Link to home
Start Free TrialLog in
Avatar of abdmalas
abdmalas

asked on

Cisco VPN Client

dear all i have problem in the Cisco VPN Client when i try to connecting to the Cisco VPN Client i get this msg
"Remote peer is no longer responding."
and i'm behind ISA Server 2000 is there is any solution as soon as possible,
Avatar of rsivanandan
rsivanandan
Flag of India image

Can you just read the question again ? It is vague. Does it give any info as to what your network is? Which device you are connecting to etc ?

If you can explain a little more, it would really help and also wouldn't take much time for an expert to answer :-)

Cheers,
Rajesh
Avatar of abdmalas
abdmalas

ASKER

ok many thanks for your co-operate the problem is we need to access to the Cisco VPN Client System from my office.
So we have satellite connection with Nera Router, and i have ISA Server 2000 when i try to connect from my internal network to the Cisco VPN Client Software i have this
MSG "Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection." if i connected to the ISA Sever
through ISA Firewall Client

and if disable ISA Firewall Client i get this
MSG "Initializing the connection...
Initiating TCP to 136.8.159.13, port 8000...
Contacting the gateway at xxx.x.xxx.xx...
Remote peer is no longer responding."

But If i connect the internet  directly to the PC i can get the connection without any Problem.

Note:
So they need to be able to allow this address range to access the following ports both ways.

8000 TCP
4500 UDP
62515 UDP

sorry for my previous explanation and i hope now its helpful....
So the network diagram would look like this?

Internal-------ISA--------Cisco(something)--------Internet---------VPN Client.

Are you able to connect to the vpn client from the Cisco box ? (A router or PIX or a concentrator) ?

Cheers,
Rajesh
the problem is,i Can't connect through this diagram

Internal(VPN Client)--------ISA------Router-------Internet--------VPN Server


But i can connect through this diagram..

Internal(VPN Client)---------Router--------------internet-----------VPN server

and i didn't try to connect to the vpn client from the (Nira router) box.
Looks like your ISA server is not entertaining the VPN session ? I'm not quite sure on how to configure ISA. Hopefully Keith will jump in and take a look at it too.

Cheers,
Rajesh
many thanks for your co-operate and i hope Keith advice me ..
I'll post a reference in another link for Keith.

Cheers,
Rajesh
Avatar of Keith Alabaster
Hey Rajesh, I got your call....

Can you confirm that ISA is fully service-packed?
are you NATting through the ISA AND NATting again on your router? Install the VPN client on the ISA server itself and retyr. Does it connect ok from there?

Many vpn solutions have an issue with double NAT scenario's
hi all,

yes Ihave ISA server 2000 with SP 2 now i don't think i do NATting in my router and i install the VPN Client on ISA server and i still get this error
"Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection."

Hmmmm. What appears on the log of the VPN server? Does it see the external IP address of the ISA server appear or does it see the external ip of your router try and make the connection?

What are you seeing in the isa2000 log files?
sorry for this news ths VPN server is not here in onther country i have only this Cisco VPN Client Software
but when i connect directly i can get the connection you can check previous comment
We may be a little limited then.

We need to know exactly what is appearing in your ISA log files please.
Also, is your isa in cache mode, firewall mode or integrated mode?
If it is in integrated or firewall mode, I need details of how you connect to the ISA server for non web-based traffic. Are you running the ISA firewall client or are you running SecureNAT (where the default gateway of the work stations point directly to the internal nic of the isa server)?

no is not in Cache mode and in integrated mode and stand alone type

yes i run ISA firewall client ... but please can you advice me where can i find my isa log many thanks
For isa2000? Should be in c:\program files\isa xxxx\isalogs as I recall
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      -      -      -      -      -      0      UDP      Bind      -      -      -      0      -      All       -      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      136.8.159.13      62514      -      -      -      62514      UDP      UdpMap      -      -      -      0      -      All       Allow rule      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      136.8.159.13      62514      -      8      -      62514      UDP      UdpMap      -      -      -      20000      -      All       Allow rule      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      -      -      -      8      -      0      UDP      Bind      -      -      -      20000      -      All       -      538      26036
199.199.199.32      Administrator      Skype.exe:3:5.0      N      2006-06-18      07:17:38      fwsrv      NEW_ISA      -      -      
is this log helpful to you or you need the full log files

with best regards
Abdmalas
In your first post, you stated port 62515, the log is reporting 62514 as the destination port. Was this a typo?
i try to open port now 62514


c-ip      r-ip      r-port      cs-protocol      cs-transport      s-operation      sc-status      s-cache-info      rule#1      rule#2      sessionid      connectionid      
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      0      -      VPN      Allow      rule      513      26018
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      20001      -      VPN      Allow      rule      513      26018
199.199.199.32      136.8.159.13      -      -      -      GHBN      0      -      DC++      Allow      rule      538      0
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26032
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26032
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26033
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26033
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26036
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26036
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26037
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26037
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26038
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26038
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      0      -      All      Allow      rule      513      28094
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      20001      -      All      Allow      rule      513      28094
That looks clean enough although I do not have ISA2000 available for testing anymore (I have isa2004 & isa2006 as my two versions).

I am surprised though that there appears to be no return traffic. Nothing in any of the other logs?
do you prefered to install ISA 2004 or ISA 2006 coz i have Win 2000 Advanced Server. many thanks for you co-operate .

with best regards,
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial