Solved

Cisco VPN Client is occasionally unable to connect to Cisco VPN Concentrator

Posted on 2006-07-20
3
490 Views
Last Modified: 2013-11-15
We use a Cisco 3015 Concentrator (software version 4.7.2) and the Cisco VPN Software client (version 4.6) running on Notebook computers with Windows XP SP2.  Occasionally users are unable to connect to the VPN concentrator getting the error “Reason 412: The remote peer is no longer responding.”

The very same machine may be able to connect from different location (employee moves to a different hotel) without any problems at all – with all things being the same on the notebook computer and concentrator.  When the failure is occurring – the concentrator event log does not appear to register a login attempt and on the client log indicates several ISAKMP OAK AG (Retransmissions) and the “Discarding IKE SA negotiation” followed by DEL_REASON_PEER_NOT_RESPONDING.
0
Comment
Question by:wpburgess
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 500 total points
Comment Utility
ok you hit the nail on the head.
>The very same machine may be able to connect from different location (employee moves to a different hotel) without any problems at all

that is because they are not passing through IKE SA and the other location is... the problem is there is really no solution to this other than finding hotels that setup the nat and distributions to users correctly.

We have this problem as well with a checkpoint VPN solution for that reason we also have a corprate dialup account as well.

its called NAT traversal in the cisco world..... and in the checkpoint world it is NAT-T.

Thanks
Scott

0
 
LVL 10

Expert Comment

by:Sorenson
Comment Utility
What devices are between the outside port of the 3015 concentrator and the internet?  It would appear to be either a flaky internet connection, or a firewall between the vpn concentrator and the internet that is timing out the connection before the session is actually complete.  Double check the interface information on the vpn concentrator to be sure that there are no ethernet errors (like speed / duplex mismatches indicated by CRC and Runts) as well.

0
 
LVL 10

Expert Comment

by:Sorenson
Comment Utility
sorry. didnt read all the way through the question.  I thought it was with clients that could connect and then suddenly could not.  I think Scotty_cisco's answer hits it on the head.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now