• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1791
  • Last Modified:

VPN Connection error,

Hi, I tried remote to connect the company's desktop but failed. The log file is below.
The error message is
Cisco VPN Client error: Secure VPN Connection terminated by Peer.  Reason 427: Unkown Error occurred at Peer.

Open in new window

I used wireless(by router) in my laptop.
Thanks for help.

Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600 
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

1      08:33:35.568  04/24/11  Sev=Info/4	CM/0x63100002
Begin connection process

2      08:33:35.568  04/24/11  Sev=Info/4	CM/0x63100004
Establish secure connection

3      08:33:35.568  04/24/11  Sev=Info/4	CM/0x63100024
Attempt connection with server "con.wfubmc.edu"

4      08:33:35.584  04/24/11  Sev=Info/6	IKE/0x6300003B
Attempting to establish a connection with 152.11.118.227.

5      08:33:35.584  04/24/11  Sev=Info/4	IKE/0x63000001
Starting IKE Phase 1 Negotiation

6      08:33:35.600  04/24/11  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 152.11.118.227

7      08:33:35.740  04/24/11  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = 152.11.118.227

8      08:33:35.740  04/24/11  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?), VID(?)) from 152.11.118.227

9      08:33:35.787  04/24/11  Sev=Info/6	GUI/0x63B00012
Authentication request attributes is 7h.

10     08:33:35.740  04/24/11  Sev=Info/5	IKE/0x63000001
Peer is a Cisco-Unity compliant peer

11     08:33:35.740  04/24/11  Sev=Info/5	IKE/0x63000001
Peer supports XAUTH

12     08:33:35.740  04/24/11  Sev=Info/5	IKE/0x63000001
Peer supports DPD

13     08:33:35.740  04/24/11  Sev=Info/5	IKE/0x63000001
Peer supports NAT-T

14     08:33:35.740  04/24/11  Sev=Info/5	IKE/0x63000001
Peer supports IKE fragmentation payloads

15     08:33:35.740  04/24/11  Sev=Info/5	IKE/0x63000001
Peer supports DWR Code and DWR Text

16     08:33:35.756  04/24/11  Sev=Info/6	IKE/0x63000001
IOS Vendor ID Contruction successful

17     08:33:35.756  04/24/11  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 152.11.118.227

18     08:33:35.756  04/24/11  Sev=Info/6	IKE/0x63000055
Sent a keepalive on the IPSec SA

19     08:33:35.756  04/24/11  Sev=Info/4	IKE/0x63000083
IKE Port in use - Local Port =  0xD183, Remote Port = 0x1194

20     08:33:35.756  04/24/11  Sev=Info/5	IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

21     08:33:35.756  04/24/11  Sev=Info/4	CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

22     08:33:35.787  04/24/11  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = 152.11.118.227

23     08:33:35.787  04/24/11  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 152.11.118.227

24     08:33:35.787  04/24/11  Sev=Info/4	CM/0x63100015
Launch xAuth application

25     08:33:36.567  04/24/11  Sev=Info/4	IPSEC/0x63700008
IPSec driver successfully started

26     08:33:36.567  04/24/11  Sev=Info/4	IPSEC/0x63700014
Deleted all keys

27     08:33:43.681  04/24/11  Sev=Info/4	CM/0x63100017
xAuth application returned

28     08:33:43.681  04/24/11  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 152.11.118.227

29     08:33:44.024  04/24/11  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = 152.11.118.227

30     08:33:44.024  04/24/11  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 152.11.118.227

31     08:33:44.024  04/24/11  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 152.11.118.227

32     08:33:44.024  04/24/11  Sev=Info/4	CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

33     08:33:44.024  04/24/11  Sev=Info/5	IKE/0x6300005E
Client sending a firewall request to concentrator

34     08:33:44.024  04/24/11  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 152.11.118.227

35     08:33:44.071  04/24/11  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = 152.11.118.227

36     08:33:44.071  04/24/11  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DWR) from 152.11.118.227

37     08:33:44.071  04/24/11  Sev=Info/4	IKE/0x63000081
Delete Reason Code: 4 --> PEER_DELETE-IKE_DELETE_NO_ERROR.

38     08:33:44.071  04/24/11  Sev=Info/5	IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies:  I_Cookie=66138775FADEBAE8 R_Cookie=C38F3BBFF608B525

39     08:33:44.071  04/24/11  Sev=Info/4	IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=66138775FADEBAE8 R_Cookie=C38F3BBFF608B525) reason = PEER_DELETE-IKE_DELETE_NO_ERROR

40     08:33:44.695  04/24/11  Sev=Info/4	IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=66138775FADEBAE8 R_Cookie=C38F3BBFF608B525) reason = PEER_DELETE-IKE_DELETE_NO_ERROR

41     08:33:44.695  04/24/11  Sev=Info/4	CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "PEER_DELETE-IKE_DELETE_NO_ERROR".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

42     08:33:44.695  04/24/11  Sev=Info/5	CM/0x63100025
Initializing CVPNDrv

43     08:33:44.695  04/24/11  Sev=Info/6	CM/0x63100046
Set tunnel established flag in registry to 0.

44     08:33:44.695  04/24/11  Sev=Info/4	IKE/0x63000001
IKE received signal to terminate VPN connection

45     08:33:44.710  04/24/11  Sev=Info/4	IPSEC/0x63700014
Deleted all keys

46     08:33:44.710  04/24/11  Sev=Info/4	IPSEC/0x63700014
Deleted all keys

47     08:33:44.710  04/24/11  Sev=Info/4	IPSEC/0x63700014
Deleted all keys

48     08:33:44.710  04/24/11  Sev=Info/4	IPSEC/0x6370000A
IPSec driver successfully stopped

Open in new window

My laptop setting: Windows 7 64 bit home premium.
0
zhshqzyc
Asked:
zhshqzyc
1 Solution
 
QlemoC++ DeveloperCommented:
You need to have a look at your Cisco Concentrator (router) logs - it is terminating the connection when user authentication takes place.
0
 
lrmooreCommented:
Phase 1 completed as User authenticated, so it looks like a Phase 2 problem which normally means that your VPn client did not receive a proper IP address.
Either the server end is not configured correctly to give you a proper IP address based on your VPN group policy, or there could be a conflict with IP addresses where you are vs what you would get on VPN.
For example, your Local LAN subnet on the laptop (wireless LAN) is 192.168.1.0
AND your VPN client profile tries to give you an IP address from a pool of IP's in the 192.168.1.x range, you will have a conflict and will fail Phase 2.
0
 
koudryCommented:
Hello,

VPN client is allocated IP address from a pool of IP addresses defined for a VPN group on the VPN Server. This IP allocation to the client is based on first come first served, so it is possible the IP address pool has been used up.

It may also be worth checking with the VPN server administrator to make sure your VPN connection details are all correct.

What type of VPN client are you using and what is the OS of your laptop?

See also: http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_26370483.html

Thanks.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
zhshqzycAuthor Commented:
Sometimes it works and sometimes not.

@Qlemo:
How to look at my Cisco Concentrator (router) logs?

Open in new window


@koudry:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT

Open in new window

0
 
koudryCommented:
Hello,

Thanks for the info on the VPN client side. Could you please confirm if this is Windows 7, XP or Vista?

It says "Windows, WinNT" but it could be any of the above.

I just want to check the release note of the VPN client and any unresolved and resolved caveats.

I am not sure if you have seen the post below:

------
Re: Cisco VPN Error 427
I just encountered this exact same error message and I found that my authentication password had expired and therefore was promptly disconnecting my tunnel after I supplied my login information; hence the 427 reason code. After I reset my password, I could successfully authenticate and establish my vpn client connectivity.

So, you might verify that your username and password for authentication are correct and/or not expired.

If that is not your issue, then I found this page that states that it could possibly be a IP address allocation issue from the vpn server/concentrator.
(search the page for 427)

http://fengnet.com/book/VPNconf/ch12lev1sec6.html

My setup info: OS is WinXP Pro, client version is 5.0.03.0530, and I'm connecting to a Cisco 3030 VPN concentrator that uses active directory for the user database.

Hope that helps...
-------

Source: http://www.techsupportforum.com/forums/f139/cisco-vpn-error-427-a-242493.html

According to this post, the password could be the problem. So you may want to check that up.


Thanks.
0
 
zhshqzycAuthor Commented:
Yes. Windows 7 in installed on my laptop.
The password will expired in 10 days. But it is still working. The system reminds me to change the password everyday.
0
 
koudryCommented:
Hello,

I took a look at the release note for Cisco VPN Client 5.0.07.0290 @ http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html.  There are few advisory notes relating to W7 but none point to reason 427 in particular.

Since the Cisco VPN client release note does not give anything away, this brings me back to a cloud around the IP allocation. As stated in my previous post, the server may be having trouble allocating IP to the client for the following possible reasons:

IP pool not defined on server or it has been defined but it has been used up
Is it correct to say there is NAT on the client? If this is true, should we also have NAT on the server, i.e. do we need to have NAT-T configured on the server?

Sorry, this is another shot in the dark, but it may be worth checking if NAT-T has been configured on the server.  Since phase 1 has been completed, i.e. authentication successful, it does look like phase 2 has got a problem.

see also http://fengnet.com/book/vpnconf/ch12lev1sec6.html

Good luck.
0
 
zhshqzycAuthor Commented:
Thanks.
I have no control on the server side, so the only thing is to call the adminstrator?
And how do I know NAT on the client side?
0
 
koudryCommented:
Hello,

The VPN administrator should be able to advise whether NAT-T has been enabled or not.  

I used to think that my home ADSL modem has NAT-enabled but I have just checked via the web browser and cannot find anything.  I cannot get telnet to the modem to work, so I am sorry I cannot check.

Let's hope somebody will post some info.

Thanks.
0
 
zhshqzycAuthor Commented:
Thanks.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now