Solved

VPN suddenly stopped accepting connections

Posted on 2015-01-06
6
78 Views
Last Modified: 2015-01-19
We have been using a Cisco VPN 300 Concentrator for a better part of 8 years.  We have never had an issue, it runs like a top.  Suddlenly on yesterday, it just stopped allowing anyone to connect via a username and password.  This happens inside and outside our company.  Nothing has changed, not settings or anything.  Does anyone have any idea what this would just stop.  I do know that we have a company running NM mappers on our system.  Would that have anything to do with anything.
0
Comment
Question by:Salonge
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 40533503
Hi,

There is 2 workaround:
- reload
- Debug the device, in this case you need to login int the device and you need to provide us the log
0
 
LVL 4

Expert Comment

by:artsec
ID: 40533504
There is a known issue with such a behavior which needs framware update. There is a memory related vulnerability which cause outage. We experienced same issue a few weeks ago.
0
 

Author Comment

by:Salonge
ID: 40533727
How do I update the firmware?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Salonge
ID: 40533741
Here is one the logs - real time.  I can't read them to understand them, but maybe you can help.

9342 01/06/2015 07:53:49.570 SEV=8 IKEDBG/0 RPT=60271 128.143.161.4
SENDING Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9345 01/06/2015 07:53:49.600 SEV=8 IKEDBG/0 RPT=60272 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9348 01/06/2015 07:53:49.600 SEV=8 IKEDBG/0 RPT=60273 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9351 01/06/2015 07:53:49.600 SEV=9 IKEDBG/0 RPT=60274 128.143.161.4
processing ke payload
 
9352 01/06/2015 07:53:49.600 SEV=9 IKEDBG/0 RPT=60275 128.143.161.4
processing ISA_KE
 
9353 01/06/2015 07:53:49.600 SEV=9 IKEDBG/1 RPT=10228 128.143.161.4
processing nonce payload
 
9354 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10245 128.143.161.4
processing VID payload
 
9355 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6825 128.143.161.4
Received Cisco Unity client VID
 
9356 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10246 128.143.161.4
processing VID payload
 
9357 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6826 128.143.161.4
Received xauth V6 VID
 
9358 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10247 128.143.161.4
processing VID payload
 
9359 01/06/2015 07:53:49.600 SEV=9 IKEDBG/38 RPT=3416 128.143.161.4
Processing VPN 3000 spoofing IOS Vendor ID payload (version: 1.0.0, capabilities
: 20000409)
 
9361 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10248 128.143.161.4
processing VID payload
 
9362 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6827 128.143.161.4
Received Altiga GW VID
 
9363 01/06/2015 07:53:49.700 SEV=9 IKEDBG/0 RPT=60276 128.143.161.4
Generating keys for Initiator...
 
9364 01/06/2015 07:53:49.710 SEV=9 IKEDBG/1 RPT=10229 128.143.161.4
Group [128.143.161.4]
constructing ID
 
9365 01/06/2015 07:53:49.710 SEV=9 IKEDBG/0 RPT=60277
Group [128.143.161.4]
construct hash payload
 
9366 01/06/2015 07:53:49.710 SEV=9 IKEDBG/0 RPT=60278 128.143.161.4
Group [128.143.161.4]
computing hash
 
9367 01/06/2015 07:53:49.710 SEV=9 IKEDBG/34 RPT=3413 128.143.161.4
Constructing IOS keep alive payload: proposal=32767/32767 sec.
 
9368 01/06/2015 07:53:49.710 SEV=9 IKEDBG/46 RPT=6834 128.143.161.4
Group [128.143.161.4]
constructing dpd vid payload
 
9369 01/06/2015 07:53:49.710 SEV=8 IKEDBG/0 RPT=60279 128.143.161.4
SENDING Message (msgid=0) with payloads :
HDR + ID (5) + HASH (8) + IOS KEEPALIVE (14) + VENDOR (13) + NONE (0) ... total
length : 92
 
9372 01/06/2015 07:53:49.740 SEV=8 IKEDBG/0 RPT=60280 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + ID (5) + HASH (8) + IOS KEEPALIVE (14) + VENDOR (13) + NONE (0) ... total
length : 92
 
9375 01/06/2015 07:53:49.740 SEV=9 IKEDBG/1 RPT=10230 128.143.161.4
Group [128.143.161.4]
Processing ID
 
9376 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60281 128.143.161.4
Group [128.143.161.4]
processing hash
 
9377 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60282 128.143.161.4
Group [128.143.161.4]
computing hash
 
9378 01/06/2015 07:53:49.740 SEV=9 IKEDBG/34 RPT=3414 128.143.161.4
Processing IOS keep alive payload: proposal=32767/32767 sec.
 
9379 01/06/2015 07:53:49.740 SEV=9 IKEDBG/47 RPT=10249 128.143.161.4
Group [128.143.161.4]
processing VID payload
 
9380 01/06/2015 07:53:49.740 SEV=9 IKEDBG/49 RPT=6828 128.143.161.4
Group [128.143.161.4]
Received DPD VID
 
9381 01/06/2015 07:53:49.740 SEV=9 IKEDBG/23 RPT=1707 128.143.161.4
Group [128.143.161.4]
Starting group lookup for peer 128.143.161.4
 
9382 01/06/2015 07:53:49.740 SEV=8 AUTHDBG/1 RPT=11459
AUTH_Open() returns -1
 
9383 01/06/2015 07:53:49.740 SEV=7 AUTH/12 RPT=11459
Authentication session opened: handle = -1
 
9384 01/06/2015 07:53:49.740 SEV=7 IKEDBG/0 RPT=60283 128.143.161.4
Group [128.143.161.4]
Failed opening authentication session!
 
9385 01/06/2015 07:53:49.740 SEV=2 IKE/0 RPT=8406 128.143.161.4
Group [128.143.161.4]
Phase 1 authentication could not be initiated!
 
9386 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60284 128.143.161.4
Group [128.143.161.4]
IKE SA MM:ea4ea430 terminating:
flags 0x0100c022, refcnt 0, tuncnt 0
 
9388 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60285
sending delete message
 
9389 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60286 128.143.161.4
Group [128.143.161.4]
constructing blank hash
 
9390 01/06/2015 07:53:49.750 SEV=9 IKEDBG/0 RPT=60287
constructing delete payload
 
9391 01/06/2015 07:53:49.750 SEV=9 IKEDBG/0 RPT=60288 128.143.161.4
Group [128.143.161.4]
constructing qm hash
 
9392 01/06/2015 07:53:49.750 SEV=8 IKEDBG/0 RPT=60289 128.143.161.4
SENDING Message (msgid=93ee666c) with payloads :
HDR + HASH (8) + DELETE (12) + NONE (0) ... total length : 76
 
9394 01/06/2015 07:53:49.750 SEV=6 IKE/38 RPT=3233 128.143.161.4
Header invalid, missing SA payload! (next payload = 8)
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 40535670
please reload it
0
 

Author Comment

by:Salonge
ID: 40535690
I am also getting a message in the logs that said http 404 unable to location /favicon.ico.  I have a hospital that uses our VPN to receive x-rays.  That is working just fine.  We are just unable to remote sessions to the concentrator.

How do I reload it and not loose the configuration to the hospital?
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now