Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
0
Replies

Cisco VPN client not connecting to another company's network

Humongous
Beginner
Beginner

‎07-07-2014 08:53 AM

Both sites are using ASA's.  I can connect if I am outside our LAN.  Log from the Cisco VPN Client:

 

Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
 
1      11:07:38.938  07/07/14  Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
 
2      11:07:38.938  07/07/14  Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
 
3      11:07:38.944  07/07/14  Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
 
4      11:07:38.944  07/07/14  Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
 
5      11:07:38.950  07/07/14  Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
 
6      11:07:38.951  07/07/14  Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
 
7      11:07:38.953  07/07/14  Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
 
8      11:07:42.249  07/07/14  Sev=Info/4 CM/0x63100002
Begin connection process
 
9      11:07:42.266  07/07/14  Sev=Info/4 CM/0x63100004
Establish secure connection
 
10     11:07:42.266  07/07/14  Sev=Info/4 CM/0x63100024
Attempt connection with server "RochesterVPN.XXX.XXX"
 
11     11:07:42.325  07/07/14  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 161.242.XXX.XXX.
 
12     11:07:42.331  07/07/14  Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
 
13     11:07:42.335  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 161.242.XXX.XXX
 
14     11:07:42.343  07/07/14  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
 
15     11:07:42.344  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
16     11:07:42.344  07/07/14  Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (172.30.235.172)
 
17     11:07:47.406  07/07/14  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
 
18     11:07:47.406  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 161.242.XXX.XXX
 
19     11:07:52.507  07/07/14  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
 
20     11:07:52.507  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 161.242.XXX.XXX
 
21     11:07:57.586  07/07/14  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
 
22     11:07:57.586  07/07/14  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 161.242.XXX.XXX
 
23     11:08:02.647  07/07/14  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=75D8C6A8CBF683AD R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
 
24     11:08:03.161  07/07/14  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=75D8C6A8CBF683AD R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
 
25     11:08:03.161  07/07/14  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "RochesterVPN.XXX.XXX" because of "DEL_REASON_PEER_NOT_RESPONDING"
 
26     11:08:03.161  07/07/14  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
 
27     11:08:03.208  07/07/14  Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
 
28     11:08:03.209  07/07/14  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
 
29     11:08:04.229  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
30     11:08:04.229  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
31     11:08:04.230  07/07/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
32     11:08:04.230  07/07/14  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
 

Partial ASA config:

class-map ipsecpassthru-traffic
 match access-list ipsecpassthru
class-map inspection_default
 match default-inspection-traffic
class-map mss-class
 match access-list mss-list
class-map http-map1
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map type inspect ipsec-pass-thru iptmap
 parameters
  esp 
  ah 
policy-map inspection_policy
 class ipsecpassthru-traffic
  inspect ipsec-pass-thru iptmap 
policy-map global_policy
 class http-map1
  set connection advanced-options mss-map
 class inspection_default
  inspect pptp 
  inspect ftp 
  inspect ip-options 
  inspect ipsec-pass-thru 
 class class-default
policy-map type inspect esmtp esmtp_map
 parameters
  allow-tls action log
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map mss-class
 class mss-class
  set connection advanced-options mss-map
  inspect ipsec-pass-thru iptmap 
policy-map type inspect ftp Test
 parameters

 

Let me know what else you need.  TIA!!!

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents