Cisco VPN

andrewg96
andrewg96 used Ask the Experts™
on
I have a new windows xp, sp3 computer that will not connect to VPN on a particular internet connection.  The computer will connect to VPN on other connections, and other computers can connect to the VPN from this connection.  We receive an error message that says the remote peer is no longer responding.  We are using Cisco VPN Client 5.x to connect to a Cisco VPN 3000 concentrator.  Here are the logs from the client and the concentrator:

Concentrator:
52 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/0 RPT=463
0000: 36392E38 2E31312E 313037                69.x.x.x

53 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/12 RPT=1173
IntDB: Type = 66 (0x42) Tunnel-Client-Endpoint

54 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/13 RPT=1173
IntDB: Length = 11 (0x0B)

55 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/14 RPT=492
IntDB: Value (String) =

56 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/0 RPT=464
0000: 36392E38 2E31312E 313037                69.x.x.x

57 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/12 RPT=1174
IntDB: Type = 4118 (0x1016) Authentication-Server-Type

58 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/13 RPT=1174
IntDB: Length = 4 (0x04)

59 01/27/2010 11:25:31.910 SEV=10 AUTHDECODE/15 RPT=545
IntDB: Value (Integer) = 7 (0x0007)

60 01/27/2010 11:25:31.910 SEV=8 AUTHDBG/47 RPT=74
IntDB_Xmt(1f03d68)

61 01/27/2010 11:25:31.910 SEV=9 AUTHDBG/71 RPT=97
xmit_cnt = 1

62 01/27/2010 11:25:31.910 SEV=8 AUTHDBG/182 RPT=74
IntDB_ServiceRequest(1f03d68)

63 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/49 RPT=74
IntDB_Match(1f03d68, 1d3c668)

64 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/63 RPT=89
AUTH_RcvReply(1f03d68, 0, 0)

65 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/50 RPT=148
IntDB_Decode(1d3c668, 287)

66 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1175
IntDB: Type = 1 (0x01) User-Name

67 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1175
IntDB: Length = 13 (0x0D)

68 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/14 RPT=493
IntDB: Value (String) =

69 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/0 RPT=465
0000: 44656C61 77617265 4368696C 64           DomainName

70 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1176
IntDB: Type = 4101 (0x1005) Primary-DNS

71 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1176
IntDB: Length = 4 (0x04)

72 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/16 RPT=138
IntDB: Value (IP Address) = 192.168.2.20 (0xC0A80214)

73 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1177
IntDB: Type = 4102 (0x1006) Secondary-DNS

74 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1177
IntDB: Length = 4 (0x04)

75 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/16 RPT=139
IntDB: Value (IP Address) = 0.0.0.0 (0x00000000)

76 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1178
IntDB: Type = 4103 (0x1007) Primary-WINS

77 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1178
IntDB: Length = 4 (0x04)

78 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/16 RPT=140
IntDB: Value (IP Address) = 192.168.2.20 (0xC0A80214)

79 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1179
IntDB: Type = 4107 (0x100B) Tunnelling-Protocol

80 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1179
IntDB: Length = 4 (0x04)

81 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/15 RPT=546
IntDB: Value (Integer) = 4 (0x0004)

82 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1180
IntDB: Type = 4108 (0x100C) Security-Association

83 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1180
IntDB: Length = 12 (0x0C)

84 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/14 RPT=494
IntDB: Value (String) =

85 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/0 RPT=466
0000: 4553502D 33444553 2D4D4435              ESP-3DES-MD5

86 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1181
IntDB: Type = 4109 (0x100D) IPSec-Authentication

87 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1181
IntDB: Length = 4 (0x04)

88 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/15 RPT=547
IntDB: Value (Integer) = 7 (0x0007)

89 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1182
IntDB: Type = 4123 (0x101B) Split-Tunnel-Inclusion-List

90 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1182
IntDB: Length = 30 (0x1E)

91 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/14 RPT=495
IntDB: Value (String) =

92 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/0 RPT=467
0000: 56504E20 436C6965 6E74204C 6F63616C     VPN Client Local
0010: 204C414E 20284465 6661756C 7429          LAN (Default)

94 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1183
IntDB: Type = 4124 (0x101C) Default-Domain-Name

95 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1183
IntDB: Length = 19 (0x13)

96 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/14 RPT=496
IntDB: Value (String) =

97 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/0 RPT=468
0000: 44656C61 77617265 4368696C 642E6C6F     DomainName.lo
0010: 63616C                                  cal

99 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1184
IntDB: Type = 4126 (0x101E) IPSec-Tunnel-Type

100 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1184
IntDB: Length = 4 (0x04)

101 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/15 RPT=548
IntDB: Value (Integer) = 2 (0x0002)

102 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1185
IntDB: Type = 4151 (0x1037) Split-Tunneling-Policy

103 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1185
IntDB: Length = 4 (0x04)

104 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/15 RPT=549
IntDB: Value (Integer) = 1 (0x0001)

105 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/12 RPT=1186
IntDB: Type = 4171 (0x104B) Cisco-LEAP-Passthrough-config

106 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/13 RPT=1186
IntDB: Length = 4 (0x04)

107 01/27/2010 11:25:32.010 SEV=10 AUTHDECODE/15 RPT=550
IntDB: Value (Integer) = 0 (0x0000)

108 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/48 RPT=74
IntDB_Rcv(1f03d68)

109 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/66 RPT=89
AUTH_DeleteTimer(1f03d68, 0, 0)

110 01/27/2010 11:25:32.010 SEV=9 AUTHDBG/74 RPT=89
Reply timer stopped: handle = 286001F, timestamp = 44502901

111 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/58 RPT=89
AUTH_Callback(1f03d68, 0, 0)

112 01/27/2010 11:25:32.010 SEV=6 AUTH/41 RPT=74 69.x.x.x
Authentication successful: handle = 66, server = Internal, group = GroupName

113 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/4 RPT=68
AUTH_GetAttrTable(66, 10000dc)

114 01/27/2010 11:25:32.010 SEV=8 AUTHDBG/2 RPT=67
AUTH_Close(66)

115 01/27/2010 11:25:32.240 SEV=8 AUTHDBG/60 RPT=89
AUTH_UnbindServer(1f03d68, 0, 0)

116 01/27/2010 11:25:32.240 SEV=9 AUTHDBG/70 RPT=89
Auth Server e7e8d8 has been unbound from ACB 1f03d68, sessions = 0

117 01/27/2010 11:25:32.240 SEV=8 AUTHDBG/10 RPT=67
AUTH_Int_FreeAuthCB(1f03d68)

118 01/27/2010 11:25:32.240 SEV=7 AUTH/13 RPT=67
Authentication session closed: handle = 66


Here is the log from the client:
Cisco Systems VPN Client Version 5.0.06.0160
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3

168    11:26:12.281  01/27/10  Sev=Info/4      CM/0x63100002
Begin connection process

169    11:26:12.296  01/27/10  Sev=Info/4      CM/0x63100004
Establish secure connection

170    11:26:12.296  01/27/10  Sev=Info/4      CM/0x63100024
Attempt connection with server "12.x.x.x"

171    11:26:12.296  01/27/10  Sev=Info/6      IKE/0x6300003B
Attempting to establish a connection with 12.x.x.x.

172    11:26:12.296  01/27/10  Sev=Info/4      IKE/0x63000001
Starting IKE Phase 1 Negotiation

173    11:26:12.312  01/27/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 12.x.x.x

174    11:26:12.375  01/27/10  Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

175    11:26:12.375  01/27/10  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

176    11:26:17.375  01/27/10  Sev=Info/4      IKE/0x63000021
Retransmitting last packet!

177    11:26:17.375  01/27/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 12.x.x.x
178    11:26:22.375  01/27/10  Sev=Info/4      IKE/0x63000021
Retransmitting last packet!

179    11:26:22.375  01/27/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 12.x.x.x

180    11:26:27.375  01/27/10  Sev=Info/4      IKE/0x63000021
Retransmitting last packet!

181    11:26:27.375  01/27/10  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 12.x.x.x

182    11:26:32.375  01/27/10  Sev=Info/4      IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=2991F822D52B8B38 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

183    11:26:32.875  01/27/10  Sev=Info/4      IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=2991F822D52B8B38 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

184    11:26:32.875  01/27/10  Sev=Info/4      CM/0x63100014
Unable to establish Phase 1 SA with server "12.x.x.x" because of "DEL_REASON_PEER_NOT_RESPONDING"

185    11:26:32.875  01/27/10  Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

186    11:26:32.875  01/27/10  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

187    11:26:32.875  01/27/10  Sev=Info/4      IKE/0x63000001
IKE received signal to terminate VPN connection

188    11:26:32.890  01/27/10  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

189    11:26:32.890  01/27/10  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

190    11:26:32.890  01/27/10  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

191    11:26:32.890  01/27/10  Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
What kind of device is at the location that is having a problem? If it is a Cisco do you have NAT-T enable on both ends?


Regards,

3nerds

Author

Commented:
It is a linksys router.  VPN passthrough is enabled.  I was able to get another computer to connect to the VPN.
Usually when your having and odd problems with drops it is related to the use of IPSEC for the VPN tunnel and the fact it uses a fixed port. You establish a vpn on one client and then go to connect with a second one and either the first gets kicked off or the second just never connects.

If this doesn't apply as all other machines connect and you can connect multiple other machines at once then Nat-t is not your problem.

As I look at the log from your client it appears ISAKMP never establishes, even though it appears the Concentrator see's the auth are you doing anything special authentication on this laptop?


Regards,

3nerds
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Just AD.  Also, to clarify further...this same router was in use at another location with a different computer.  The only thing that has changed on the router is the ISP and the computer that is connected to it.
Ok so you have not tested this with another PC at this new site on this new internet connection? If this is true then you really need to test it as your ISP could be blocking a port as i have seen that b4.

Regards,

3nerds

Author

Commented:
I have been able to connect to VPN at this new site with a different computer.  The problem computer is able to connect to VPN from another site.  The problem computer is not able to connect to VPN at the new site.
Ok thanks for the clarification.

If all your tests point to this computer then it must be a computer problem. Try re-installing the Cisco client.

Good Luck,

3nerds

Author

Commented:
I ended up uninstalling the 5.x version and installing a 4.x version.  The user was able to connect after that.

Author

Commented:
I had to change to an older version, which was not suggested.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial