Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9454
Views
0
Helpful
6
Replies

cisco vpn client reason 412

ulyssystems
Level 1
Level 1

‎03-01-2011 02:13 AM

Before it was working,and now router is not responding

According to wireshark when i try to connect, UDP paccket with source port 1310 is sent to 62515 destination port, and then 4 ISAKMP Aggressive packets from 1311 to 500

Router accepts packet on 500 port (according to permit any log rule.. from 1310 to 62515 seems not to reach the router)

and nothing occurs (debug crypto engine is on)

ACL is off on router and firewall on PC also

Configuration:

aaa authentication login LOGIN local

aaa authorization network VPN_CLIENTS_AUTH local

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto dynamic-map DYNMAP_VPN 100

set transform-set ESP-3DES-SHA

reverse-route

crypto map VPN_MAP client authentication list LOGIN

crypto map VPN_MAP isakmp authorization list VPN_CLIENTS_AUTH

crypto map VPN_MAP client configuration address respond

crypto map VPN_MAP 65535 ipsec-isakmp dynamic DYNMAP_VPN

interface FastEthernet0/0

crypto map VPN_MAP

ip nat outside                                        //  10.5.1.0 is denied to be nated

crypto isakmp client configuration group Ulys

key P@$$

pool REMOTE_VPN_CLIENTS

ip local pool REMOTE_VPN_CLIENTS 10.5.1.10 10.5.1.50

Labels:
0 Helpful
6 Replies 6

ulyssystems
Level 1
Level 1

‎03-01-2011 02:28 AM

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr aes

authentication pre-share

group 2

!

crypto isakmp policy 50

encr 3des

hash md5

authentication pre-share

group 2

0 Helpful

texascertifiedmotors
Level 1
Level 1

‎07-17-2012 12:01 PM

IT Director for Texas Certified Motors

Why all of a sudden does this error occur?

I made no changes to the VPN or router. It has been working great for a good while and now all of sudden it is throwing an error:

Secure VPN Connection terminated locally by the Client.

Reason 412: The remote peer is no longer responding.

Connection terminated on: Jul 17, 2012 13:00:58          Duration: 0 day(s), 00:00.00

There were no modifications/changes to the VPN, why this error now?

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to texascertifiedmotors

‎07-17-2012 12:20 PM

Hi Efrain,

Could you please run the following command on the Router?

debug crypto isakmp

debug crypto ipsec

Try to connect and attach the outputs.

On the other hand, have you tried to connect directly to the Router (I mean, not over the Internet)?

Thanks.

0 Helpful

texascertifiedmotors
Level 1
Level 1
In response to Javier Portuguez

‎07-19-2012 03:06 PM

My router is under warranty at the moment. The awesome Cisco Support Team is handling the problem right now. Whatever the results are going to be posted here to help others in assisting with the same problem.

I have asked the question, during the whole time the VPN has been running flawlessly, as to why all of a sudden this error was thrown?

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to texascertifiedmotors

‎07-25-2012 06:32 AM

Dear Efrain,

I am glad to hear you opened a TAC case.

Please let me know if there is anything I could help you with.

Thanks

0 Helpful

mattkehler
Level 1
Level 1
In response to Javier Portuguez

‎08-29-2012 07:12 AM

To the original poster - did you resolve the issue? We are seeing the same thing. A reboot fixes it (for a week or 2)

0 Helpful
Customers Also Viewed These Support Documents