Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
0
Helpful
3
Replies

Cisco VPN client stuck in "Retransmitting last packet!"

Quoc Vinh Ngo
Level 1
Level 1

‎11-08-2017 12:03 AM - edited ‎03-12-2019 04:43 AM

Dear experts,

I have setup a VPN server with ipsec on router 1841. Then everyones can you cisco VPN client to connect! But there only 1 client can't connect! It stuck in Retransmitting last packet!

Can anyone please help. Thanks,

 

I send the log:

 

Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

1 10:17:09.701 11/08/17 Sev=Info/4 PPP/0x63200015
Processing enumerate phone book entries command

2 10:17:09.742 11/08/17 Sev=Info/4 PPP/0x6320000D
Retrieved 6 dial entries

3 10:17:25.065 11/08/17 Sev=Info/4 PPP/0x63200015
Processing enumerate phone book entries command

4 10:17:25.071 11/08/17 Sev=Info/4 PPP/0x6320000D
Retrieved 6 dial entries

5 10:18:31.207 11/08/17 Sev=Info/4 CM/0x63100002
Begin connection process

6 10:18:31.230 11/08/17 Sev=Info/4 CM/0x63100004
Establish secure connection

7 10:18:31.230 11/08/17 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.162.18.107"

8 10:18:31.232 11/08/17 Sev=Info/6 CM/0x6310002F
Allocated local TCP port 49253 for TCP connection.

9 10:18:31.643 11/08/17 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

10 10:18:31.643 11/08/17 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

11 10:18:31.643 11/08/17 Sev=Info/6 IPSEC/0x63700020
TCP SYN sent to 203.162.18.107, src port 49253, dst port 443

12 10:18:31.643 11/08/17 Sev=Info/6 IPSEC/0x6370001C
TCP SYN-ACK received from 203.162.18.107, src port 443, dst port 49253

13 10:18:31.643 11/08/17 Sev=Info/6 IPSEC/0x63700021
TCP ACK sent to 203.162.18.107, src port 49253, dst port 443

14 10:18:31.643 11/08/17 Sev=Info/4 CM/0x63100029
TCP connection established on port 443 with server "203.162.18.107"

15 10:18:32.156 11/08/17 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.162.18.107"

16 10:18:32.159 11/08/17 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 203.162.18.107.

17 10:18:32.180 11/08/17 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation

18 10:18:32.188 11/08/17 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to 203.162.18.107

19 10:18:37.214 11/08/17 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

20 10:18:37.214 11/08/17 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 203.162.18.107

21 10:18:42.284 11/08/17 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

22 10:18:42.284 11/08/17 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 203.162.18.107

23 10:18:47.358 11/08/17 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

24 10:18:47.358 11/08/17 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 203.162.18.107

25 10:18:52.430 11/08/17 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=93323D881949CF30 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

26 10:18:52.942 11/08/17 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=93323D881949CF30 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

27 10:18:52.942 11/08/17 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "203.162.18.107" because of "DEL_REASON_PEER_NOT_RESPONDING"

28 10:18:52.942 11/08/17 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

29 10:18:52.944 11/08/17 Sev=Info/4 CM/0x6310002D
Resetting TCP connection on port 443

30 10:18:52.945 11/08/17 Sev=Info/6 CM/0x63100030
Removed local TCP port 49253 for TCP connection.

31 10:18:52.947 11/08/17 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.

32 10:18:52.947 11/08/17 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

33 10:18:52.951 11/08/17 Sev=Info/6 IPSEC/0x63700023
TCP RST sent to 203.162.18.107, src port 49253, dst port 443

34 10:18:52.951 11/08/17 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

35 10:18:52.951 11/08/17 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

36 10:18:52.951 11/08/17 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

37 10:18:52.951 11/08/17 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

 

Labels:
0 Helpful
3 Replies 3

Bogdan Nita
VIP Alumni
VIP Alumni

‎11-08-2017 02:51 AM

I haven't seen a vpn client in a long time , but the logs you posted are a bit confusing to me.

The vpn client first successfully opens a tcp session on port 443 with the router:

TCP SYN sent to 203.162.18.107, src port 49253, dst port 443
TCP SYN-ACK received from 203.162.18.107, src port 443, dst port 49253
TCP ACK sent to 203.162.18.107, src port 49253, dst port 443

 

Then it is initiating an ipsec tunnel, but does not receive a response:

Starting IKE Phase 1 Negotiation
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to 203.162.18.107

 

Should this be a ssl or a ipsec vpn ?

What are the settings on the vpn client ? Make sure the settings on this client are the same as the functional clients.

Logs on the client side aren't that helpful in this case, I would have a look at the logs or turn on some debugs on the router.

 

0 Helpful

Quoc Vinh Ngo
Level 1
Level 1
In response to Bogdan Nita

‎11-08-2017 11:53 PM

Dear Nita,

I changed the default UDP port to TCP 443! that why you see TCP session on port 443

I don't think there 's problem in Router because all other PCs can connect successfull!

This is IP sec VPN!

I do configuration on all PCs the same.

 

Preview file
27 KB
Preview file
25 KB
0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni
In response to Quoc Vinh Ngo

‎11-09-2017 03:19 AM

The configuration on the router may be functional, but unfortunately there is not a lot of information available in the logs from the client side. So in order to shed some light on the issue I would have a look at the router.

Here are the infos that can be extracted from the client log:

The clients opens a tcp session with the router on port 443 successfully.

The client then tries to initiate the ipsec session, but does get a response.

Because the router does not responds it re-transmits the ipsec initiation packet 3 times, but also does not receive a response.

 

Are the ipsec packets reaching the router ? (If not check internet connection, try to use a internet connection that was proven functional with other users)

If the ipsec packets are reaching the router is the router responding?

No (Why is the router not responding to this particular IPSec? see logs and debugs on the router)

Yes (I would once again check the internet connection)

 

 

0 Helpful
Customers Also Viewed These Support Documents