Solved

Cisco VPN Client

Posted on 2006-06-14
23
820 Views
Last Modified: 2013-11-16
dear all i have problem in the Cisco VPN Client when i try to connecting to the Cisco VPN Client i get this msg
"Remote peer is no longer responding."
and i'm behind ISA Server 2000 is there is any solution as soon as possible,
0
Comment
Question by:abdmalas
  • 10
  • 7
  • 4
23 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16902324
Can you just read the question again ? It is vague. Does it give any info as to what your network is? Which device you are connecting to etc ?

If you can explain a little more, it would really help and also wouldn't take much time for an expert to answer :-)

Cheers,
Rajesh
0
 

Author Comment

by:abdmalas
ID: 16909563
ok many thanks for your co-operate the problem is we need to access to the Cisco VPN Client System from my office.
So we have satellite connection with Nera Router, and i have ISA Server 2000 when i try to connect from my internal network to the Cisco VPN Client Software i have this
MSG "Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection." if i connected to the ISA Sever
through ISA Firewall Client

and if disable ISA Firewall Client i get this
MSG "Initializing the connection...
Initiating TCP to 136.8.159.13, port 8000...
Contacting the gateway at xxx.x.xxx.xx...
Remote peer is no longer responding."

But If i connect the internet  directly to the PC i can get the connection without any Problem.

Note:
So they need to be able to allow this address range to access the following ports both ways.

8000 TCP
4500 UDP
62515 UDP

sorry for my previous explanation and i hope now its helpful....
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16910757
So the network diagram would look like this?

Internal-------ISA--------Cisco(something)--------Internet---------VPN Client.

Are you able to connect to the vpn client from the Cisco box ? (A router or PIX or a concentrator) ?

Cheers,
Rajesh
0
 

Author Comment

by:abdmalas
ID: 16925638
the problem is,i Can't connect through this diagram

Internal(VPN Client)--------ISA------Router-------Internet--------VPN Server


But i can connect through this diagram..

Internal(VPN Client)---------Router--------------internet-----------VPN server

and i didn't try to connect to the vpn client from the (Nira router) box.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16925928
Looks like your ISA server is not entertaining the VPN session ? I'm not quite sure on how to configure ISA. Hopefully Keith will jump in and take a look at it too.

Cheers,
Rajesh
0
 

Author Comment

by:abdmalas
ID: 16925935
many thanks for your co-operate and i hope Keith advice me ..
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16925973
I'll post a reference in another link for Keith.

Cheers,
Rajesh
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16926134
Hey Rajesh, I got your call....

Can you confirm that ISA is fully service-packed?
are you NATting through the ISA AND NATting again on your router? Install the VPN client on the ISA server itself and retyr. Does it connect ok from there?

Many vpn solutions have an issue with double NAT scenario's
0
 

Author Comment

by:abdmalas
ID: 16926316
hi all,

yes Ihave ISA server 2000 with SP 2 now i don't think i do NATting in my router and i install the VPN Client on ISA server and i still get this error
"Initializing the connection...
Initiating TCP to xxx.x.xxx.xx, port 8000...
Failed to establish a TCP connection."

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16926351
Hmmmm. What appears on the log of the VPN server? Does it see the external IP address of the ISA server appear or does it see the external ip of your router try and make the connection?

What are you seeing in the isa2000 log files?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:abdmalas
ID: 16926397
sorry for this news ths VPN server is not here in onther country i have only this Cisco VPN Client Software
but when i connect directly i can get the connection you can check previous comment
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16926427
We may be a little limited then.

We need to know exactly what is appearing in your ISA log files please.
Also, is your isa in cache mode, firewall mode or integrated mode?
If it is in integrated or firewall mode, I need details of how you connect to the ISA server for non web-based traffic. Are you running the ISA firewall client or are you running SecureNAT (where the default gateway of the work stations point directly to the internal nic of the isa server)?

0
 

Author Comment

by:abdmalas
ID: 16926471
no is not in Cache mode and in integrated mode and stand alone type

yes i run ISA firewall client ... but please can you advice me where can i find my isa log many thanks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16926547
For isa2000? Should be in c:\program files\isa xxxx\isalogs as I recall
0
 

Author Comment

by:abdmalas
ID: 16928626
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      -      -      -      -      -      0      UDP      Bind      -      -      -      0      -      All       -      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      136.8.159.13      62514      -      -      -      62514      UDP      UdpMap      -      -      -      0      -      All       Allow rule      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      136.8.159.13      62514      -      8      -      62514      UDP      UdpMap      -      -      -      20000      -      All       Allow rule      538      26036
199.199.199.32      SYSTEM      cvpnd.exe:3:5.0      N      2006-06-18      07:17:35      fwsrv      NEW_ISA      -      -      -      -      -      8      -      0      UDP      Bind      -      -      -      20000      -      All       -      538      26036
199.199.199.32      Administrator      Skype.exe:3:5.0      N      2006-06-18      07:17:38      fwsrv      NEW_ISA      -      -      
0
 

Author Comment

by:abdmalas
ID: 16928872
is this log helpful to you or you need the full log files

with best regards
Abdmalas
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16929070
In your first post, you stated port 62515, the log is reporting 62514 as the destination port. Was this a typo?
0
 

Author Comment

by:abdmalas
ID: 16929105
i try to open port now 62514


c-ip      r-ip      r-port      cs-protocol      cs-transport      s-operation      sc-status      s-cache-info      rule#1      rule#2      sessionid      connectionid      
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      0      -      VPN      Allow      rule      513      26018
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      20001      -      VPN      Allow      rule      513      26018
199.199.199.32      136.8.159.13      -      -      -      GHBN      0      -      DC++      Allow      rule      538      0
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26032
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26032
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26033
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26033
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26036
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26036
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26037
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26037
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      0      -      All      Allow      rule      538      26038
199.199.199.32      136.8.159.13      62514      62514      UDP      UdpMap      20000      -      All      Allow      rule      538      26038
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      0      -      All      Allow      rule      513      28094
199.199.199.32      136.8.159.13      8000      8000      TCP      Connect      20001      -      All      Allow      rule      513      28094
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16929226
That looks clean enough although I do not have ISA2000 available for testing anymore (I have isa2004 & isa2006 as my two versions).

I am surprised though that there appears to be no return traffic. Nothing in any of the other logs?
0
 

Author Comment

by:abdmalas
ID: 16929245
do you prefered to install ISA 2004 or ISA 2006 coz i have Win 2000 Advanced Server. many thanks for you co-operate .

with best regards,
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 16929252
ISA2006 as it has very recently moved from beta status to Release Candidate status. It has HUGE improvements on ISA2000; you can download a 6 month trial version (100% full functional) from the ms web site.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now