2012-03-08 11:48 AM
以下環境でCisco VPN ClientからIPSecVPNの接続ができない状況です。
原因等、お分かりになりましたらご教授頂ければ幸いです。
[接続環境]
■クライアントPC
OS:Windows XP Professional
Cisco VPN Client:バージョン4.6.03.0021
インターネット:Bフレッツ回線PPPoE接続
111.216.xxx.xxx/32
■Cisco VPN Client設定
ホスト:210.xxx.xxx.xxx
→ASA 5505のWAN側のIPアドレスでこちらもBフレッツ回線によるPPPoE接続
認証:グループ認証(Group = ITS-MNG_xxxxx)
トランスポート:「透過的トン絵リングを有効にする」のチェックを外す
■事象
グループ認証(ITS-MNG_xxxxx)とユーザ認証(mngxx)は通過するものの、
その先が進まず、VPN Client 画面左したのメッセージ欄で「接続されていません。」
と表示されます。
■ASA 5505
関連する箇所の設定は以下の通りです。
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group CHN
ip address pppoe setroute
interface Vlan461
nameif inside_461
security-level 100
ip address 10.244.61.254 255.255.255.0
!
interface Vlan481
no forward interface Vlan461
nameif inside_481
security-level 100
ip address 10.244.81.254 255.
access-list acl_nat2 extended permit ip 10.244.61.0 255.255.255.0 any
access-list inside_nat0_outbound extended permit ip 10.244.81.0 255.255.255.0 10.244.81.224 255.255.255.240
access-list acl_nat0 extended permit ip 10.244.81.0 255.255.255.0 any
access-list inside_nat2_outbound extended permit ip 10.244.61.0 255.255.255.0 192.168.100.0 255.255.255.0
ip local pool IPsec01-User1 10.244.81.225-10.244.81.230 mask 255.255.255.0
global (outside) 2 interface
nat (inside_461) 0 access-list inside_nat2_outbound
nat (inside_461) 2 access-list acl_nat2
nat (inside_481) 2 access-list acl_nat0
access-group acl_out in interface outside
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 2
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
group-policy grppolicy internal
group-policy grppolicy attributes
vpn-tunnel-protocol svc
group-policy IPsec01 internal
group-policy IPsec01 attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value toDC_splitTunnelAcl
username mngxx password gGRri9RDSitdFNAI encrypted
username mngxx attributes
vpn-group-policy IPsec01
tunnel-group ITS-MNG_xxxxx type remote-access
tunnel-group ITS-MNG_xxxxx general-attributes
address-pool IPsec01-User1
default-group-policy IPsec01
tunnel-group ITS-MNG_xxxxx ipsec-attributes
pre-shared-key *
■各種ログ
・「ASA 5505のshow logより
[考察]
PHASE 1,2まではCOMPLETEDとなっているがその先で接続できない状況と想定。
Mar 08 2012 09:42:21: %ASA-5-713130: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Received unsupported transaction mode attribute: 5
Mar 08 2012 09:42:21: %ASA-5-713119: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, PHASE 1 COMPLETED
Mar 08 2012 09:42:21: %ASA-5-713075: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds
Mar 08 2012 09:42:21: %ASA-5-713049: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Security negotiation complete for User (mngxx) Responder, Inbound SPI = 0xa2a1c5f7, Outbound SPI = 0x35567485
Mar 08 2012 09:42:21: %ASA-5-713120: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, PHASE 2 COMPLETED (msgid=7370cf62)
Mar 08 2012 09:42:21: %ASA-5-713050: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Connection terminated for peer mngxx. Reason: Peer Terminate Remote Proxy 10.244.81.225, Local Proxy 0.0.0.0
Mar 08 2012 09:42:21: %ASA-4-113019: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Session disconnected. Session Type: IPsec, Duration: 0h:00m:06s, Bytes xmt: 0, Bytes rcv: 0, Reason: User RequestedMar 08 2012 09:42:21: %ASA-5-713130: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.114.111, Received unsupported transaction mode attribute: 5
Mar 08 2012 09:42:21: %ASA-5-713119: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, PHASE 1 COMPLETED
Mar 08 2012 09:42:21: %ASA-5-713075: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds
Mar 08 2012 09:42:21: %ASA-5-713049: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Security negotiation complete for User (mngxx) Responder, Inbound SPI = 0xa2a1c5f7, Outbound SPI = 0x35567485
Mar 08 2012 09:42:21: %ASA-5-713120: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, PHASE 2 COMPLETED (msgid=7370cf62)
Mar 08 2012 09:42:21: %ASA-5-713050: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Connection terminated for peer mngxx. Reason: Peer Terminate Remote Proxy 10.244.81.225, Local Proxy 0.0.0.0
Mar 08 2012 09:42:21: %ASA-4-113019: Group = ITS-MNG_xxxxx, Username = mngxx, IP = 111.216.xxx.xxx, Session disconnected. Session Type: IPsec, Duration: 0h:00m:06s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
・VPN Clientのログより
Cisco Systems VPN Client Version 4.6.03.0021
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
262 11:06:31.039 03/08/12 Sev=Info/4 CM/0x63100002
Begin connection process
263 11:06:31.055 03/08/12 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
264 11:06:31.055 03/08/12 Sev=Info/4 CM/0x63100024
Attempt connection with server "210.xxx.xxx.xxx"
265 11:06:31.071 03/08/12 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 210.xxx.xxx.xxx.
266 11:06:31.086 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to 210.xxx.xxx.xxx
267 11:06:31.102 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
268 11:06:31.102 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?)) from 210.xxx.xxx.xxx
269 11:06:31.102 03/08/12 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
270 11:06:31.102 03/08/12 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
271 11:06:31.102 03/08/12 Sev=Info/5 IKE/0x63000001
Peer supports DPD
272 11:06:31.118 03/08/12 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
273 11:06:31.118 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to 210.xxx.xxx.xxx
274 11:06:31.133 03/08/12 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
275 11:06:31.133 03/08/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
276 11:06:31.133 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
277 11:06:31.149 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 210.xxx.xxx.xxx
278 11:06:31.149 03/08/12 Sev=Info/4 CM/0x63100015
Launch xAuth application
279 11:06:31.211 03/08/12 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
280 11:06:31.211 03/08/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
281 11:06:31.211 03/08/12 Sev=Info/6 IPSEC/0x6370002B
PPPoE Protocol has been detected.
282 11:06:33.352 03/08/12 Sev=Info/4 CM/0x63100017
xAuth application returned
283 11:06:33.352 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 210.xxx.xxx.xxx
284 11:06:33.368 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
285 11:06:33.368 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 210.xxx.xxx.xxx
286 11:06:33.368 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 210.xxx.xxx.xxx
287 11:06:33.368 03/08/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
288 11:06:33.430 03/08/12 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
289 11:06:33.430 03/08/12 Sev=Info/5 IKE/0x6300005D
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).
290 11:06:33.430 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 210.xxx.xxx.xxx
291 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
292 11:06:33.461 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 210.xxx.xxx.xxx
293 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.244.81.225
294 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
295 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
296 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000002
297 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 10.244.81.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
298 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #2
subnet = 10.244.61.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
299 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
300 11:06:33.461 03/08/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.2(1) built by builders on Tue 05-May-09 22:45
301 11:06:33.461 03/08/12 Sev=Info/4 CM/0x63100019
Mode Config data received
302 11:06:33.493 03/08/12 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 10.244.81.225, GW IP = 210.xxx.xxx.xxx, Remote IP = 0.0.0.0
303 11:06:33.493 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 210.xxx.xxx.xxx
304 11:06:33.508 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
305 11:06:33.508 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 210.xxx.xxx.xxx
306 11:06:33.508 03/08/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
307 11:06:33.508 03/08/12 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 2 seconds, setting expiry to 86398 seconds from now
308 11:06:33.508 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
309 11:06:33.524 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 210.xxx.xxx.xxx
310 11:06:33.524 03/08/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
311 11:06:33.524 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 210.xxx.xxx.xxx
312 11:06:33.524 03/08/12 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=2E8C8617 OUTBOUND SPI = 0xA6892F13 INBOUND SPI = 0x02C79F18)
313 11:06:33.524 03/08/12 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xA6892F13
314 11:06:33.524 03/08/12 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x02C79F18
315 11:06:33.524 03/08/12 Sev=Warning/2 CVPND/0xE3400003
Function RegOpenKey failed with an error code of 0x00000002(WindowsVirtualAdapter:558)
316 11:06:33.524 03/08/12 Sev=Warning/3 CVPND/0xE340000C
The Client was unable to enable the Virtual Adapter because it could not open the device.
317 11:06:33.539 03/08/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 115.162.91.135 115.162.91.135 1
110.66.250.202 255.255.255.255 115.162.91.135 115.162.91.135 1
115.162.91.135 255.255.255.255 127.0.0.1 127.0.0.1 50
115.255.255.255 255.255.255.255 115.162.91.135 115.162.91.135 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.221.11 169.254.221.11 20
169.254.221.11 255.255.255.255 127.0.0.1 127.0.0.1 20
169.254.255.255 255.255.255.255 169.254.221.11 169.254.221.11 20
224.0.0.0 240.0.0.0 169.254.221.11 169.254.221.11 20
224.0.0.0 240.0.0.0 115.162.91.135 115.162.91.135 1
255.255.255.255 255.255.255.255 115.162.91.135 115.162.91.135 1
255.255.255.255 255.255.255.255 169.254.221.11 169.254.221.11 1
318 11:06:33.539 03/08/12 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
319 11:06:33.539 03/08/12 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
320 11:06:33.539 03/08/12 Sev=Warning/2 CVPND/0xE3400003
Function RegOpenKey failed with an error code of 0x00000002(WindowsVirtualAdapter:558)
321 11:06:33.539 03/08/12 Sev=Warning/3 CVPND/0xE340000C
The Client was unable to enable the Virtual Adapter because it could not open the device.
322 11:06:33.539 03/08/12 Sev=Warning/2 IKE/0xE3000099
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
323 11:06:33.539 03/08/12 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2202)
324 11:06:33.539 03/08/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 210.xxx.xxx.xxx
325 11:06:33.539 03/08/12 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = A6892F13 INBOUND SPI = 2C79F18)
326 11:06:33.539 03/08/12 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=2E8C8617
327 11:06:33.555 03/08/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 210.xxx.xxx.xxx
328 11:06:33.555 03/08/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from 210.xxx.xxx.xxx
329 11:06:33.555 03/08/12 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=6AD1BD604CD5EAB1 R_Cookie=C9768016B817E57D
330 11:06:33.555 03/08/12 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=6AD1BD604CD5EAB1 R_Cookie=C9768016B817E57D) reason = Unknown
331 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
332 11:06:33.680 03/08/12 Sev=Info/6 IPSEC/0x6370002B
PPPoE Protocol has been detected.
333 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
334 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x132f89a6 into key list
335 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
336 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x189fc702 into key list
337 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x189fc702
338 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x189fc702
339 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x132f89a6
340 11:06:33.680 03/08/12 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x132f89a6
341 11:06:34.180 03/08/12 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=6AD1BD604CD5EAB1 R_Cookie=C9768016B817E57D) reason = Unknown
342 11:06:34.180 03/08/12 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
343 11:06:34.180 03/08/12 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
344 11:06:34.180 03/08/12 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
345 11:06:34.196 03/08/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
346 11:06:34.196 03/08/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
347 11:06:34.196 03/08/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
348 11:06:34.196 03/08/12 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
■Cisco ASA 5505のバージョン
opfw001# sh version
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
opfw001 up 61 days 15 hours
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 8843.e111.de35, irq 11
1: Ext: Ethernet0/0 : address is 8843.e111.de2d, irq 255
2: Ext: Ethernet0/1 : address is 8843.e111.de2e, irq 255
3: Ext: Ethernet0/2 : address is 8843.e111.de2f, irq 255
4: Ext: Ethernet0/3 : address is 8843.e111.de30, irq 255
5: Ext: Ethernet0/4 : address is 8843.e111.de31, irq 255
6: Ext: Ethernet0/5 : address is 8843.e111.de32, irq 255
7: Ext: Ethernet0/6 : address is 8843.e111.de33, irq 255
8: Ext: Ethernet0/7 : address is 8843.e111.de34, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 50
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
何か、お気づきの点等あればご教授頂ければ幸いです。
2012-03-16 08:32 PM
こんばんは。加藤と申します。
VPNクライアント側に下記のようなログがありますね。
--------------------------------------------------------
315 11:06:33.524 03/08/12 Sev=Warning/2 CVPND/0xE3400003
Function RegOpenKey failed with an error code of 0x00000002(WindowsVirtualAdapter:558)
316 11:06:33.524 03/08/12 Sev=Warning/3 CVPND/0xE340000C
The Client was unable to enable the Virtual Adapter because it could not open the device.
--------------------------------------------------------
下記FAQの事例に近いかと思いますので、VPNクライアントのアンインストール/再インストールを試してみてはいかがでしょうか。
============================
Cisco VPN Client に関する FAQ
http://www.cisco.com/cisco/web/support/JP/102/1020/1020616_vpnclientfaq-j.html#error
Q. 接続中に次のようなメッセージが VPN Client のログに出力されました。
208 15:09:08.619 01/17/08 Sev=Debug/7 CVPND/0x63400015 Value for ini parameter VAEnableAlt is 1. 209 15:09:08.619 01/17/08 Sev=Warning/2 CVPND/0xE3400003 Function RegOpenKey failed with an error code of 0x00000002(WindowsVirtualAdapter:558) 210 15:09:08.619 01/17/08 Sev=Warning/3 CVPND/0xE340000C The Client was unable to enable the Virtual Adapter because it could not open the device.
============================
あと、VPN Client のバージョンがだいぶ古いようですので、切り分けがすんだら新しいバージョンのものにしてみるのといいかもしれません。
お役に立てれば幸いです。よろしくお願いします。
エキスパートの回答、ステップバイステップガイド、最新のトピックなどお気に入りのアイデアを見つけたら、あとで参照できるように保存しましょう。
コミュニティは初めてですか?これらのヒントを活用してスタートしましょう。 コミュニティの活用方法 新メンバーガイド
下記より関連するコンテンツにアクセスできます