?
Solved

PIX 501 Intermitent VPN Connection Problem

Posted on 2010-01-11
11
Medium Priority
?
884 Views
Last Modified: 2012-05-08
Hi,

I have a PIX 501 setup to allow remote employees to access our local network resources. Everything is working fine but some users running Vista are having intermittent connection problems connecting.

For example, they will connect without any problems the first time but if they disconnect and then try to reconnect again they can't. There doesn't seem to be any clear pattern to the problem.

They are running VPN client version 5.0.05.0280 on Vista.

Could this have something to do with the connection not disconnecting properly?

Is there anything related to the idle timeout that can resolve this issue?

If anyone could have a look over my configuration to see if there is anything I might need to change in order to resolve this I'd be greatly appreciative.
0
Comment
Question by:wipsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 

Author Comment

by:wipsystems
ID: 26281871

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password
passwd
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip any 192.168.30.0 255.255.255.248
access-list outside_cryptomap_dyn_20 permit ip any 192.168.30.0 255.255.255.248
access-list outside_cryptomap_dyn_20_1 permit ip any 192.168.30.0 255.255.255.248
pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.20.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool Remote 192.168.30.1-192.168.30.20
pdm location 192.168.20.0 255.255.255.255 inside
pdm location 192.168.30.0 255.255.255.248 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.20.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map_1 20 match address outside_cryptomap_dyn_20_1
crypto dynamic-map outside_dyn_map_1 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map_1
crypto map outside_map interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpnaccount address-pool Remote
vpngroup vpnaccount dns-server 192.168.20.4
vpngroup vpnaccount idle-time 1800
vpngroup vpnaccount password ********
telnet 192.168.20.0 255.255.255.255 inside
telnet 192.168.20.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn enable outside
dhcpd address 192.168.20.2-192.168.20.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
0
 
LVL 9

Accepted Solution

by:
MinoDC earned 1600 total points
ID: 26282327
The release notes about your vpn client version support the following Pix Firewall Software Version:

6.2.2.(122) or 6.3(1)

Cisco doesn't indicate nothing for later versions.

You can try to use a previous version of cisco vpn client (5.0.01.0600)
0
 
LVL 9

Expert Comment

by:MinoDC
ID: 26282340
I noted open caveats if your pc has more ip address on network adapter;
anomally behaviours has been observed if your pc was upgrated from XP to Vista.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 9

Expert Comment

by:MinoDC
ID: 26282357
it colud be possible take vpn client log about connection/disconnection ?
0
 

Author Comment

by:wipsystems
ID: 26282436
Thank you for the quick response. I will post up a vpn client log ASAP.
0
 

Author Comment

by:wipsystems
ID: 26312507
Hi MinoDC,

Here is the connection log from a failed connection attempt. Hopefully this will shed some light on the problem. Fingers crossed.

Cisco Systems VPN Client Version 5.0.05.0280
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2
 
 
4      20:54:59.241  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
5      20:55:01.615  01/14/10  Sev=Info/4 CM/0x63100002
Begin connection process
 
6      20:55:01.863  01/14/10  Sev=Info/4 CM/0x63100004
Establish secure connection
 
7      20:55:01.863  01/14/10  Sev=Info/4 CM/0x63100024
Attempt connection with server "91.##.###.##"
 
8      20:55:01.904  01/14/10  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 91.##.###.##.
 
9      20:55:01.998  01/14/10  Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
 
10     20:55:02.194  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 91.##.###.##
 
11     20:55:02.197  01/14/10  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
 
12     20:55:02.197  01/14/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
13     20:55:02.197  01/14/10  Sev=Info/6 IPSEC/0x6370002C
Sent 9420 packets, 0 were fragmented.
 
14     20:55:07.096  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
15     20:55:07.164  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from 91.##.###.##
 
16     20:55:07.181  01/14/10  Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
 
17     20:55:07.181  01/14/10  Sev=Info/5 IKE/0x63000001
Peer supports DPD
 
18     20:55:07.181  01/14/10  Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
 
19     20:55:07.181  01/14/10  Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5
 
20     20:55:07.181  01/14/10  Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
 
21     20:55:07.224  01/14/10  Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
 
22     20:55:07.224  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 91.##.###.##
 
23     20:55:07.260  01/14/10  Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port =  0xDECE, Remote Port = 0x1194
 
24     20:55:07.260  01/14/10  Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
   Remote end IS behind a NAT device
   This   end is NOT behind a NAT device
 
25     20:55:07.260  01/14/10  Sev=Info/4 CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 
26     20:55:07.260  01/14/10  Sev=Info/4 CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
 
27     20:55:07.327  01/14/10  Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
 
28     20:55:07.328  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 91.##.###.##
 
29     20:55:07.707  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
30     20:55:07.707  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 91.##.###.##
 
31     20:55:07.707  01/14/10  Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
 
32     20:55:07.707  01/14/10  Sev=Info/5 IKE/0x63000047
This SA has already been alive for 6 seconds, setting expiry to 86394 seconds from now
 
33     20:55:07.787  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
34     20:55:07.787  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 91.##.###.##
 
35     20:55:07.787  01/14/10  Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.30.1
 
36     20:55:07.787  01/14/10  Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.20.4
 
37     20:55:07.787  01/14/10  Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
 
38     20:55:07.787  01/14/10  Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
 
39     20:55:07.788  01/14/10  Sev=Info/4 CM/0x63100019
Mode Config data received
 
40     20:55:07.833  01/14/10  Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.30.1, GW IP = 91.##.###.##, Remote IP = 0.0.0.0
 
41     20:55:07.879  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 91.##.###.##
 
42     20:55:07.936  01/14/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
43     20:55:08.457  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
44     20:55:08.492  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 91.##.###.##
 
45     20:55:08.492  01/14/10  Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
 
46     20:55:08.492  01/14/10  Sev=Info/5 IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb
 
47     20:55:08.492  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 91.##.###.##
 
48     20:55:08.492  01/14/10  Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=3D1603F3 OUTBOUND SPI = 0xC9B5322C INBOUND SPI = 0x5B374CB7)
 
49     20:55:08.492  01/14/10  Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xC9B5322C
 
50     20:55:08.492  01/14/10  Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5B374CB7
 
51     20:55:09.482  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
52     20:55:09.536  01/14/10  Sev=Info/5 CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0     119.12.116.77     119.12.116.77       31
  119.12.116.77   255.255.255.255     119.12.116.77     119.12.116.77      286
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1     4531
      127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1     4531
127.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0     119.12.116.77     119.12.116.77       31
255.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
255.255.255.255   255.255.255.255     119.12.116.77     119.12.116.77      286
 

53     20:55:09.541  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
54     20:55:19.812  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
55     20:55:19.849  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
56     20:55:20.132  01/14/10  Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
 
57     20:55:20.249  01/14/10  Sev=Info/5 CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0     119.12.116.77     119.12.116.77       31
  119.12.116.77   255.255.255.255     119.12.116.77     119.12.116.77      286
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1     4531
      127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1     4531
127.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0     119.12.116.77     119.12.116.77       31
255.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
255.255.255.255   255.255.255.255     119.12.116.77     119.12.116.77      286
 

58     20:55:20.249  01/14/10  Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
 
59     20:55:20.249  01/14/10  Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
 
60     20:55:21.847  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
61     20:55:22.853  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
62     20:55:23.858  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
63     20:55:24.865  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
64     20:55:25.871  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
65     20:55:26.877  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
66     20:55:27.884  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
67     20:55:28.889  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
68     20:55:29.895  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
69     20:55:30.900  01/14/10  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.30.1, error 0
 
70     20:55:37.030  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
71     20:55:37.039  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
72     20:55:51.946  01/14/10  Sev=Info/5 CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0     119.12.116.77     119.12.116.77       31
  119.12.116.77   255.255.255.255     119.12.116.77     119.12.116.77      286
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1     4531
      127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1     4531
127.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0     119.12.116.77     119.12.116.77       31
255.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
255.255.255.255   255.255.255.255     119.12.116.77     119.12.116.77      286
 

73     20:55:51.946  01/14/10  Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
 
74     20:55:52.192  01/14/10  Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
 
75     20:55:52.192  01/14/10  Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
 
76     20:55:52.192  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 91.##.###.##
 
77     20:55:52.192  01/14/10  Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = C9B5322C INBOUND SPI = 5B374CB7)
 
78     20:55:52.192  01/14/10  Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=3D1603F3
 
79     20:55:52.192  01/14/10  Sev=Info/4 IPSEC/0x63700010
Created a new key structure
 
80     20:55:52.192  01/14/10  Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x2c32b5c9 into key list
 
81     20:55:52.192  01/14/10  Sev=Info/4 IPSEC/0x63700010
Created a new key structure
 
82     20:55:52.192  01/14/10  Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xb74c375b into key list
 
83     20:55:52.193  01/14/10  Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0xb74c375b
 
84     20:55:52.193  01/14/10  Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0xb74c375b
 
85     20:55:52.193  01/14/10  Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x2c32b5c9
 
86     20:55:52.193  01/14/10  Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x2c32b5c9
 
87     20:55:57.248  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
 
88     20:55:57.248  01/14/10  Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222411
 
89     20:55:57.691  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
90     20:55:57.691  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
 
91     20:55:57.691  01/14/10  Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222411, seq# expected = 2334222411
 
92     20:55:58.659  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
93     20:55:58.694  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
94     20:56:07.903  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
 
95     20:56:07.903  01/14/10  Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222412
 
96     20:56:08.603  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
97     20:56:08.604  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
 
98     20:56:08.604  01/14/10  Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222412, seq# expected = 2334222412
 
99     20:56:08.951  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
100    20:56:08.998  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
101    20:56:19.057  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##
 
102    20:56:19.058  01/14/10  Sev=Info/6 IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 2334222413
 
103    20:56:19.331  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
104    20:56:19.438  01/14/10  Sev=Info/6 CVPND/0x63400006
Service reports: "Running".
 
105    20:56:20.135  01/14/10  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##
 
106    20:56:20.135  01/14/10  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##
 
107    20:56:20.135  01/14/10  Sev=Info/5 IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 2334222413, seq# expected = 2334222413
 
108    20:56:22.603  01/14/10  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=94822BDEBC9E5E99 R_Cookie=2B322E7A89565C34) reason = Unknown
 
109    20:56:22.603  01/14/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 91.##.###.##
 
110    20:56:23.114  01/14/10  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=94822BDEBC9E5E99 R_Cookie=2B322E7A89565C34) reason = Unknown
 
111    20:56:23.114  01/14/10  Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 
112    20:56:23.114  01/14/10  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
 
113    20:56:23.119  01/14/10  Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
 
114    20:56:23.119  01/14/10  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
 
115    20:56:24.127  01/14/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
116    20:56:24.127  01/14/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
117    20:56:24.127  01/14/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
118    20:56:24.127  01/14/10  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped


0
 

Author Comment

by:wipsystems
ID: 26316456
Hi MinoDC,

Here is the connection log for a successful connection. Both logs are from the same machine running Vista.


Cisco Systems VPN Client Version 5.0.05.0280
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.0.6002 Service Pack 2

1697   23:12:02.861  01/14/10  Sev=Info/4      CM/0x63100002
Begin connection process

1698   23:12:02.943  01/14/10  Sev=Info/4      CM/0x63100004
Establish secure connection

1699   23:12:02.944  01/14/10  Sev=Info/4      CM/0x63100024
Attempt connection with server "91.##.###.##"

1700   23:12:02.950  01/14/10  Sev=Info/6      IKE/0x6300003B
Attempting to establish a connection with 91.##.###.##.

1701   23:12:02.955  01/14/10  Sev=Info/4      IKE/0x63000001
Starting IKE Phase 1 Negotiation

1702   23:12:02.960  01/14/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 91.##.###.##

1703   23:12:03.106  01/14/10  Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

1704   23:12:03.106  01/14/10  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

1705   23:12:03.106  01/14/10  Sev=Info/4      IPSEC/0x6370000D
Key(s) deleted by Interface (119.12.116.77)

1706   23:12:06.133  01/14/10  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##

1707   23:12:06.175  01/14/10  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from 91.##.###.##

1708   23:12:06.175  01/14/10  Sev=Info/5      IKE/0x63000001
Peer supports XAUTH

1709   23:12:06.175  01/14/10  Sev=Info/5      IKE/0x63000001
Peer supports DPD

1710   23:12:06.175  01/14/10  Sev=Info/5      IKE/0x63000001
Peer is a Cisco-Unity compliant peer

1711   23:12:06.175  01/14/10  Sev=Info/5      IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x000000A5

1712   23:12:06.175  01/14/10  Sev=Info/5      IKE/0x63000001
Peer supports NAT-T

1713   23:12:06.204  01/14/10  Sev=Info/6      IKE/0x63000001
IOS Vendor ID Contruction successful

1714   23:12:06.204  01/14/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 91.##.###.##

1715   23:12:06.204  01/14/10  Sev=Info/4      IKE/0x63000083
IKE Port in use - Local Port =  0xC048, Remote Port = 0x1194

1716   23:12:06.204  01/14/10  Sev=Info/5      IKE/0x63000072
Automatic NAT Detection Status:
   Remote end IS behind a NAT device
   This   end is NOT behind a NAT device

1717   23:12:06.204  01/14/10  Sev=Info/4      CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

1718   23:12:06.204  01/14/10  Sev=Info/4      CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

1719   23:12:06.231  01/14/10  Sev=Info/5      IKE/0x6300005E
Client sending a firewall request to concentrator

1720   23:12:06.231  01/14/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 91.##.###.##

1721   23:12:06.683  01/14/10  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##

1722   23:12:06.683  01/14/10  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 91.##.###.##

1723   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds

1724   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x63000047
This SA has already been alive for 4 seconds, setting expiry to 86396 seconds from now

1725   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##

1726   23:12:06.723  01/14/10  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 91.##.###.##

1727   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.30.1

1728   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.20.4

1729   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000

1730   23:12:06.723  01/14/10  Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

1731   23:12:06.724  01/14/10  Sev=Info/4      CM/0x63100019
Mode Config data received

1732   23:12:06.731  01/14/10  Sev=Info/4      IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.30.1, GW IP = 91.##.###.##, Remote IP = 0.0.0.0

1733   23:12:06.731  01/14/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 91.##.###.##

1734   23:12:06.732  01/14/10  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

1735   23:12:07.303  01/14/10  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##

1736   23:12:07.303  01/14/10  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 91.##.###.##

1737   23:12:07.303  01/14/10  Sev=Info/5      IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds

1738   23:12:07.303  01/14/10  Sev=Info/5      IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb

1739   23:12:07.331  01/14/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 91.##.###.##

1740   23:12:07.331  01/14/10  Sev=Info/5      IKE/0x63000059
Loading IPsec SA (MsgID=DC7A2E4A OUTBOUND SPI = 0xEE94685C INBOUND SPI = 0x5DAA7F39)

1741   23:12:07.331  01/14/10  Sev=Info/5      IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xEE94685C

1742   23:12:07.331  01/14/10  Sev=Info/5      IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5DAA7F39

1743   23:12:07.645  01/14/10  Sev=Info/5      CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0    123.##.###.##    123.##.###.##       31
 123.##.###.##   255.255.255.255    123.##.###.##    123.##.###.##      286
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1     4531
      127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1     4531
127.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0    123.##.###.##    123.##.###.##       31
255.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
255.255.255.255   255.255.255.255    123.##.###.##    123.##.###.##      286


1744   23:12:09.845  01/14/10  Sev=Info/6      CVPND/0x63400006
Service reports: "Running".

1745   23:12:09.890  01/14/10  Sev=Info/6      CVPND/0x63400006
Service reports: "Running".

1746   23:12:10.255  01/14/10  Sev=Info/4      CM/0x63100034
The Virtual Adapter was enabled:
      IP=192.168.30.1/255.255.255.0
      DNS=192.168.20.4,0.0.0.0
      WINS=0.0.0.0,0.0.0.0
      Domain=
      Split DNS Names=

1747   23:12:10.261  01/14/10  Sev=Info/5      CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0    123.##.###.##    123.##.###.##       31
        0.0.0.0           0.0.0.0      192.168.30.2      192.168.30.1       11
 123.##.###.##   255.255.255.255    123.##.###.##    123.##.###.##      286
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1     4531
      127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1     4531
127.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
   192.168.30.0     255.255.255.0      192.168.30.1      192.168.30.1      266
   192.168.30.1   255.255.255.255      192.168.30.1      192.168.30.1      266
 192.168.30.255   255.255.255.255      192.168.30.1      192.168.30.1      266
      224.0.0.0         240.0.0.0         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0    123.##.###.##    123.##.###.##       31
      224.0.0.0         240.0.0.0      192.168.30.1      192.168.30.1      266
255.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
255.255.255.255   255.255.255.255    123.##.###.##    123.##.###.##      286
255.255.255.255   255.255.255.255      192.168.30.1      192.168.30.1      266


1748   23:12:10.362  01/14/10  Sev=Info/4      CM/0x63100038
Successfully saved route changes to file.

1749   23:12:10.425  01/14/10  Sev=Info/5      CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0    123.##.###.##    123.##.###.##       31
        0.0.0.0           0.0.0.0      192.168.30.2      192.168.30.1       11
   91.##.###.##   255.255.255.255    123.##.###.##    123.##.###.##      100
 123.##.###.##   255.255.255.255    123.##.###.##    123.##.###.##      286
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1     4531
      127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1     4531
127.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
   192.168.30.0     255.255.255.0      192.168.30.1      192.168.30.1      266
   192.168.30.1   255.255.255.255      192.168.30.1      192.168.30.1      266
 192.168.30.255   255.255.255.255      192.168.30.1      192.168.30.1      266
      224.0.0.0         240.0.0.0         127.0.0.1         127.0.0.1     4531
      224.0.0.0         240.0.0.0    123.##.###.##    123.##.###.##       31
      224.0.0.0         240.0.0.0      192.168.30.1      192.168.30.1      266
255.255.255.255   255.255.255.255         127.0.0.1         127.0.0.1     4531
255.255.255.255   255.255.255.255    123.##.###.##    123.##.###.##      286
255.255.255.255   255.255.255.255      192.168.30.1      192.168.30.1      266


1750   23:12:10.425  01/14/10  Sev=Info/6      CM/0x63100036
The routing table was updated for the Virtual Adapter

1751   23:12:10.436  01/14/10  Sev=Info/4      CM/0x6310001A
One secure connection established

1752   23:12:11.008  01/14/10  Sev=Info/4      CM/0x6310003B
Address watch added for 123.##.###.##.  Current hostname: Nick, Current address(es): 123.##.###.##, 192.168.30.1.

1753   23:12:11.030  01/14/10  Sev=Info/4      CM/0x6310003B
Address watch added for 192.168.30.1.  Current hostname: Nick, Current address(es): 123.##.###.##, 192.168.30.1.

1754   23:12:11.030  01/14/10  Sev=Info/5      CM/0x63100001
Did not find the Smartcard to watch for removal

1755   23:12:11.030  01/14/10  Sev=Info/4      IPSEC/0x63700010
Created a new key structure

1756   23:12:11.030  01/14/10  Sev=Info/4      IPSEC/0x6370000F
Added key with SPI=0x5c6894ee into key list

1757   23:12:11.030  01/14/10  Sev=Info/4      IPSEC/0x63700010
Created a new key structure

1758   23:12:11.030  01/14/10  Sev=Info/4      IPSEC/0x6370000F
Added key with SPI=0x397faa5d into key list

1759   23:12:11.030  01/14/10  Sev=Info/4      IPSEC/0x6370002F
Assigned VA private interface addr 192.168.30.1

1760   23:12:11.030  01/14/10  Sev=Info/4      IPSEC/0x63700037
Configure public interface: 123.##.###.##. SG: 91.##.###.##

1761   23:12:11.031  01/14/10  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 1.

1762   23:12:16.798  01/14/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 91.##.###.##

1763   23:12:16.798  01/14/10  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 91.##.###.##, our seq# = 3768386765

1764   23:12:17.254  01/14/10  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 91.##.###.##

1765   23:12:17.254  01/14/10  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 91.##.###.##

1766   23:12:17.254  01/14/10  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 91.##.###.##, seq# received = 3768386765, seq# expected = 3768386765

1767   23:12:20.346  01/14/10  Sev=Info/6      CVPND/0x63400006
Service reports: "Running".

1768   23:12:20.407  01/14/10  Sev=Info/6      CVPND/0x63400006
Service reports: "Running".

1769   23:12:24.410  01/14/10  Sev=Info/4      IPSEC/0x63700019
Activate outbound key with SPI=0x5c6894ee for inbound key with SPI=0x397faa5d
0
 

Author Comment

by:wipsystems
ID: 26455393
The logs didn't help at all? M.
0
 
LVL 1

Expert Comment

by:Matsco
ID: 26522384
I'm getting the same problem.

Noticed if i play around disabling/re-enabling the cisco adapter It works about 90% of the time.
0
 
LVL 1

Assisted Solution

by:Matsco
Matsco earned 400 total points
ID: 26522615
Just downgraded to 5.0.02.0090 and it all seems fine.. it hasnt failed since downgrading.
0
 

Author Closing Comment

by:wipsystems
ID: 31675415
Thank you for all your help. much appreciated.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question