Cisco VPN Client

dear all i have problem in the Cisco VPN Client when i try to connecting to the Cisco VPN Client i get this msg
"Remote peer is no longer responding."
and i'm behind ISA Server 2000 is there is any solution as soon as possible,
abdmalasAsked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
ISA2006 as it has very recently moved from beta status to Release Candidate status. It has HUGE improvements on ISA2000; you can download a 6 month trial version (100% full functional) from the ms web site.
0
 
rsivanandanCommented:
Can you just read the question again ? It is vague. Does it give any info as to what your network is? Which device you are connecting to etc ?

If you can explain a little more, it would really help and also wouldn't take much time for an expert to answer :-)

Cheers,
Rajesh
0
 
abdmalasAuthor Commented:
ok many thanks for your co-operate the problem is we need to access to the Cisco VPN Client System from my office.
So we have satellite connection with Nera Router, and i have ISA Server 2000 when i try to connect from my internal network to the Cisco VPN Client Software i have this
MSG "Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection." if i connected to the ISA Sever
through ISA Firewall Client

and if disable ISA Firewall Client i get this
MSG "Initializing the connection...
Initiating TCP to 136.8.159.13, port 8000...
Contacting the gateway at xxx.x.xxx.xx...
Remote peer is no longer responding."

But If i connect the internet  directly to the PC i can get the connection without any Problem.

Note:
So they need to be able to allow this address range to access the following ports both ways.

8000 TCP
4500 UDP
62515 UDP

sorry for my previous explanation and i hope now its helpful....
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
rsivanandanCommented:
So the network diagram would look like this?

Internal-------ISA--------Cisco(something)--------Internet---------VPN Client.

Are you able to connect to the vpn client from the Cisco box ? (A router or PIX or a concentrator) ?

Cheers,
Rajesh
0
 
abdmalasAuthor Commented:
the problem is,i Can't connect through this diagram

Internal(VPN Client)--------ISA------Router-------Internet--------VPN Server


But i can connect through this diagram..

Internal(VPN Client)---------Router--------------internet-----------VPN server

and i didn't try to connect to the vpn client from the (Nira router) box.
0
 
rsivanandanCommented:
Looks like your ISA server is not entertaining the VPN session ? I'm not quite sure on how to configure ISA. Hopefully Keith will jump in and take a look at it too.

Cheers,
Rajesh
0
 
abdmalasAuthor Commented:
many thanks for your co-operate and i hope Keith advice me ..
0
 
rsivanandanCommented:
I'll post a reference in another link for Keith.

Cheers,
Rajesh
0
 
Keith AlabasterEnterprise ArchitectCommented:
Hey Rajesh, I got your call....

Can you confirm that ISA is fully service-packed?
are you NATting through the ISA AND NATting again on your router? Install the VPN client on the ISA server itself and retyr. Does it connect ok from there?

Many vpn solutions have an issue with double NAT scenario's
0
 
abdmalasAuthor Commented:
hi all,

yes Ihave ISA server 2000 with SP 2 now i don't think i do NATting in my router and i install the VPN Client on ISA server and i still get this error
"Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection."

0
 
Keith AlabasterEnterprise ArchitectCommented:
Hmmmm. What appears on the log of the VPN server? Does it see the external IP address of the ISA server appear or does it see the external ip of your router try and make the connection?

What are you seeing in the isa2000 log files?
0
 
abdmalasAuthor Commented:
sorry for this news ths VPN server is not here in onther country i have only this Cisco VPN Client Software
but when i connect directly i can get the connection you can check previous comment
0
 
Keith AlabasterEnterprise ArchitectCommented:
We may be a little limited then.

We need to know exactly what is appearing in your ISA log files please.
Also, is your isa in cache mode, firewall mode or integrated mode?
If it is in integrated or firewall mode, I need details of how you connect to the ISA server for non web-based traffic. Are you running the ISA firewall client or are you running SecureNAT (where the default gateway of the work stations point directly to the internal nic of the isa server)?

0
 
abdmalasAuthor Commented:
no is not in Cache mode and in integrated mode and stand alone type

yes i run ISA firewall client ... but please can you advice me where can i find my isa log many thanks
0
 
Keith AlabasterEnterprise ArchitectCommented:
For isa2000? Should be in c:\program files\isa xxxx\isalogs as I recall
0
 
abdmalasAuthor Commented:
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      -      -      -      -      -      0      UDP      Bind      -      -      -      0      -      All       -      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      136.8.159.13      62514      -      -      -      62514      UDP      UdpMap      -      -      -      0      -      All       Allow rule      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      136.8.159.13      62514      -      8      -      62514      UDP      UdpMap      -      -      -      20000      -      All       Allow rule      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      -      -      -      8      -      0      UDP      Bind      -      -      -      20000      -      All       -      538      26036
199.199.199.32      Administrator      Skype.exe:3:5.0      N      2006-06-18      07:17:38      fwsrv      NEW_ISA      -      -      
0
 
abdmalasAuthor Commented:
is this log helpful to you or you need the full log files

with best regards
Abdmalas
0
 
Keith AlabasterEnterprise ArchitectCommented:
In your first post, you stated port 62515, the log is reporting 62514 as the destination port. Was this a typo?
0
 
abdmalasAuthor Commented:
i try to open port now 62514


c-ip      r-ip      r-port      cs-protocol      cs-transport      s-operation      sc-status      s-cache-info      rule#1      rule#2      sessionid      connectionid      
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      0      -      VPN      Allow      rule      513      26018
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      20001      -      VPN      Allow      rule      513      26018
199.199.199.32      136.8.159.13      -      -      -      GHBN      0      -      DC++      Allow      rule      538      0
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26032
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26032
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26033
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26033
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26036
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26036
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26037
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26037
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26038
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26038
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      0      -      All      Allow      rule      513      28094
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      20001      -      All      Allow      rule      513      28094
0
 
Keith AlabasterEnterprise ArchitectCommented:
That looks clean enough although I do not have ISA2000 available for testing anymore (I have isa2004 & isa2006 as my two versions).

I am surprised though that there appears to be no return traffic. Nothing in any of the other logs?
0
 
abdmalasAuthor Commented:
do you prefered to install ISA 2004 or ISA 2006 coz i have Win 2000 Advanced Server. many thanks for you co-operate .

with best regards,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.