Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco VPN no longer works - PIX 515e

Posted on 2013-11-08
11
Medium Priority
?
378 Views
Last Modified: 2014-07-19
Hi Expert guru's,

I'm having an issue here where our Cisco VPN no longer works. Yesterday, our PIX 515e took a crap and I had to restore the config file. Firewall is back up and operational now, but issue is now management is unable to connect via VPN.

We uses Version 4.6.03 & 5.0.07 of the VPN client. I compared both config files side by side and both are identical. I don't understand why it's not working and my Cisco knowledge is limited.

Here is the log that I received when trying to connect:

Any help is greatly appreciated! Thank you.


------------------------------------------------------------------------------
Cisco Systems VPN Client Version 4.6.03.0021
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
Config file directory: C:\Program Files\Cisco Systems\VPN Client\

1      10:05:54.437  11/08/13  Sev=Warning/3    IKE/0xE3000056
The received HASH payload cannot be verified

2      10:05:54.453  11/08/13  Sev=Warning/2    IKE/0xE300007D
Hash verification failed... may be configured with invalid group password.

3      10:05:54.453  11/08/13  Sev=Warning/2    IKE/0xE3000099
Failed to authenticate peer (Navigator:904)

4      10:05:54.453  11/08/13  Sev=Warning/2    IKE/0xE30000A5
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2202)

5      10:06:05.109  11/08/13  Sev=Warning/3    IKE/0xE3000056
The received HASH payload cannot be verified

6      10:06:05.109  11/08/13  Sev=Warning/2    IKE/0xE300007D
Hash verification failed... may be configured with invalid group password.

7      10:06:05.109  11/08/13  Sev=Warning/2    IKE/0xE3000099
Failed to authenticate peer (Navigator:904)

8      10:06:05.109  11/08/13  Sev=Warning/2    IKE/0xE30000A5
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2202)
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39634341
I think you might want to look at:

Hash verification failed... may be configured with invalid group password

Do you still know what the group password is or should be?
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 39634362
I've not seen a PIX just lose it's config before.

however, from your log above

Hash verification failed... may be configured with invalid group password.

Open in new window


I would check the Cisco client prf file to make sure that the group password has not changed between the backup that you restored, and the live config when it was running.

Although the password is encrypted in the prf file, there are several tools that can decrypt it.

I use rancid to ensure that any changes to the config are automatically archived.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39634363
You should have something like:
tunnel-group RAVPN ipsec-attributes
pre-shared-key *****


In your config. Might differ a bit, depending on the version of the PIX.
This is where the group password is set. This is also set in the VPN client.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39634368
This is also set in the VPN client.
Ah, like ArneLovius said.
Have to remember to refresh before posting :)
0
 

Author Comment

by:ZerodotZerodotZerodotZero
ID: 39634401
Group password has been reset. New Group name has been setup with a new Group password and still no go.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39634411
Just to make sure, you also changed that at the clients side?
0
 

Author Comment

by:ZerodotZerodotZerodotZero
ID: 39634436
yes, on the client side as well.
0
 

Author Comment

by:ZerodotZerodotZerodotZero
ID: 39634476
I may have figured this out. Will confirm.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39634586
Do let us know :)
0
 

Accepted Solution

by:
ZerodotZerodotZerodotZero earned 0 total points
ID: 39634828
I'm not sure if this have anything to do with it, but I rebooted the firewall and now everything seems to be working.

Management confirmed they are all able to get connected.
0
 

Author Closing Comment

by:ZerodotZerodotZerodotZero
ID: 40206059
Rebooted the firewall resolved the issue.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question