Solved

Cisco VPN secure vpn connection terminated locally by the client eason 412: the remote peer is no longer responding

Posted on 2013-01-04
6
1,719 Views
Last Modified: 2013-02-14
Hi guys,

I have looked around this topic:
"Cisco VPN secure vpn connection terminated locally by the client eason 412: the remote peer is no longer responding"

but so far I have not found a solution for my problem, this is my scenario:
I have several clients working with cisco vpn clients without problem, but I have one particular user that can't connect to my ASA, my VPN configuration was modified to have these service in port 80, as I said before, all users are working and only one is having problems, after check and troubleshoot, I have found that this user is not able to do a ping to my IP(all other can do ping), I check that he can go to any web site, so port 80 is open :) , but ping is not enabled.
My question: Cisco VPN client need to perform a ping to check if the peer is up when he is establishing the connection?

Thanks for your help guys
0
Comment
Question by:yassel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 12

Expert Comment

by:ibrahim52
ID: 38744533
is it static IP or dynamic URL and If you can try un-installing network drivers through device manager and installing it back.
0
 

Author Comment

by:yassel
ID: 38744545
is an static IP, and I try in the same client with 4 machines :(, 2 new instalations of windows XP, 7, and a linux, all are the same OS that is working in my other clients, and as last resort, I went to the offices of my client, and I check with my laptop and I get the same result.
0
 
LVL 5

Assisted Solution

by:Leeeee
Leeeee earned 250 total points
ID: 38744688
If it's limited to one user in a specific location in which you tested and experienced the same issue, it may be an access restriction on the equipment at that site..as in an ACL on a firewall/router.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:yassel
ID: 38744714
Hi Leeeee,

well, so far the only restriction that I have found was the ping, the client does not have any ACL limiting port 80 outbound, remember that my VPN service is hosted in port 80, exactly to avoid any miss configuration or any ISP restriction.

If you use port 80 to make the connection, that is the only port used between the cisco client and my ASA?

And of course the Cisco VPN client is configured to use IPsec over TCP

PD: the ping restriction was imposed by the ISP
0
 

Accepted Solution

by:
Cybersree earned 250 total points
ID: 38744797
Can you do a debug while trying the VPN connection from the particular user.? This is just to understand that the user is able to hit your ASA, if so what is happening..

debug crypto isakmp

Hope that this link would help you to troubleshoot.. :  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

If you donot see any hits then the issue in reachability.
0
 

Author Comment

by:yassel
ID: 38744981
I'm working in that point of view Cybersree, actually you are right, I have done a simple telnet test to port 80 and I don't get any connection attempt to my ASA, I have trying from another place and I get at least the IP coming to my ASA on port 80, so I need to check with the ISP of this user, WOW a simple connection on port 80 not working, something that not come to my mind at all.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Read about achieving the basic levels of HRIS security in the workplace.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question