09-18-2006 07:06 AM - edited 02-21-2020 10:16 AM
Hi
When a remote client tries to establish a VPN session with our Pix firewall (running 6.3), it hangs just after the password prompt with this message (see attached). When I try the same all works fine. I've included the bits of code I think are relevant to their setup.
name 128.51.0.3 ATG-STELPLAN-Svr
name 128.60.4.4 ATG-Irish-EMS-Svr
name 194.201.29.0 LAN-Metalogic
name 192.168.2.0 LAN-Metalogic2
name 128.31.1.78 MultiMetals-New-Svr
name 10.10.253.253 Metalogic_Support_Host
access-list acl_mdc_inside_nat0 permit ip host MultiMetals-New-Svr host Metalogic_Support_Host
access-list acl_mdc_inside_nat0 permit ip host EMS host Metalogic_Support_Host
access-list acl_mdc_inside_nat0 permit ip host ATG-EMS1 host Metalogic_Support_Host
access-list acl_mdc_inside_nat0 permit ip host ATG-STELPLAN-Svr host Metalogic_Support_Host
access-list acl_mdc_inside_nat0 permit ip host ATG-Irish-EMS-Svr host Metalogic_Support_Host
access-list acl_mdc_Metalogic-remote_split_tunnel permit ip object-group Murray_Subnets any
ip local pool Metalogic_Pool Metalogic_Support_Host mask 255.255.255.255
nat (inside) 0 access-list acl_mdc_inside_nat0
vpngroup Metalogic_Support address-pool Metalogic_Pool
vpngroup Metalogic_Support default-domain carnegie-it.com
vpngroup Metalogic_Support split-tunnel acl_mdc_Metalogic-remote_split_tunnel
vpngroup Metalogic_Support idle-time 1800
vpngroup Metalogic_Support password ***
Please help.
Thanks
Rex
Solved! Go to Solution.
09-20-2006 08:53 AM
Well, if they have a firewall Linux the IPSEC won't pass through. Had similar problem and the issue was from the Linux both not passing the IPSEC traffic. I suggested to the other party to try the laptop on the outside zone and everythig worked out.
Therefore, don't worry coz your config is correct.
Let me know if you require further help,
Regards,
09-19-2006 03:01 PM
The above configuration is not complete. Can you post the config with the crypto map and other parts.
The cisco client is not hanging but it is failing to negotiate the security policy.
Thanks,
09-20-2006 12:18 AM
Thanks for the reply. If it was failing to negotiate then would this not be the case for anyone trying to use this VPN group? I've tried the same pcf file/credentials on PC's on other networks and home computers and they work fine. I suspect the firewall on the problem site to be at fault (apparently a Linux box but I dont know any more detail). I've attached the config with sensitive bits removed anyway. Thanks, Rex
09-20-2006 08:53 AM
Well, if they have a firewall Linux the IPSEC won't pass through. Had similar problem and the issue was from the Linux both not passing the IPSEC traffic. I suggested to the other party to try the laptop on the outside zone and everythig worked out.
Therefore, don't worry coz your config is correct.
Let me know if you require further help,
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide