October 12, 2008 02:09pm pdt

My Account

Top 15 Experts

Overall Top Experts

1lrmoore 2,051,343
2keith_ala... 1,081,507
3rsivanandan 340,794
4tim_holman 340,612
5calvinetter 305,130
6nodisco 213,125
7srikrishnak 210,854
8grblades 197,984
9carribeant... 160,647
10batry_boy 147,954
11Voltz-dk 147,614
12pruecons... 102,029
13stressedo... 97,372
14harbor235 92,176
15Cyclops3... 85,475

	[x] Attachment Details

VPN Peer not responding suddenly

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.2

Zones: Network Software Firewalls, Networking Hardware Firewalls, IPSec Security Protocol

Tags: Ciso, PIX

I have a PIX firewall and until 2 days ago my VPN didn't have any problems. Now when I try to connect, I get 412 peer not responding errors. Below are two log files....the first set is the connection that is having an issue and the other is a remote pix that is not having an issue. My client is set to "enable transparent tunneling" and IPSec over UDP. I have attempted to change to TCP with no luck...
log 1

96 09:38:24.950 04/17/08 Sev=Info/4      CM/0x63100002
Begin connection process

97 09:38:24.967 04/17/08 Sev=Info/4      CM/0x63100004
Establish secure connection

98 09:38:24.967 04/17/08 Sev=Info/4      CM/0x63100024
Attempt connection with server "207.68.36.126"

99 09:38:24.967 04/17/08 Sev=Info/6      IKE/0x6300003B
Attempting to establish a connection with 207.68.36.126.

100 09:38:24.984 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 207.68.36.126

101 09:38:25.052 04/17/08 Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

102 09:38:25.052 04/17/08 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

103 09:38:30.497 04/17/08 Sev=Info/4      IKE/0x63000021
Retransmitting last packet!

104 09:38:30.497 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 207.68.36.126

105 09:38:35.943 04/17/08 Sev=Info/4      IKE/0x63000021
Retransmitting last packet!

106 09:38:35.943 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 207.68.36.126

107 09:38:41.388 04/17/08 Sev=Info/4      IKE/0x63000021
Retransmitting last packet!

108 09:38:41.388 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 207.68.36.126

109 09:38:46.834 04/17/08 Sev=Info/4      IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=349E7D02678C30C0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

110 09:38:47.378 04/17/08 Sev=Info/4      IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=349E7D02678C30C0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

111 09:38:47.378 04/17/08 Sev=Info/4      CM/0x63100014
Unable to establish Phase 1 SA with server "207.68.36.126" because of "DEL_REASON_PEER_NOT_RESPONDING"

112 09:38:47.378 04/17/08 Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

113 09:38:47.429 04/17/08 Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

114 09:38:47.429 04/17/08 Sev=Info/4      IKE/0x63000001
IKE received signal to terminate VPN connection

115 09:38:47.923 04/17/08 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

116 09:38:47.923 04/17/08 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

117 09:38:47.923 04/17/08 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

118 09:38:47.923 04/17/08 Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped

Log 2

119 09:39:24.560 04/17/08 Sev=Info/4      CM/0x63100002
Begin connection process

120 09:39:24.577 04/17/08 Sev=Info/4      CM/0x63100004
Establish secure connection

121 09:39:24.577 04/17/08 Sev=Info/4      CM/0x63100024
Attempt connection with server "65.207.97.162"

122 09:39:24.577 04/17/08 Sev=Info/6      IKE/0x6300003B
Attempting to establish a connection with 65.207.97.162.

123 09:39:24.611 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 65.207.97.162

124 09:39:24.645 04/17/08 Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 65.207.97.162

125 09:39:24.645 04/17/08 Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 65.207.97.162

126 09:39:24.645 04/17/08 Sev=Info/5      IKE/0x63000001
Peer is a Cisco-Unity compliant peer

127 09:39:24.662 04/17/08 Sev=Info/5      IKE/0x63000001
Peer supports XAUTH

128 09:39:24.662 04/17/08 Sev=Info/5      IKE/0x63000001
Peer supports DPD

129 09:39:24.662 04/17/08 Sev=Info/5      IKE/0x63000001
Peer supports NAT-T

130 09:39:24.662 04/17/08 Sev=Info/5      IKE/0x63000001
Peer supports IKE fragmentation payloads

131 09:39:24.696 04/17/08 Sev=Info/6      IKE/0x63000001
IOS Vendor ID Contruction successful

132 09:39:24.696 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 65.207.97.162

133 09:39:24.696 04/17/08 Sev=Info/6      IKE/0x63000055
Sent a keepalive on the IPSec SA

134 09:39:24.696 04/17/08 Sev=Info/4      IKE/0x63000083
IKE Port in use - Local Port = 0x0670, Remote Port = 0x1194

135 09:39:24.696 04/17/08 Sev=Info/5      IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device

136 09:39:24.696 04/17/08 Sev=Info/4      CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

137 09:39:24.696 04/17/08 Sev=Info/4      CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

138 09:39:25.155 04/17/08 Sev=Info/5      IKE/0x6300005E
Client sending a firewall request to concentrator

139 09:39:25.155 04/17/08 Sev=Info/5      IKE/0x6300005D
Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).

140 09:39:25.155 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 65.207.97.162

141 09:39:25.155 04/17/08 Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

142 09:39:25.155 04/17/08 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

143 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 65.207.97.162

144 09:39:25.189 04/17/08 Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 65.207.97.162

145 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 128.50.200.5

146 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 128.5.0.11

147 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 128.1.0.11

148 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

149 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000002

150 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000F
SPLIT_NET #1
      subnet = 128.5.0.0
      mask = 255.255.0.0
      protocol = 0
      src port = 0
      dest port=0

151 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000F
SPLIT_NET #2
      subnet = 128.1.0.0
      mask = 255.255.0.0
      protocol = 0
      src port = 0
      dest port=0

152 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = mdvnf.com

153 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000

154 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc PIX-525 Version 7.1(2) built by dalecki on Tue 14-Mar-06 17:00

155 09:39:25.189 04/17/08 Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

156 09:39:25.189 04/17/08 Sev=Info/4      CM/0x63100019
Mode Config data received

157 09:39:25.240 04/17/08 Sev=Info/4      IKE/0x63000056
Received a key request from Driver: Local IP = 128.50.200.5, GW IP = 65.207.97.162, Remote IP = 0.0.0.0

158 09:39:25.292 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 65.207.97.162

159 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 65.207.97.162

160 09:39:25.326 04/17/08 Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 65.207.97.162

161 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds

162 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now

163 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 65.207.97.162

164 09:39:25.326 04/17/08 Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 65.207.97.162

165 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds

166 09:39:25.326 04/17/08 Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 65.207.97.162

167 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x63000059
Loading IPsec SA (MsgID=B6717500 OUTBOUND SPI = 0x3B19F9F4 INBOUND SPI = 0x20C3879F)

168 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0x3B19F9F4

169 09:39:25.326 04/17/08 Sev=Info/5      IKE/0x63000026
Loaded INBOUND ESP SPI: 0x20C3879F

170 09:39:25.462 04/17/08 Sev=Info/5      CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 128.1.250.0 128.1.50.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.1.0.0 255.255.0.0 128.1.50.2 128.1.50.2 20
128.1.50.2 255.255.255.255 127.0.0.1 127.0.0.1 20
128.1.255.255 255.255.255.255 128.1.50.2 128.1.50.2 20
224.0.0.0 240.0.0.0 128.1.50.2 128.1.50.2 20
255.255.255.255 255.255.255.255 128.1.50.2 128.1.50.2 1

171 09:39:28.994 04/17/08 Sev=Info/4      CM/0x63100034
The Virtual Adapter was enabled:
      IP=128.50.200.5/255.255.0.0
      DNS=128.5.0.11,0.0.0.0
      WINS=128.1.0.11,0.0.0.0
      Domain=mdvnf.com
      Split DNS Names=

172 09:39:28.994 04/17/08 Sev=Info/5      CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 128.1.250.0 128.1.50.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.1.0.0 255.255.0.0 128.1.50.2 128.1.50.2 20
128.1.50.2 255.255.255.255 127.0.0.1 127.0.0.1 20
128.1.255.255 255.255.255.255 128.1.50.2 128.1.50.2 20
128.50.0.0 255.255.0.0 128.50.200.5 128.50.200.5 20
128.50.200.5 255.255.255.255 127.0.0.1 127.0.0.1 20
128.50.255.255 255.255.255.255 128.50.200.5 128.50.200.5 20
224.0.0.0 240.0.0.0 128.1.50.2 128.1.50.2 20
224.0.0.0 240.0.0.0 128.50.200.5 128.50.200.5 20
255.255.255.255 255.255.255.255 128.1.50.2 128.1.50.2 1
255.255.255.255 255.255.255.255 128.50.200.5 128.50.200.5 1

173 09:39:28.994 04/17/08 Sev=Warning/2      CVPND/0xE3400013
AddRoute failed to add a route: code 87
      Destination      128.1.255.255
      Netmask      255.255.255.255
      Gateway      128.50.0.1
      Interface      128.50.200.5

174 09:39:28.994 04/17/08 Sev=Warning/2      CM/0xA3100024
Unable to add route. Network: 8001ffff, Netmask: ffffffff, Interface: 8032c805, Gateway: 80320001.

175 09:39:29.025 04/17/08 Sev=Info/4      CM/0x63100038
Successfully saved route changes to file.

176 09:39:29.025 04/17/08 Sev=Info/5      CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 128.1.250.0 128.1.50.2 20
65.207.97.162 255.255.255.255 128.1.250.0 128.1.50.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.1.0.0 255.255.0.0 128.1.50.2 128.1.50.2 20
128.1.0.0 255.255.0.0 128.50.0.1 128.50.200.5 1
128.1.50.2 255.255.255.255 127.0.0.1 127.0.0.1 20
128.1.255.255 255.255.255.255 128.1.50.2 128.1.50.2 20
128.5.0.0 255.255.0.0 128.50.0.1 128.50.200.5 1
128.50.0.0 255.255.0.0 128.50.200.5 128.50.200.5 20
128.50.200.5 255.255.255.255 127.0.0.1 127.0.0.1 20
128.50.255.255 255.255.255.255 128.50.200.5 128.50.200.5 20
224.0.0.0 240.0.0.0 128.1.50.2 128.1.50.2 20
224.0.0.0 240.0.0.0 128.50.200.5 128.50.200.5 20
255.255.255.255 255.255.255.255 128.1.50.2 128.1.50.2 1
255.255.255.255 255.255.255.255 128.50.200.5 128.50.200.5 1

177 09:39:29.025 04/17/08 Sev=Info/6      CM/0x63100036
The routing table was updated for the Virtual Adapter

178 09:39:29.041 04/17/08 Sev=Info/4      CM/0x6310001A
One secure connection established

179 09:39:29.056 04/17/08 Sev=Info/4      CM/0x6310003B
Address watch added for 128.1.50.2. Current hostname: kng-8h6f491, Current address(es): 128.50.200.5, 128.1.50.2.

180 09:39:29.056 04/17/08 Sev=Info/4      CM/0x6310003B
Address watch added for 128.50.200.5. Current hostname: kng-8h6f491, Current address(es): 128.50.200.5, 128.1.50.2.

181 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

182 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x63700010
Created a new key structure

183 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x6370000F
Added key with SPI=0xf4f9193b into key list

184 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x63700010
Created a new key structure

185 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x6370000F
Added key with SPI=0x9f87c320 into key list

186 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x6370002F
Assigned VA private interface addr 128.50.200.5

187 09:39:29.056 04/17/08 Sev=Info/4      IPSEC/0x63700037
Configure public interface: 128.1.50.2. SG: 65.207.97.162

188 09:39:29.103 04/17/08 Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 1.

189 09:39:30.322 04/17/08 Sev=Info/4      IPSEC/0x63700019
Activate outbound key with SPI=0xf4f9193b for inbound key with SPI=0x9f87c320

	#	Title
	1	CISCO VPN - Error "Reason 412…
	2	adding 2nd VPN to PIX
	3	Pix to Pix VPN
	4	Cisco VPN - Error "Reason 412: …
	5	Remote access to a Pix from a Pix prot…
	6	Changed ISP now VPN won't work