PIX 501 Intermitent VPN Connection Problem
Hi,
I have a PIX 501 setup to allow remote employees to access our local network resources. Everything is working fine but some users running Vista are having intermittent connection problems connecting.
For example, they will connect without any problems the first time but if they disconnect and then try to reconnect again they can't. There doesn't seem to be any clear pattern to the problem.
They are running VPN client version 5.0.05.0280 on Vista.
Could this have something to do with the connection not disconnecting properly?
Is there anything related to the idle timeout that can resolve this issue?
If anyone could have a look over my configuration to see if there is anything I might need to change in order to resolve this I'd be greatly appreciative.
I have a PIX 501 setup to allow remote employees to access our local network resources. Everything is working fine but some users running Vista are having intermittent connection problems connecting.
For example, they will connect without any problems the first time but if they disconnect and then try to reconnect again they can't. There doesn't seem to be any clear pattern to the problem.
They are running VPN client version 5.0.05.0280 on Vista.
Could this have something to do with the connection not disconnecting properly?
Is there anything related to the idle timeout that can resolve this issue?
If anyone could have a look over my configuration to see if there is anything I might need to change in order to resolve this I'd be greatly appreciative.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I noted open caveats if your pc has more ip address on network adapter;
anomally behaviours has been observed if your pc was upgrated from XP to Vista.
anomally behaviours has been observed if your pc was upgrated from XP to Vista.
it colud be possible take vpn client log about connection/disconnection ?
ASKER
Thank you for the quick response. I will post up a vpn client log ASAP.
ASKER
Hi MinoDC,
Here is the connection log from a failed connection attempt. Hopefully this will shed some light on the problem. Fingers crossed.
Cisco Systems VPN Client Version 5.0.05.0280
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
4 20:54:59.241 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
5 20:55:01.615 01/14/10 Sev=Info/4 CM/0x63100002
Begin connection process
6 20:55:01.863 01/14/10 Sev=Info/4 CM/0x63100004
Establish secure connection
7 20:55:01.863 01/14/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "91.##.###.##"
8 20:55:01.904 01/14/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 91.##.###.##.
9 20:55:01.998 01/14/10 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
10 20:55:02.194 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 91.##.###.##
11 20:55:02.197 01/14/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
12 20:55:02.197 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
13 20:55:02.197 01/14/10 Sev=Info/6 IPSEC/0x6370002C
Sent 9420 packets, 0 were fragmented.
14 20:55:07.096 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
15 20:55:07.164 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from 91.##.###.##
16 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
17 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports DPD
18 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
19 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5
20 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
21 20:55:07.224 01/14/10 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
22 20:55:07.224 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
23 20:55:07.260 01/14/10 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xDECE, Remote Port = 0x1194
24 20:55:07.260 01/14/10 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end is NOT behind a NAT device
25 20:55:07.260 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
26 20:55:07.260 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
27 20:55:07.327 01/14/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
28 20:55:07.328 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 91.##.###.##
29 20:55:07.707 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
30 20:55:07.707 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
31 20:55:07.707 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
32 20:55:07.707 01/14/10 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 6 seconds, setting expiry to 86394 seconds from now
33 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
34 20:55:07.787 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 91.##.###.##
35 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.30.1
36 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.20.4
37 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
38 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
39 20:55:07.788 01/14/10 Sev=Info/4 CM/0x63100019
Mode Config data received
40 20:55:07.833 01/14/10 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.30.1, GW IP = 91.##.###.##, Remote IP = 0.0.0.0
41 20:55:07.879 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 91.##.###.##
42 20:55:07.936 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
43 20:55:08.457 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
44 20:55:08.492 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIM
45 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
46 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb
47 20:55:08.492 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 91.##.###.##
48 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=3D1603F3 OUTBOUND SPI = 0xC9B5322C INBOUND SPI = 0x5B374CB7)
49 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xC9B5322C
50 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5B374CB7
51 20:55:09.482 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
52 20:55:09.536 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 119.12.116.77 119.12.116.77 31
119.12.116.77 255.255.255.255 119.12.116.77 119.12.116.77 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 119.12.116.77 119.12.116.77 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 119.12.116.77 119.12.116.77 286
53 20:55:09.541 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
54 20:55:19.812 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
55 20:55:19.849 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
56 20:55:20.132 01/14/10 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
57 20:55:20.249 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 119.12.116.77 119.12.116.77 31
119.12.116.77 255.255.255.255 119.12.116.77 119.12.116.77 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 119.12.116.77 119.12.116.77 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 119.12.116.77 119.12.116.77 286
58 20:55:20.249 01/14/10 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
59 20:55:20.249 01/14/10 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
60 20:55:21.847 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
61 20:55:22.853 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
62 20:55:23.858 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
63 20:55:24.865 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
64 20:55:25.871 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
65 20:55:26.877 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
66 20:55:27.884 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
67 20:55:28.889 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
68 20:55:29.895 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
69 20:55:30.900 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
70 20:55:37.030 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
71 20:55:37.039 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
72 20:55:51.946 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 119.12.116.77 119.12.116.77 31
119.12.116.77 255.255.255.255 119.12.116.77 119.12.116.77 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 119.12.116.77 119.12.116.77 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 119.12.116.77 119.12.116.77 286
73 20:55:51.946 01/14/10 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
74 20:55:52.192 01/14/10 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
75 20:55:52.192 01/14/10 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263
76 20:55:52.192 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 91.##.###.##
77 20:55:52.192 01/14/10 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = C9B5322C INBOUND SPI = 5B374CB7)
78 20:55:52.192 01/14/10 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3D1603F3
79 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
80 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x2c32b5c9 into key list
81 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
82 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xb74c375b into key list
83 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0xb74c375b
84 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0xb74c375b
85 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x2c32b5c9
86 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x2c32b5c9
87 20:55:57.248 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
88 20:55:57.248 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222411
89 20:55:57.691 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
90 20:55:57.691 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
91 20:55:57.691 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222411, seq# expected = 2334222411
92 20:55:58.659 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
93 20:55:58.694 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
94 20:56:07.903 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
95 20:56:07.903 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222412
96 20:56:08.603 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
97 20:56:08.604 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
98 20:56:08.604 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222412, seq# expected = 2334222412
99 20:56:08.951 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
100 20:56:08.998 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
101 20:56:19.057 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
102 20:56:19.058 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222413
103 20:56:19.331 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
104 20:56:19.438 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
105 20:56:20.135 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
106 20:56:20.135 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
107 20:56:20.135 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222413, seq# expected = 2334222413
108 20:56:22.603 01/14/10 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=94822BDEBC9E5E99
109 20:56:22.603 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 91.##.###.##
110 20:56:23.114 01/14/10 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=94822BDEBC9E5E99
111 20:56:23.114 01/14/10 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
112 20:56:23.114 01/14/10 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
113 20:56:23.119 01/14/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
114 20:56:23.119 01/14/10 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
115 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
116 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
117 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
118 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Here is the connection log from a failed connection attempt. Hopefully this will shed some light on the problem. Fingers crossed.
Cisco Systems VPN Client Version 5.0.05.0280
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
4 20:54:59.241 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
5 20:55:01.615 01/14/10 Sev=Info/4 CM/0x63100002
Begin connection process
6 20:55:01.863 01/14/10 Sev=Info/4 CM/0x63100004
Establish secure connection
7 20:55:01.863 01/14/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "91.##.###.##"
8 20:55:01.904 01/14/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 91.##.###.##.
9 20:55:01.998 01/14/10 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
10 20:55:02.194 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 91.##.###.##
11 20:55:02.197 01/14/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
12 20:55:02.197 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
13 20:55:02.197 01/14/10 Sev=Info/6 IPSEC/0x6370002C
Sent 9420 packets, 0 were fragmented.
14 20:55:07.096 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
15 20:55:07.164 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from 91.##.###.##
16 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
17 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports DPD
18 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
19 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5
20 20:55:07.181 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
21 20:55:07.224 01/14/10 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
22 20:55:07.224 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
23 20:55:07.260 01/14/10 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xDECE, Remote Port = 0x1194
24 20:55:07.260 01/14/10 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end is NOT behind a NAT device
25 20:55:07.260 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
26 20:55:07.260 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
27 20:55:07.327 01/14/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
28 20:55:07.328 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 91.##.###.##
29 20:55:07.707 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
30 20:55:07.707 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
31 20:55:07.707 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
32 20:55:07.707 01/14/10 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 6 seconds, setting expiry to 86394 seconds from now
33 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
34 20:55:07.787 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 91.##.###.##
35 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.30.1
36 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.20.4
37 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
38 20:55:07.787 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
39 20:55:07.788 01/14/10 Sev=Info/4 CM/0x63100019
Mode Config data received
40 20:55:07.833 01/14/10 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.30.1, GW IP = 91.##.###.##, Remote IP = 0.0.0.0
41 20:55:07.879 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 91.##.###.##
42 20:55:07.936 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
43 20:55:08.457 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
44 20:55:08.492 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIM
45 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
46 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb
47 20:55:08.492 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 91.##.###.##
48 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=3D1603F3 OUTBOUND SPI = 0xC9B5322C INBOUND SPI = 0x5B374CB7)
49 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xC9B5322C
50 20:55:08.492 01/14/10 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5B374CB7
51 20:55:09.482 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
52 20:55:09.536 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 119.12.116.77 119.12.116.77 31
119.12.116.77 255.255.255.255 119.12.116.77 119.12.116.77 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 119.12.116.77 119.12.116.77 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 119.12.116.77 119.12.116.77 286
53 20:55:09.541 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
54 20:55:19.812 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
55 20:55:19.849 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
56 20:55:20.132 01/14/10 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
57 20:55:20.249 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 119.12.116.77 119.12.116.77 31
119.12.116.77 255.255.255.255 119.12.116.77 119.12.116.77 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 119.12.116.77 119.12.116.77 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 119.12.116.77 119.12.116.77 286
58 20:55:20.249 01/14/10 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
59 20:55:20.249 01/14/10 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
60 20:55:21.847 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
61 20:55:22.853 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
62 20:55:23.858 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
63 20:55:24.865 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
64 20:55:25.871 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
65 20:55:26.877 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
66 20:55:27.884 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
67 20:55:28.889 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
68 20:55:29.895 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
69 20:55:30.900 01/14/10 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
70 20:55:37.030 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
71 20:55:37.039 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
72 20:55:51.946 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 119.12.116.77 119.12.116.77 31
119.12.116.77 255.255.255.255 119.12.116.77 119.12.116.77 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 119.12.116.77 119.12.116.77 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 119.12.116.77 119.12.116.77 286
73 20:55:51.946 01/14/10 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
74 20:55:52.192 01/14/10 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
75 20:55:52.192 01/14/10 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263
76 20:55:52.192 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 91.##.###.##
77 20:55:52.192 01/14/10 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = C9B5322C INBOUND SPI = 5B374CB7)
78 20:55:52.192 01/14/10 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3D1603F3
79 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
80 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x2c32b5c9 into key list
81 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
82 20:55:52.192 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xb74c375b into key list
83 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0xb74c375b
84 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0xb74c375b
85 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x2c32b5c9
86 20:55:52.193 01/14/10 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x2c32b5c9
87 20:55:57.248 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
88 20:55:57.248 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222411
89 20:55:57.691 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
90 20:55:57.691 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
91 20:55:57.691 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222411, seq# expected = 2334222411
92 20:55:58.659 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
93 20:55:58.694 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
94 20:56:07.903 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
95 20:56:07.903 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222412
96 20:56:08.603 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
97 20:56:08.604 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
98 20:56:08.604 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222412, seq# expected = 2334222412
99 20:56:08.951 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
100 20:56:08.998 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
101 20:56:19.057 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
102 20:56:19.058 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222413
103 20:56:19.331 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
104 20:56:19.438 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
105 20:56:20.135 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
106 20:56:20.135 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
107 20:56:20.135 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222413, seq# expected = 2334222413
108 20:56:22.603 01/14/10 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=94822BDEBC9E5E99
109 20:56:22.603 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 91.##.###.##
110 20:56:23.114 01/14/10 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=94822BDEBC9E5E99
111 20:56:23.114 01/14/10 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
112 20:56:23.114 01/14/10 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
113 20:56:23.119 01/14/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
114 20:56:23.119 01/14/10 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
115 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
116 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
117 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
118 20:56:24.127 01/14/10 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
ASKER
Hi MinoDC,
Here is the connection log for a successful connection. Both logs are from the same machine running Vista.
Cisco Systems VPN Client Version 5.0.05.0280
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
1697 23:12:02.861 01/14/10 Sev=Info/4 CM/0x63100002
Begin connection process
1698 23:12:02.943 01/14/10 Sev=Info/4 CM/0x63100004
Establish secure connection
1699 23:12:02.944 01/14/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "91.##.###.##"
1700 23:12:02.950 01/14/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 91.##.###.##.
1701 23:12:02.955 01/14/10 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
1702 23:12:02.960 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 91.##.###.##
1703 23:12:03.106 01/14/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
1704 23:12:03.106 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
1705 23:12:03.106 01/14/10 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (119.12.116.77)
1706 23:12:06.133 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1707 23:12:06.175 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from 91.##.###.##
1708 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
1709 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports DPD
1710 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
1711 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5
1712 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
1713 23:12:06.204 01/14/10 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
1714 23:12:06.204 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
1715 23:12:06.204 01/14/10 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xC048, Remote Port = 0x1194
1716 23:12:06.204 01/14/10 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end is NOT behind a NAT device
1717 23:12:06.204 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
1718 23:12:06.204 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
1719 23:12:06.231 01/14/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
1720 23:12:06.231 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 91.##.###.##
1721 23:12:06.683 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1722 23:12:06.683 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
1723 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
1724 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 4 seconds, setting expiry to 86396 seconds from now
1725 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1726 23:12:06.723 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 91.##.###.##
1727 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.30.1
1728 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.20.4
1729 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
1730 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
1731 23:12:06.724 01/14/10 Sev=Info/4 CM/0x63100019
Mode Config data received
1732 23:12:06.731 01/14/10 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.30.1, GW IP = 91.##.###.##, Remote IP = 0.0.0.0
1733 23:12:06.731 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 91.##.###.##
1734 23:12:06.732 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
1735 23:12:07.303 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1736 23:12:07.303 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIM
1737 23:12:07.303 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
1738 23:12:07.303 01/14/10 Sev=Info/5 IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb
1739 23:12:07.331 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 91.##.###.##
1740 23:12:07.331 01/14/10 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=DC7A2E4A OUTBOUND SPI = 0xEE94685C INBOUND SPI = 0x5DAA7F39)
1741 23:12:07.331 01/14/10 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xEE94685C
1742 23:12:07.331 01/14/10 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5DAA7F39
1743 23:12:07.645 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 123.##.###.## 123.##.###.## 31
123.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 123.##.###.## 123.##.###.## 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 123.##.###.## 123.##.###.## 286
1744 23:12:09.845 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1745 23:12:09.890 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1746 23:12:10.255 01/14/10 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.30.1/255.255.25
DNS=192.168.20.4,0.0.0.0
WINS=0.0.0.0,0.0.0.0
Domain=
Split DNS Names=
1747 23:12:10.261 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 123.##.###.## 123.##.###.## 31
0.0.0.0 0.0.0.0 192.168.30.2 192.168.30.1 11
123.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
192.168.30.0 255.255.255.0 192.168.30.1 192.168.30.1 266
192.168.30.1 255.255.255.255 192.168.30.1 192.168.30.1 266
192.168.30.255 255.255.255.255 192.168.30.1 192.168.30.1 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 123.##.###.## 123.##.###.## 31
224.0.0.0 240.0.0.0 192.168.30.1 192.168.30.1 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 123.##.###.## 123.##.###.## 286
255.255.255.255 255.255.255.255 192.168.30.1 192.168.30.1 266
1748 23:12:10.362 01/14/10 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
1749 23:12:10.425 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 123.##.###.## 123.##.###.## 31
0.0.0.0 0.0.0.0 192.168.30.2 192.168.30.1 11
91.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 100
123.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
192.168.30.0 255.255.255.0 192.168.30.1 192.168.30.1 266
192.168.30.1 255.255.255.255 192.168.30.1 192.168.30.1 266
192.168.30.255 255.255.255.255 192.168.30.1 192.168.30.1 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 123.##.###.## 123.##.###.## 31
224.0.0.0 240.0.0.0 192.168.30.1 192.168.30.1 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 123.##.###.## 123.##.###.## 286
255.255.255.255 255.255.255.255 192.168.30.1 192.168.30.1 266
1750 23:12:10.425 01/14/10 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
1751 23:12:10.436 01/14/10 Sev=Info/4 CM/0x6310001A
One secure connection established
1752 23:12:11.008 01/14/10 Sev=Info/4 CM/0x6310003B
Address watch added for 123.##.###.##. Current hostname: Nick, Current address(es): 123.##.###.##, 192.168.30.1.
1753 23:12:11.030 01/14/10 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.30.1. Current hostname: Nick, Current address(es): 123.##.###.##, 192.168.30.1.
1754 23:12:11.030 01/14/10 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
1755 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
1756 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x5c6894ee into key list
1757 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
1758 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x397faa5d into key list
1759 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.30.1
1760 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 123.##.###.##. SG: 91.##.###.##
1761 23:12:11.031 01/14/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 1.
1762 23:12:16.798 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
1763 23:12:16.798 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 3768386765
1764 23:12:17.254 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1765 23:12:17.254 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
1766 23:12:17.254 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 3768386765, seq# expected = 3768386765
1767 23:12:20.346 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1768 23:12:20.407 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1769 23:12:24.410 01/14/10 Sev=Info/4 IPSEC/0x63700019
Activate outbound key with SPI=0x5c6894ee for inbound key with SPI=0x397faa5d
Here is the connection log for a successful connection. Both logs are from the same machine running Vista.
Cisco Systems VPN Client Version 5.0.05.0280
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
1697 23:12:02.861 01/14/10 Sev=Info/4 CM/0x63100002
Begin connection process
1698 23:12:02.943 01/14/10 Sev=Info/4 CM/0x63100004
Establish secure connection
1699 23:12:02.944 01/14/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "91.##.###.##"
1700 23:12:02.950 01/14/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 91.##.###.##.
1701 23:12:02.955 01/14/10 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
1702 23:12:02.960 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 91.##.###.##
1703 23:12:03.106 01/14/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
1704 23:12:03.106 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
1705 23:12:03.106 01/14/10 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (119.12.116.77)
1706 23:12:06.133 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1707 23:12:06.175 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from 91.##.###.##
1708 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
1709 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports DPD
1710 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
1711 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5
1712 23:12:06.175 01/14/10 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
1713 23:12:06.204 01/14/10 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
1714 23:12:06.204 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
1715 23:12:06.204 01/14/10 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xC048, Remote Port = 0x1194
1716 23:12:06.204 01/14/10 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end is NOT behind a NAT device
1717 23:12:06.204 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
1718 23:12:06.204 01/14/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
1719 23:12:06.231 01/14/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
1720 23:12:06.231 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 91.##.###.##
1721 23:12:06.683 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1722 23:12:06.683 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
1723 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
1724 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 4 seconds, setting expiry to 86396 seconds from now
1725 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1726 23:12:06.723 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 91.##.###.##
1727 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.30.1
1728 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.20.4
1729 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
1730 23:12:06.723 01/14/10 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
1731 23:12:06.724 01/14/10 Sev=Info/4 CM/0x63100019
Mode Config data received
1732 23:12:06.731 01/14/10 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.30.1, GW IP = 91.##.###.##, Remote IP = 0.0.0.0
1733 23:12:06.731 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 91.##.###.##
1734 23:12:06.732 01/14/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
1735 23:12:07.303 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1736 23:12:07.303 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIM
1737 23:12:07.303 01/14/10 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
1738 23:12:07.303 01/14/10 Sev=Info/5 IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb
1739 23:12:07.331 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 91.##.###.##
1740 23:12:07.331 01/14/10 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=DC7A2E4A OUTBOUND SPI = 0xEE94685C INBOUND SPI = 0x5DAA7F39)
1741 23:12:07.331 01/14/10 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xEE94685C
1742 23:12:07.331 01/14/10 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5DAA7F39
1743 23:12:07.645 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 123.##.###.## 123.##.###.## 31
123.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 123.##.###.## 123.##.###.## 31
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 123.##.###.## 123.##.###.## 286
1744 23:12:09.845 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1745 23:12:09.890 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1746 23:12:10.255 01/14/10 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.30.1/255.255.25
DNS=192.168.20.4,0.0.0.0
WINS=0.0.0.0,0.0.0.0
Domain=
Split DNS Names=
1747 23:12:10.261 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 123.##.###.## 123.##.###.## 31
0.0.0.0 0.0.0.0 192.168.30.2 192.168.30.1 11
123.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
192.168.30.0 255.255.255.0 192.168.30.1 192.168.30.1 266
192.168.30.1 255.255.255.255 192.168.30.1 192.168.30.1 266
192.168.30.255 255.255.255.255 192.168.30.1 192.168.30.1 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 123.##.###.## 123.##.###.## 31
224.0.0.0 240.0.0.0 192.168.30.1 192.168.30.1 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 123.##.###.## 123.##.###.## 286
255.255.255.255 255.255.255.255 192.168.30.1 192.168.30.1 266
1748 23:12:10.362 01/14/10 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
1749 23:12:10.425 01/14/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 123.##.###.## 123.##.###.## 31
0.0.0.0 0.0.0.0 192.168.30.2 192.168.30.1 11
91.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 100
123.##.###.## 255.255.255.255 123.##.###.## 123.##.###.## 286
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 4531
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 4531
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
192.168.30.0 255.255.255.0 192.168.30.1 192.168.30.1 266
192.168.30.1 255.255.255.255 192.168.30.1 192.168.30.1 266
192.168.30.255 255.255.255.255 192.168.30.1 192.168.30.1 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 4531
224.0.0.0 240.0.0.0 123.##.###.## 123.##.###.## 31
224.0.0.0 240.0.0.0 192.168.30.1 192.168.30.1 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 4531
255.255.255.255 255.255.255.255 123.##.###.## 123.##.###.## 286
255.255.255.255 255.255.255.255 192.168.30.1 192.168.30.1 266
1750 23:12:10.425 01/14/10 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
1751 23:12:10.436 01/14/10 Sev=Info/4 CM/0x6310001A
One secure connection established
1752 23:12:11.008 01/14/10 Sev=Info/4 CM/0x6310003B
Address watch added for 123.##.###.##. Current hostname: Nick, Current address(es): 123.##.###.##, 192.168.30.1.
1753 23:12:11.030 01/14/10 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.30.1. Current hostname: Nick, Current address(es): 123.##.###.##, 192.168.30.1.
1754 23:12:11.030 01/14/10 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
1755 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
1756 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x5c6894ee into key list
1757 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
1758 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x397faa5d into key list
1759 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.30.1
1760 23:12:11.030 01/14/10 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 123.##.###.##. SG: 91.##.###.##
1761 23:12:11.031 01/14/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 1.
1762 23:12:16.798 01/14/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
1763 23:12:16.798 01/14/10 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 3768386765
1764 23:12:17.254 01/14/10 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
1765 23:12:17.254 01/14/10 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
1766 23:12:17.254 01/14/10 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 3768386765, seq# expected = 3768386765
1767 23:12:20.346 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1768 23:12:20.407 01/14/10 Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
1769 23:12:24.410 01/14/10 Sev=Info/4 IPSEC/0x63700019
Activate outbound key with SPI=0x5c6894ee for inbound key with SPI=0x397faa5d
ASKER
The logs didn't help at all? M.
I'm getting the same problem.
Noticed if i play around disabling/re-enabling the cisco adapter It works about 90% of the time.
Noticed if i play around disabling/re-enabling the cisco adapter It works about 90% of the time.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all your help. much appreciated.
ASKER
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password
passwd
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip any 192.168.30.0 255.255.255.248
access-list outside_cryptomap_dyn_20 permit ip any 192.168.30.0 255.255.255.248
access-list outside_cryptomap_dyn_20_1
pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.20.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool Remote 192.168.30.1-192.168.30.20
pdm location 192.168.20.0 255.255.255.255 inside
pdm location 192.168.30.0 255.255.255.248 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.20.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map_1 20 match address outside_cryptomap_dyn_20_1
crypto dynamic-map outside_dyn_map_1 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map_1
crypto map outside_map interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpnaccount address-pool Remote
vpngroup vpnaccount dns-server 192.168.20.4
vpngroup vpnaccount idle-time 1800
vpngroup vpnaccount password ********
telnet 192.168.20.0 255.255.255.255 inside
telnet 192.168.20.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn enable outside
dhcpd address 192.168.20.2-192.168.20.33
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80