03-01-2011 02:13 AM
Before it was working,and now router is not responding
According to wireshark when i try to connect, UDP paccket with source port 1310 is sent to 62515 destination port, and then 4 ISAKMP Aggressive packets from 1311 to 500
Router accepts packet on 500 port (according to permit any log rule.. from 1310 to 62515 seems not to reach the router)
and nothing occurs (debug crypto engine is on)
ACL is off on router and firewall on PC also
Configuration:
aaa authentication login LOGIN local
aaa authorization network VPN_CLIENTS_AUTH local
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYNMAP_VPN 100
set transform-set ESP-3DES-SHA
reverse-route
crypto map VPN_MAP client authentication list LOGIN
crypto map VPN_MAP isakmp authorization list VPN_CLIENTS_AUTH
crypto map VPN_MAP client configuration address respond
crypto map VPN_MAP 65535 ipsec-isakmp dynamic DYNMAP_VPN
interface FastEthernet0/0
crypto map VPN_MAP
ip nat outside // 10.5.1.0 is denied to be nated
crypto isakmp client configuration group Ulys
key P@$$
pool REMOTE_VPN_CLIENTS
ip local pool REMOTE_VPN_CLIENTS 10.5.1.10 10.5.1.50
03-01-2011 02:28 AM
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 50
encr 3des
hash md5
authentication pre-share
group 2
07-17-2012 12:01 PM
IT Director for Texas Certified Motors
Why all of a sudden does this error occur?
I made no changes to the VPN or router. It has been working great for a good while and now all of sudden it is throwing an error:
Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.
Connection terminated on: Jul 17, 2012 13:00:58 Duration: 0 day(s), 00:00.00
There were no modifications/changes to the VPN, why this error now?
07-17-2012 12:20 PM
Hi Efrain,
Could you please run the following command on the Router?
debug crypto isakmp
debug crypto ipsec
Try to connect and attach the outputs.
On the other hand, have you tried to connect directly to the Router (I mean, not over the Internet)?
Thanks.
07-19-2012 03:06 PM
My router is under warranty at the moment. The awesome Cisco Support Team is handling the problem right now. Whatever the results are going to be posted here to help others in assisting with the same problem.
I have asked the question, during the whole time the VPN has been running flawlessly, as to why all of a sudden this error was thrown?
07-25-2012 06:32 AM
Dear Efrain,
I am glad to hear you opened a TAC case.
Please let me know if there is anything I could help you with.
Thanks
08-29-2012 07:12 AM
To the original poster - did you resolve the issue? We are seeing the same thing. A reboot fixes it (for a week or 2)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide