I recently changed from Win2k to XP Pro on my laptop. I've been using the VPN client to connect to my companies VPN 3000 through NAT'd firewalls without a problem under Win2k. I installed the latest VPN Client software (3.5.(2)A), made sure ICS and the XP firewall service were stopped and set to manual so they wouldn't start again, but I am unable to make a connection to my concentrator.
I enabled Transparent Tunneling using both UDP and TCP, and got different connection errors each time.
In the connection history I get a message: "Remote peer is no longer responding" and in the IPSec Log I see a warning/2 message: "Exceeded 3 IKE SA negotiation retransmits... peer is not responding"
In the connection history: "Failed to establish a TCP connection."
In the IPSec Log: "Unexpected TCP control packet received from <ADDR DELETED>, src port 10000, dst port 1613, flags 14h"
I know the firewalls I am connecting through are not blocking anything they weren't when the connections were working under Win2k. Not sure what is up. Any thoughts/suggestions would be appreciated.
You might want to reinstall the VPN client just to make sure the Installation went through fine. The main help would b ethe error message appearing on the CVPN300 box itself, for further help for looking into the Configuration a TAC case should be opened.
Hope this helps,
Cisco Systems, Inc.
I have the same errors with a 3.x Client behind a Cisco router running NAT to the Internet. It has to be something to do with the NAT on the router because if I connect the laptop to the Internet via dial-up the exact same config works OK. I could get around MY problem if I could get a LAN to PIX VPN to work with a dynamic IP on the router - any thoughts?!
Go to Configuration->User Management->Groups->(Group Name)->Mode Config and make sure that you have "IPSec over UDP" checked. You will be able to assign the port you wish to assign. You will also need to make sure that your firewall is opened to this port as well.