem in the Cisco VPN Client when i try to connecting to the Cisco VPN Client i get this msg
"Remote peer is no longer responding."
and i'm behind ISA Server 2000 is there is any solution as soon as possible,
"Remote peer is no longer responding."
and i'm behind ISA Server 2000 is there is any solution as soon as possible,
ASKER
ok many thanks for your co-operate the problem is we need to access to the Cisco VPN Client System from my office.
So we have satellite connection with Nera Router, and i have ISA Server 2000 when i try to connect from my internal network to the Cisco VPN Client Software i have this
MSG "Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection." if i connected to the ISA Sever
through ISA Firewall Client
and if disable ISA Firewall Client i get this
MSG "Initializing the connection...
Initiating TCP to 136.8.159.13, port 8000...
Contacting the gateway at xxx.x.xxx.xx...
Remote peer is no longer responding."
But If i connect the internet directly to the PC i can get the connection without any Problem.
Note:
So they need to be able to allow this address range to access the following ports both ways.
8000 TCP
4500 UDP
62515 UDP
sorry for my previous explanation and i hope now its helpful....
So we have satellite connection with Nera Router, and i have ISA Server 2000 when i try to connect from my internal network to the Cisco VPN Client Software i have this
MSG "Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection." if i connected to the ISA Sever
through ISA Firewall Client
and if disable ISA Firewall Client i get this
MSG "Initializing the connection...
Initiating TCP to 136.8.159.13, port 8000...
Contacting the gateway at xxx.x.xxx.xx...
Remote peer is no longer responding."
But If i connect the internet directly to the PC i can get the connection without any Problem.
Note:
So they need to be able to allow this address range to access the following ports both ways.
8000 TCP
4500 UDP
62515 UDP
sorry for my previous explanation and i hope now its helpful....
So the network diagram would look like this?
Internal-------ISA-------- Cisco(some thing)---- ----Intern et-------- -VPN Client.
Are you able to connect to the vpn client from the Cisco box ? (A router or PIX or a concentrator) ?
Cheers,
Rajesh
Internal-------ISA--------
Are you able to connect to the vpn client from the Cisco box ? (A router or PIX or a concentrator) ?
Cheers,
Rajesh
ASKER
the problem is,i Can't connect through this diagram
Internal(VPN Client)--------ISA------Ro uter------ -Internet- -------VPN Server
But i can connect through this diagram..
Internal(VPN Client)---------Router---- ---------- internet-- ---------V PN server
and i didn't try to connect to the vpn client from the (Nira router) box.
Internal(VPN Client)--------ISA------Ro
But i can connect through this diagram..
Internal(VPN Client)---------Router----
and i didn't try to connect to the vpn client from the (Nira router) box.
Looks like your ISA server is not entertaining the VPN session ? I'm not quite sure on how to configure ISA. Hopefully Keith will jump in and take a look at it too.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
many thanks for your co-operate and i hope Keith advice me ..
I'll post a reference in another link for Keith.
Cheers,
Rajesh
Cheers,
Rajesh
Hey Rajesh, I got your call....
Can you confirm that ISA is fully service-packed?
are you NATting through the ISA AND NATting again on your router? Install the VPN client on the ISA server itself and retyr. Does it connect ok from there?
Many vpn solutions have an issue with double NAT scenario's
Can you confirm that ISA is fully service-packed?
are you NATting through the ISA AND NATting again on your router? Install the VPN client on the ISA server itself and retyr. Does it connect ok from there?
Many vpn solutions have an issue with double NAT scenario's
ASKER
hi all,
yes Ihave ISA server 2000 with SP 2 now i don't think i do NATting in my router and i install the VPN Client on ISA server and i still get this error
"Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection."
yes Ihave ISA server 2000 with SP 2 now i don't think i do NATting in my router and i install the VPN Client on ISA server and i still get this error
"Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection."
Hmmmm. What appears on the log of the VPN server? Does it see the external IP address of the ISA server appear or does it see the external ip of your router try and make the connection?
What are you seeing in the isa2000 log files?
What are you seeing in the isa2000 log files?
ASKER
sorry for this news ths VPN server is not here in onther country i have only this Cisco VPN Client Software
but when i connect directly i can get the connection you can check previous comment
but when i connect directly i can get the connection you can check previous comment
We may be a little limited then.
We need to know exactly what is appearing in your ISA log files please.
Also, is your isa in cache mode, firewall mode or integrated mode?
If it is in integrated or firewall mode, I need details of how you connect to the ISA server for non web-based traffic. Are you running the ISA firewall client or are you running SecureNAT (where the default gateway of the work stations point directly to the internal nic of the isa server)?
We need to know exactly what is appearing in your ISA log files please.
Also, is your isa in cache mode, firewall mode or integrated mode?
If it is in integrated or firewall mode, I need details of how you connect to the ISA server for non web-based traffic. Are you running the ISA firewall client or are you running SecureNAT (where the default gateway of the work stations point directly to the internal nic of the isa server)?
ASKER
no is not in Cache mode and in integrated mode and stand alone type
yes i run ISA firewall client ... but please can you advice me where can i find my isa log many thanks
yes i run ISA firewall client ... but please can you advice me where can i find my isa log many thanks
For isa2000? Should be in c:\program files\isa xxxx\isalogs as I recall
ASKER
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - - - - - - 0 UDP Bind - - - 0 - All - 538 26036
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - 136.8.159.13 62514 - - - 62514 UDP UdpMap - - - 0 - All Allow rule 538 26036
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - 136.8.159.13 62514 - 8 - 62514 UDP UdpMap - - - 20000 - All Allow rule 538 26036
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - - - - 8 - 0 UDP Bind - - - 20000 - All - 538 26036
199.199.199.32 Administrator Skype.exe:3:5.0 N 2006-06-18 07:17:38 fwsrv NEW_ISA - -
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - 136.8.159.13 62514 - - - 62514 UDP UdpMap - - - 0 - All Allow rule 538 26036
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - 136.8.159.13 62514 - 8 - 62514 UDP UdpMap - - - 20000 - All Allow rule 538 26036
199.199.199.32 SYSTEM cvpnd.exe:3:5.0 N 2006-06-18 07:17:35 fwsrv NEW_ISA - - - - - 8 - 0 UDP Bind - - - 20000 - All - 538 26036
199.199.199.32 Administrator Skype.exe:3:5.0 N 2006-06-18 07:17:38 fwsrv NEW_ISA - -
ASKER
is this log helpful to you or you need the full log files
with best regards
Abdmalas
with best regards
Abdmalas
In your first post, you stated port 62515, the log is reporting 62514 as the destination port. Was this a typo?
ASKER
i try to open port now 62514
c-ip r-ip r-port cs-protocol cs-transport s-operation sc-status s-cache-info rule#1 rule#2 sessionid connectionid
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 0 - VPN Allow rule 513 26018
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 20001 - VPN Allow rule 513 26018
199.199.199.32 136.8.159.13 - - - GHBN 0 - DC++ Allow rule 538 0
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26032
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26032
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26033
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26033
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26036
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26036
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26037
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26037
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26038
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26038
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 0 - All Allow rule 513 28094
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 20001 - All Allow rule 513 28094
c-ip r-ip r-port cs-protocol cs-transport s-operation sc-status s-cache-info rule#1 rule#2 sessionid connectionid
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 0 - VPN Allow rule 513 26018
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 20001 - VPN Allow rule 513 26018
199.199.199.32 136.8.159.13 - - - GHBN 0 - DC++ Allow rule 538 0
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26032
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26032
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26033
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26033
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26036
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26036
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26037
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26037
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 0 - All Allow rule 538 26038
199.199.199.32 136.8.159.13 62514 62514 UDP UdpMap 20000 - All Allow rule 538 26038
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 0 - All Allow rule 513 28094
199.199.199.32 136.8.159.13 8000 8000 TCP Connect 20001 - All Allow rule 513 28094
That looks clean enough although I do not have ISA2000 available for testing anymore (I have isa2004 & isa2006 as my two versions).
I am surprised though that there appears to be no return traffic. Nothing in any of the other logs?
I am surprised though that there appears to be no return traffic. Nothing in any of the other logs?
ASKER
do you prefered to install ISA 2004 or ISA 2006 coz i have Win 2000 Advanced Server. many thanks for you co-operate .
with best regards,
with best regards,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you can explain a little more, it would really help and also wouldn't take much time for an expert to answer :-)
Cheers,
Rajesh