Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3574
Views
0
Helpful
6
Replies

SA 520W QuickVPN Configuration Issue

logicspectrum
Level 1
Level 1

‎12-26-2009 12:33 PM

Hi,

From what I researched so far the QuickVPN setup with my SA 520W should be quite simple. I need to add the users under the VPN\IPSec\IPSec Users. Then after this is done simply startup my QuickVPN and enter the vpn.whatevermycompanynameis.com and is should connect right? I almost belived it would be that simple.

Here is what happens in reality though. I have created the users for the IPSec and I have nothing in the VPN Policies and IKE policies (Since I read that those are not applicable for the QuickVPN setup). In my client machine I have Windows XP SP3 with the Firewall off (I tried on and off and then IPSec Services restarts etc. but same result).

When I start the QuickVPN and enter the credentials it tells me that the server certificate does not exists ... I say ok go on ... then it says Connecting ... then Activating Policy ... then Verifing Network ... and it dies here ... the end message is "The remote gateway is not responding. Do you want to wait?".

PLEASE advise.

Your help will be greatly appreciated.

Thanks.

Labels:
0 Helpful
6 Replies 6

logicspectrum
Level 1
Level 1

‎12-26-2009 12:50 PM

I got some more info from the log.txt file under the QuickVPN folder:

2009/12/26 15:44:33 [WARNING]Server's certificate doesn't exist on your local computer.

2009/12/26 15:44:35 [STATUS]Remote gateway was reached by https ...

2009/12/26 15:44:35 [STATUS]Provisioning...

2009/12/26 15:44:41 [STATUS]Tunnel is configured. Ping test is about to start.

2009/12/26 15:44:41 [STATUS]Verifying Network...

2009/12/26 15:44:45 [WARNING]Failed to ping the LAN IP of the remote VPN Router!

2009/12/26 15:44:46 [WARNING]Failed to ping the LAN IP of the remote VPN Router!

2009/12/26 15:44:47 [WARNING]Failed to ping the LAN IP of the remote VPN Router!

2009/12/26 15:44:48 [WARNING]Failed to ping the LAN IP of the remote VPN Router!

2009/12/26 15:44:49 [WARNING]Failed to ping the LAN IP of the remote VPN Router!

2009/12/26 15:44:49 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

0 Helpful

Alejandro Gallego
Cisco Employee
Cisco Employee
In response to logicspectrum

‎12-26-2009 08:12 PM

In your SA, go to firewall and allow WAN requests. That will allow the router to respond with an echo and should correct the problem. If it still does not connect, enable logging on the SA and try the connection again so we can capture what the SA is sending and what it is receiving.

0 Helpful

kevin0neill
Level 1
Level 1

‎12-30-2009 08:52 AM

I have the same problem. Allowing the WAN interface to respond to ping does not fix the problem.

0 Helpful

wichilds
Level 4
Level 4
In response to kevin0neill

‎12-31-2009 01:31 AM

Kevin,

There could be a host of reasons why your tunnel does not connect. It could be as simple as a firewall on your pc that is blocking ping messages, or it could be that the ISP on your SA's side is blocking some ports.

This is best resolved by calling the Small Business Support Center in your area. You can find the number here:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Bill

0 Helpful

Alejandro Gallego
Cisco Employee
Cisco Employee
In response to kevin0neill

‎01-09-2010 10:19 PM

Can you let us know if you are connecting using the "Auto" feature or specifying 443, 60443?

Also you stated earlier that your firewall was off on your XP box, if you did this via the GUI, you would want to go ahead and "Stop" the service instead. Not sure why this makes a difference but it does. Another "cleaner" option is to make sure that QVPN is listed in the firewall "Allowed" programs. If you are able to post any logs from the SA, they can be extremely helpful.

0 Helpful

jmgasser
Level 1
Level 1
In response to Alejandro Gallego

‎01-16-2010 06:58 AM

I've been working on a similar problem with the same log file messages you posted and found a solution that worked for me.  I'm using QVPN with RVS4000 router and was having a challenge to have 2 different Win XP machines connecting.

First - Make sure the Windows Firewall is on.

Second - Allow WAN requests on your router

After I made those changes, one XP machine would connect and the second would not. What I found was the different XP versions (HOME and PRO) made a difference. The XP Pro SP3 machine connect like a champ.

What I found was XP Home IPSEC services were Disabled. to enable IPSEC services. Go to Start --> Control Panel --> Admin Tools --> Servics and look for IPSEC services.

Make sure IPSec Services are configure to "Start up" automatic and the service is started. Once I had that runing, the XP Home SP3 connected with QVPN.

Hope that works for you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents