• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 125
  • Last Modified:

VPN suddenly stopped accepting connections

We have been using a Cisco VPN 300 Concentrator for a better part of 8 years.  We have never had an issue, it runs like a top.  Suddlenly on yesterday, it just stopped allowing anyone to connect via a username and password.  This happens inside and outside our company.  Nothing has changed, not settings or anything.  Does anyone have any idea what this would just stop.  I do know that we have a company running NM mappers on our system.  Would that have anything to do with anything.
0
Salonge
Asked:
Salonge
  • 3
  • 2
1 Solution
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

There is 2 workaround:
- reload
- Debug the device, in this case you need to login int the device and you need to provide us the log
0
 
artsecCommented:
There is a known issue with such a behavior which needs framware update. There is a memory related vulnerability which cause outage. We experienced same issue a few weeks ago.
0
 
SalongeAuthor Commented:
How do I update the firmware?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
SalongeAuthor Commented:
Here is one the logs - real time.  I can't read them to understand them, but maybe you can help.

9342 01/06/2015 07:53:49.570 SEV=8 IKEDBG/0 RPT=60271 128.143.161.4
SENDING Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9345 01/06/2015 07:53:49.600 SEV=8 IKEDBG/0 RPT=60272 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9348 01/06/2015 07:53:49.600 SEV=8 IKEDBG/0 RPT=60273 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13
) + NONE (0) ... total length : 256
 
9351 01/06/2015 07:53:49.600 SEV=9 IKEDBG/0 RPT=60274 128.143.161.4
processing ke payload
 
9352 01/06/2015 07:53:49.600 SEV=9 IKEDBG/0 RPT=60275 128.143.161.4
processing ISA_KE
 
9353 01/06/2015 07:53:49.600 SEV=9 IKEDBG/1 RPT=10228 128.143.161.4
processing nonce payload
 
9354 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10245 128.143.161.4
processing VID payload
 
9355 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6825 128.143.161.4
Received Cisco Unity client VID
 
9356 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10246 128.143.161.4
processing VID payload
 
9357 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6826 128.143.161.4
Received xauth V6 VID
 
9358 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10247 128.143.161.4
processing VID payload
 
9359 01/06/2015 07:53:49.600 SEV=9 IKEDBG/38 RPT=3416 128.143.161.4
Processing VPN 3000 spoofing IOS Vendor ID payload (version: 1.0.0, capabilities
: 20000409)
 
9361 01/06/2015 07:53:49.600 SEV=9 IKEDBG/47 RPT=10248 128.143.161.4
processing VID payload
 
9362 01/06/2015 07:53:49.600 SEV=9 IKEDBG/49 RPT=6827 128.143.161.4
Received Altiga GW VID
 
9363 01/06/2015 07:53:49.700 SEV=9 IKEDBG/0 RPT=60276 128.143.161.4
Generating keys for Initiator...
 
9364 01/06/2015 07:53:49.710 SEV=9 IKEDBG/1 RPT=10229 128.143.161.4
Group [128.143.161.4]
constructing ID
 
9365 01/06/2015 07:53:49.710 SEV=9 IKEDBG/0 RPT=60277
Group [128.143.161.4]
construct hash payload
 
9366 01/06/2015 07:53:49.710 SEV=9 IKEDBG/0 RPT=60278 128.143.161.4
Group [128.143.161.4]
computing hash
 
9367 01/06/2015 07:53:49.710 SEV=9 IKEDBG/34 RPT=3413 128.143.161.4
Constructing IOS keep alive payload: proposal=32767/32767 sec.
 
9368 01/06/2015 07:53:49.710 SEV=9 IKEDBG/46 RPT=6834 128.143.161.4
Group [128.143.161.4]
constructing dpd vid payload
 
9369 01/06/2015 07:53:49.710 SEV=8 IKEDBG/0 RPT=60279 128.143.161.4
SENDING Message (msgid=0) with payloads :
HDR + ID (5) + HASH (8) + IOS KEEPALIVE (14) + VENDOR (13) + NONE (0) ... total
length : 92
 
9372 01/06/2015 07:53:49.740 SEV=8 IKEDBG/0 RPT=60280 128.143.161.4
RECEIVED Message (msgid=0) with payloads :
HDR + ID (5) + HASH (8) + IOS KEEPALIVE (14) + VENDOR (13) + NONE (0) ... total
length : 92
 
9375 01/06/2015 07:53:49.740 SEV=9 IKEDBG/1 RPT=10230 128.143.161.4
Group [128.143.161.4]
Processing ID
 
9376 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60281 128.143.161.4
Group [128.143.161.4]
processing hash
 
9377 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60282 128.143.161.4
Group [128.143.161.4]
computing hash
 
9378 01/06/2015 07:53:49.740 SEV=9 IKEDBG/34 RPT=3414 128.143.161.4
Processing IOS keep alive payload: proposal=32767/32767 sec.
 
9379 01/06/2015 07:53:49.740 SEV=9 IKEDBG/47 RPT=10249 128.143.161.4
Group [128.143.161.4]
processing VID payload
 
9380 01/06/2015 07:53:49.740 SEV=9 IKEDBG/49 RPT=6828 128.143.161.4
Group [128.143.161.4]
Received DPD VID
 
9381 01/06/2015 07:53:49.740 SEV=9 IKEDBG/23 RPT=1707 128.143.161.4
Group [128.143.161.4]
Starting group lookup for peer 128.143.161.4
 
9382 01/06/2015 07:53:49.740 SEV=8 AUTHDBG/1 RPT=11459
AUTH_Open() returns -1
 
9383 01/06/2015 07:53:49.740 SEV=7 AUTH/12 RPT=11459
Authentication session opened: handle = -1
 
9384 01/06/2015 07:53:49.740 SEV=7 IKEDBG/0 RPT=60283 128.143.161.4
Group [128.143.161.4]
Failed opening authentication session!
 
9385 01/06/2015 07:53:49.740 SEV=2 IKE/0 RPT=8406 128.143.161.4
Group [128.143.161.4]
Phase 1 authentication could not be initiated!
 
9386 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60284 128.143.161.4
Group [128.143.161.4]
IKE SA MM:ea4ea430 terminating:
flags 0x0100c022, refcnt 0, tuncnt 0
 
9388 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60285
sending delete message
 
9389 01/06/2015 07:53:49.740 SEV=9 IKEDBG/0 RPT=60286 128.143.161.4
Group [128.143.161.4]
constructing blank hash
 
9390 01/06/2015 07:53:49.750 SEV=9 IKEDBG/0 RPT=60287
constructing delete payload
 
9391 01/06/2015 07:53:49.750 SEV=9 IKEDBG/0 RPT=60288 128.143.161.4
Group [128.143.161.4]
constructing qm hash
 
9392 01/06/2015 07:53:49.750 SEV=8 IKEDBG/0 RPT=60289 128.143.161.4
SENDING Message (msgid=93ee666c) with payloads :
HDR + HASH (8) + DELETE (12) + NONE (0) ... total length : 76
 
9394 01/06/2015 07:53:49.750 SEV=6 IKE/38 RPT=3233 128.143.161.4
Header invalid, missing SA payload! (next payload = 8)
0
 
Istvan KalmarHead of IT Security Division Commented:
please reload it
0
 
SalongeAuthor Commented:
I am also getting a message in the logs that said http 404 unable to location /favicon.ico.  I have a hospital that uses our VPN to receive x-rays.  That is working just fine.  We are just unable to remote sessions to the concentrator.

How do I reload it and not loose the configuration to the hospital?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now