?
Solved

VPN suddenly stopped accepting connections

Posted on 2015-01-06
6
Medium Priority
?
118 Views
Last Modified: 2015-01-19
We have been using a Cisco VPN 300 Concentrator for a better part of 8 years.  We have never had an issue, it runs like a top.  Suddlenly on yesterday, it just stopped allowing anyone to connect via a username and password.  This happens inside and outside our company.  Nothing has changed, not settings or anything.  Does anyone have any idea what this would just stop.  I do know that we have a company running NM mappers on our system.  Would that have anything to do with anything.
0
Comment
Question by:Salonge
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 40533503
Hi,

There is 2 workaround:
- reload
- Debug the device, in this case you need to login int the device and you need to provide us the log
0
 
LVL 4

Expert Comment

by:artsec
ID: 40533504
There is a known issue with such a behavior which needs framware update. There is a memory related vulnerability which cause outage. We experienced same issue a few weeks ago.
0
 

Author Comment

by:Salonge
ID: 40533727
How do I update the firmware?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:Salonge
ID: 40533741
Here is one the logs - real time.  I can't read them to understand them, but maybe you can help.

9342 01/06/2015 07:53:49.570 SEV=8 IKEDBG/0 RPT=60271 128.143.161.4
SENDING Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9345 01/06/2015 07:53:49.600 SEV=8 IKEDBG/0 RPT=60272 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9348 01/06/2015 07:53:49.600 SEV=8 IKEDBG/0 RPT=60273 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9351 01/06/2015 07:53:49.600 SEV=9 IKEDBG/0 RPT=60274 128.143.161.4
processing ke payload
 
9352 01/06/2015 07:53:49.600 SEV=9 IKEDBG/0 RPT=60275 128.143.161.4
processing ISA_KE
 
9353 01/06/2015 07:53:49.600 SEV=9 IKEDBG/1 RPT=10228 128.143.161.4
processing nonce payload
 
9354 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10245 128.143.161.4
processing VID payload
 
9355 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6825 128.143.161.4
Received Cisco Unity client VID
 
9356 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10246 128.143.161.4
processing VID payload
 
9357 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6826 128.143.161.4
Received xauth V6 VID
 
9358 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10247 128.143.161.4
processing VID payload
 
9359 01/06/2015 07:53:49.600 SEV=9 IKEDBG/38 RPT=3416 128.143.161.4
Processing VPN 3000 spoofing IOS Vendor ID payload (version: 1.0.0, capabilities
: 20000409)
 
9361 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10248 128.143.161.4
processing VID payload
 
9362 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6827 128.143.161.4
Received Altiga GW VID
 
9363 01/06/2015 07:53:49.700 SEV=9 IKEDBG/0 RPT=60276 128.143.161.4
Generating keys for Initiator...
 
9364 01/06/2015 07:53:49.710 SEV=9 IKEDBG/1 RPT=10229 128.143.161.4
Group [128.143.161.4]
constructing ID
 
9365 01/06/2015 07:53:49.710 SEV=9 IKEDBG/0 RPT=60277
Group [128.143.161.4]
construct hash payload
 
9366 01/06/2015 07:53:49.710 SEV=9 IKEDBG/0 RPT=60278 128.143.161.4
Group [128.143.161.4]
computing hash
 
9367 01/06/2015 07:53:49.710 SEV=9 IKEDBG/34 RPT=3413 128.143.161.4
Constructing IOS keep alive payload: proposal=32767/32767 sec.
 
9368 01/06/2015 07:53:49.710 SEV=9 IKEDBG/46 RPT=6834 128.143.161.4
Group [128.143.161.4]
constructing dpd vid payload
 
9369 01/06/2015 07:53:49.710 SEV=8 IKEDBG/0 RPT=60279 128.143.161.4
SENDING Message (msgid=0) with payloads :
HDR + ID (5) + HASH (8) + IOS KEEPALIVE (14) + VENDOR (13) + NONE (0) ... total
length : 92
 
9372 01/06/2015 07:53:49.740 SEV=8 IKEDBG/0 RPT=60280 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + ID (5) + HASH (8) + IOS KEEPALIVE (14) + VENDOR (13) + NONE (0) ... total
length : 92
 
9375 01/06/2015 07:53:49.740 SEV=9 IKEDBG/1 RPT=10230 128.143.161.4
Group [128.143.161.4]
Processing ID
 
9376 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60281 128.143.161.4
Group [128.143.161.4]
processing hash
 
9377 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60282 128.143.161.4
Group [128.143.161.4]
computing hash
 
9378 01/06/2015 07:53:49.740 SEV=9 IKEDBG/34 RPT=3414 128.143.161.4
Processing IOS keep alive payload: proposal=32767/32767 sec.
 
9379 01/06/2015 07:53:49.740 SEV=9 IKEDBG/47 RPT=10249 128.143.161.4
Group [128.143.161.4]
processing VID payload
 
9380 01/06/2015 07:53:49.740 SEV=9 IKEDBG/49 RPT=6828 128.143.161.4
Group [128.143.161.4]
Received DPD VID
 
9381 01/06/2015 07:53:49.740 SEV=9 IKEDBG/23 RPT=1707 128.143.161.4
Group [128.143.161.4]
Starting group lookup for peer 128.143.161.4
 
9382 01/06/2015 07:53:49.740 SEV=8 AUTHDBG/1 RPT=11459
AUTH_Open() returns -1
 
9383 01/06/2015 07:53:49.740 SEV=7 AUTH/12 RPT=11459
Authentication session opened: handle = -1
 
9384 01/06/2015 07:53:49.740 SEV=7 IKEDBG/0 RPT=60283 128.143.161.4
Group [128.143.161.4]
Failed opening authentication session!
 
9385 01/06/2015 07:53:49.740 SEV=2 IKE/0 RPT=8406 128.143.161.4
Group [128.143.161.4]
Phase 1 authentication could not be initiated!
 
9386 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60284 128.143.161.4
Group [128.143.161.4]
IKE SA MM:ea4ea430 terminating:
flags 0x0100c022, refcnt 0, tuncnt 0
 
9388 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60285
sending delete message
 
9389 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60286 128.143.161.4
Group [128.143.161.4]
constructing blank hash
 
9390 01/06/2015 07:53:49.750 SEV=9 IKEDBG/0 RPT=60287
constructing delete payload
 
9391 01/06/2015 07:53:49.750 SEV=9 IKEDBG/0 RPT=60288 128.143.161.4
Group [128.143.161.4]
constructing qm hash
 
9392 01/06/2015 07:53:49.750 SEV=8 IKEDBG/0 RPT=60289 128.143.161.4
SENDING Message (msgid=93ee666c) with payloads :
HDR + HASH (8) + DELETE (12) + NONE (0) ... total length : 76
 
9394 01/06/2015 07:53:49.750 SEV=6 IKE/38 RPT=3233 128.143.161.4
Header invalid, missing SA payload! (next payload = 8)
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 2000 total points
ID: 40535670
please reload it
0
 

Author Comment

by:Salonge
ID: 40535690
I am also getting a message in the logs that said http 404 unable to location /favicon.ico.  I have a hospital that uses our VPN to receive x-rays.  That is working just fine.  We are just unable to remote sessions to the concentrator.

How do I reload it and not loose the configuration to the hospital?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question