VPN Error 721 on PIX 506e

Dear,
Since yesterday i can't connect anymore to our network through VPN, i am getting error 721:"after verifying username and password".
The VPN was working for more than a year and we didn't change anything in the PIX.
Please help, very important

Here my configuration :

sh run
: Saved
:
PIX Version 6.3(1)
interface ethernet0 100basetx
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxxxx encrypted
passwd encrypted
hostname fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list access-in permit tcp any interface outside eq 14000
access-list access-in permit udp any interface outside eq 14000
access-list access-in permit tcp any interface outside eq 32
access-list access-in permit icmp any any
access-list access-in permit tcp any host xxx.xxx.xxx.50 eq smtp
access-list access-in permit tcp any host xxx.xxx.xxx.50 eq 3389
access-list access-in permit tcp any host xxx.xxx.xxx.50 eq www
access-list access-in permit tcp host yyy.yyy.1.65 host xxx.xxx.xxx.50 eq ftp
access-list access-in permit tcp host yyy.yyy.1.63 host xxx.xxx.xxx.50 eq ftp
access-list NO-NAT permit ip any 172.16.1.0 255.255.255.0
access-list worms deny udp any any eq tftp
access-list worms deny tcp any any eq 135
access-list worms deny udp any any eq 135
access-list worms deny udp any any eq netbios-ns
access-list worms deny udp any any eq netbios-dgm
access-list worms deny tcp any any eq netbios-ssn
access-list worms deny udp any any eq 139
access-list worms deny tcp any any eq 445
access-list worms deny tcp any any eq 593
access-list worms deny tcp any any eq 4444
access-list worms permit ip any any
pager lines 24
logging on
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.50 255.255.255.252
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool myLAN 172.16.1.1-172.16.1.16
pdm location 165.165.0.0 255.255.0.0 outside
pdm location 192.168.0.0 255.255.255.0 inside
pdm location 165.145.0.0 255.255.0.0 outside
pdm location 144.254.0.0 255.255.0.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NO-NAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 32 192.168.0.175 32 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14000 192.168.0.175 14000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000 192.168.0.175 14000 netmask 255.255.255.255 0 0
static (inside,outside) tcp xxx.xxx.xxx.50 smtp 192.168.0.4 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp xxx.xxx.xxx.50 3389 192.168.0.4 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp xxx.xxx.xxx.50 www 192.168.0.4 www netmask 255.255.255.255 0 0
access-group access-in in interface outside
access-group worms in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.49 1
route inside 129.9.0.0 255.255.0.0 192.168.0.254 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http zzz.zzz.zzz.0 255.255.255.0 outside
http aaa.aaa.aaa.100 255.255.255.255 outside
http bbb.bbb.bbb.0 255.255.0.0 outside
http ccc.ccc.ccc.14 255.255.255.255 outside
http 192.168.0.0 255.255.255.0 inside
snmp-server host inside ddd.ddd.ddd.77
no snmp-server location
no snmp-server contact
snmp-server community pass
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh zzz.zzz.zzz.0 255.255.255.0 outside
ssh aaa.aaa.aaa.100 255.255.255.255 outside
ssh bbb.bbb.bbb.0 255.255.0.0 outside
ssh ccc.ccc.ccc.14255.255.255.255 outside
ssh eee.eee.eee.0 255.255.0.0 outside
ssh fff.fff.fff.0 255.255.0.0 outside
ssh timeout 5
console timeout 0
vpdn group myLAN accept dialin pptp
vpdn group myLAN ppp authentication pap
vpdn group myLAN ppp authentication chap
vpdn group myLAN client configuration address local SMSC
vpdn group myLAN pptp echo 60
vpdn group myLAN client authentication local
vpdn username myLAN password *****************
vpdn enable outside
dhcpd lease 3600
dhcpd ping_timeout 750
username user1 password encrypted privilege 15
username user2 password encrypted privilege 15
terminal width 80
: end


aime14Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
What is that you have on your side ? router/cable modem etc ? Did you try resetting them ?

Also I note that you are using 6.3(1) which is old and you need to upgrade that.

Cheers,
Rajesh
0
aime14Author Commented:
In my side i have a router and no any change have been made from both side.
Can you help me how to upgrade to the new version!
Thanks
AIME
0
rsivanandanCommented:
Did you try resetting (power off) the router ?

For upgrade; first read this;

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00804e6d6d.html

this will help you learn something on the requirements (MUST READ!)

Then here is the actual procedure on upgrading;

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml

The above link explains it in detail, go over carefully and actually it is not that difficult.

Cheers,
Rajesh
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

vijaikanagarajCommented:
Hi ,

from ur question ,it is understood that your VPN could not be established during authentication process.

Have u restarted your PIX firewall and tried? since I have personally faced this pbm frequently in many customer sites.

rgds
sai
0
aime14Author Commented:
Hi Sai,
I did the restart but still getting the same error.
Regards
AIME
0
David GeorgeIS/Network Security OfficerCommented:
Have you changed or added any personal firewall software on your computer?  I know that ZoneAlarm will block VPN connections by default unless you setup a rule to allow the connection.  Maybe SP2 was installed by Windows auto-update with Firewall enabled?

Just a few suggestions...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.