?
Solved

Cisco roaming VPN fails

Posted on 2014-08-13
4
Medium Priority
?
297 Views
Last Modified: 2014-09-11
Hi all,
I have an issue I can't fix. Have a Cisco ASA 5505 v9.0(3) which works fine with site to site VPN.
However when I run the Remote Access VPN wizard to enable a roaming VPN for legacy clients it will not connect.
I get the user authentication tab, so I enter my locally defined user and password, then I see "Securing communications channel" then "Not Connected".

Client log shows
568    17:10:50.921  08/13/14  Sev=Info/4      IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=F263B2A36FEB6E76 R_Cookie=30FFBCC996336A76) reason = DEL_REASON_IKE_NEG_FAILED

569    17:10:50.921  08/13/14  Sev=Info/4      CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

570    17:10:50.999  08/13/14  Sev=Info/4      IKE/0x63000001
IKE received signal to terminate VPN connection

571    17:10:51.966  08/13/14  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

572    17:10:51.966  08/13/14  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

573    17:10:51.966  08/13/14  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

574    17:10:51.966  08/13/14  Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped


On the ASA "debug Crypto ISAKMP" shows

 Aug 13 17:12:25 [IKEv1]Group = RoamingtotheRemoteSite098, Username = abarclay, IP = x.x.217.189, QM FSM error (P2 struct &0xcbb73a48, mess id              0xa282a5ed)!
Aug 13 17:12:25 [IKEv1]Group = RoamingtotheRemoteSite098, Username = abarclay, IP = x.x.217.189, Removing peer from correlator table failed, no match!
Aug 13 17:12:25 [IKEv1]Group = RoamingtotheRemoteSite098, Username = abarclay, IP = x.x.217.189, Session is being torn down. Reason: crypto map policy not found


I am at a loss to understand what is going on - it looks like it will connect then will not.

Strangely I can connect using my iPhone VPN client !
Any help would be gratefully appreciated.
Thanks,
Alasdair
0
Comment
Question by:Alasdairb
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 40260477
What client PC? Windwos 8 with IPSEC you might need to do this

Windows 8 and Cisco (IPSEC) VPN Client


Pete
0
 

Accepted Solution

by:
Alasdairb earned 0 total points
ID: 40292219
Sorry for not replying - I didn't get a mail saying I had a respons0, I thought nobody had answered... as it turns out the roaming VPN works perfectly everywhere except in the office that uses site - to -site VPN. So I assume the ASAs were getting confused between site to site (which was already established and working fine) and me trying to use roaming VPN to the same destination. So I never needed to research any further. So I need to withdraw / close this question somehow....
0
 

Author Comment

by:Alasdairb
ID: 40292256
Pete,
thanks for taking the time to reply, I will bear this in mind when I finally jump to Windows 8.
Best regards

Alasdair
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question