Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2523
Views
0
Helpful
5
Replies

Connceting VPN on LAN

Hitesh Thappa
Level 1
Level 1

‎12-28-2010 10:19 PM

am not able to connect to VPN on LAN.  I checked the check box saying  "Allow LAN access" but still i cannot connect.

We need vpn to connect to client n/w even when in office.

vpn connects fine if i use some data card or wifi connetion but if fails when connected to LAN cable

Do i need to change any other setting.

Labels:
0 Helpful
5 Replies 5

manasjai
Cisco Employee
Cisco Employee

‎12-28-2010 11:22 PM

Hi Hitesh,

What I understand is you are having problems connecting to VPN when you connect to the internet using LAN cable. With wi fi or data card it works

Does it prompt you for username and password ?

I would suggest you to take the following outputs and send it over. Lets see what exactly is the problem :

On client

======

On VPN client, go to Log > enable , then log > log settings and set all of them to 3 - high

Now go to the log tab, and copy the output.

On ASA/ PIX/ router

======

We can enable conditional debugs for your PC public IP address :

debug cry condition peer ipv4 (on router)

debug cry condition peer (on ASA /PIX)

debug cry isa 127

debug cry ips 127

The option allow LAN access is not for enabling LAN access on the office n/w. If you check this option, you would be able to access resources in your home n/w, such as printers etc.

Thanks,

manasi!

0 Helpful

Hitesh Thappa
Level 1
Level 1
In response to manasjai

‎12-28-2010 11:58 PM

27     13:20:22.546  12/29/10  Sev=Info/4 CM/0x63100002
Begin connection process

28     13:20:23.437  12/29/10  Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully

29     13:20:23.437  12/29/10  Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

30     13:20:23.437  12/29/10  Sev=Info/4 CM/0x63100024
Attempt connection with server "pln.vpn.eds.com"

31     13:20:23.718  12/29/10  Sev=Info/6 CM/0x6310002F
Allocated local TCP port 3257 for TCP connection.

32     13:20:23.718  12/29/10  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

33     13:20:23.718  12/29/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

34     13:20:23.718  12/29/10  Sev=Info/6 IPSEC/0x6370001F
TCP SYN sent to 192.85.47.151, src port 3257, dst port 10000

35     13:20:28.843  12/29/10  Sev=Info/4 CM/0x6310002A
Unable to establish TCP connection on port 10000 with server "pln.vpn.eds.com"

36     13:20:28.843  12/29/10  Sev=Info/4 CM/0x63100024
Attempt connection with server "192.85.50.151"

37     13:20:28.843  12/29/10  Sev=Info/4 CM/0x6310002D
Resetting TCP connection on port 10000

38     13:20:28.843  12/29/10  Sev=Info/6 IPSEC/0x63700022
TCP RST sent to 192.85.47.151, src port 3257, dst port 10000

39     13:20:28.843  12/29/10  Sev=Info/6 IPSEC/0x6370001F
TCP SYN sent to 192.85.50.151, src port 3257, dst port 10000

40     13:20:33.844  12/29/10  Sev=Info/6 IPSEC/0x6370001F
TCP SYN sent to 192.85.50.151, src port 3257, dst port 10000

41     13:20:39.844  12/29/10  Sev=Info/6 IPSEC/0x6370001F
TCP SYN sent to 192.85.50.151, src port 3257, dst port 10000

42     13:20:44.876  12/29/10  Sev=Info/6 IPSEC/0x6370001F
TCP SYN sent to 192.85.50.151, src port 3257, dst port 10000

43     13:20:48.876  12/29/10  Sev=Info/4 CM/0x6310002A
Unable to establish TCP connection on port 10000 with server "192.85.50.151"

44     13:20:48.876  12/29/10  Sev=Info/4 CM/0x6310000C
All connection attempts with backup server failed

45     13:20:48.876  12/29/10  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

46     13:20:48.876  12/29/10  Sev=Info/4 CM/0x6310002D
Resetting TCP connection on port 10000

47     13:20:48.876  12/29/10  Sev=Info/6 CM/0x63100030
Removed local TCP port 3257 for TCP connection.

48     13:20:48.892  12/29/10  Sev=Info/4 IKE/0x63000086
Microsoft IPSec Policy Agent service started successfully

49     13:20:49.376  12/29/10  Sev=Info/6 IPSEC/0x63700022
TCP RST sent to 192.85.50.151, src port 3257, dst port 10000

50     13:20:49.376  12/29/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

51     13:20:49.376  12/29/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

52     13:20:49.376  12/29/10  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

am not getting any window to enter username/password. i get the error " Secure VPN connection terminated by client Reason 414: failed to establish TCP connection"

aslo, I dont have access to router to try those debug commnads

0 Helpful

manasjai
Cisco Employee
Cisco Employee
In response to Hitesh Thappa

‎12-29-2010 03:41 AM

Hi Hitesh,

Looks like you are trying to connect over TCP and the connection doesn seem to get established. Can you try to make the following changes :

Click on the connection profile and click on modify. Now click on the transport TAB and click on IPSEC over UDP.

Let me know how it goes!!

If it still doesn work, Please send the logs and debugs again.

Thanks,

Manasi

0 Helpful

Hitesh Thappa
Level 1
Level 1
In response to manasjai

‎12-30-2010 08:32 PM

Here you go....

No luck!

But this tim e error has changed to Error:412: connectioned terminated by client.

Logs:

Cisco Systems VPN Client Version 4.0.5 (D)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3

4      09:55:16.334  12/31/10  Sev=Info/4 CM/0x63100002
Begin connection process

5      09:55:17.022  12/31/10  Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully

6      09:55:17.022  12/31/10  Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

7      09:55:17.022  12/31/10  Sev=Info/4 CM/0x63100024
Attempt connection with server "pln.vpn.eds.com"

8      09:55:17.334  12/31/10  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 192.85.47.151.

9      09:55:17.694  12/31/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 192.85.47.151

10     09:55:17.694  12/31/10  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

11     09:55:17.694  12/31/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

12     09:55:22.959  12/31/10  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=2A37BC1A7FB4B798 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

13     09:55:23.459  12/31/10  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=2A37BC1A7FB4B798 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

14     09:55:23.459  12/31/10  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "pln.vpn.eds.com" because of "DEL_REASON_PEER_NOT_RESPONDING"

15     09:55:23.459  12/31/10  Sev=Info/4 CM/0x63100011
Attempt connection with backup server "192.85.50.151"

16     09:55:23.459  12/31/10  Sev=Info/4 CM/0x63100024
Attempt connection with server "192.85.50.151"

17     09:55:23.459  12/31/10  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 192.85.50.151.

18     09:55:23.475  12/31/10  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 192.85.50.151

19     09:55:28.959  12/31/10  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=73BED76877C23218 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

20     09:55:29.459  12/31/10  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=73BED76877C23218 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

21     09:55:29.459  12/31/10  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "192.85.50.151" because of "DEL_REASON_PEER_NOT_RESPONDING"

22     09:55:29.459  12/31/10  Sev=Info/4 CM/0x6310000C
All connection attempts with backup server failed

23     09:55:29.459  12/31/10  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

24     09:55:29.459  12/31/10  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

25     09:55:29.522  12/31/10  Sev=Info/4 IKE/0x63000086
Microsoft IPSec Policy Agent service started successfully

26     09:55:29.959  12/31/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

27     09:55:29.959  12/31/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

28     09:55:29.959  12/31/10  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

29     09:55:29.959  12/31/10  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

0 Helpful

jignesh.darji
Level 1
Level 1

‎12-31-2010 03:02 AM

Hi

In remote access VPN Error 412, comes when remote server is not responding. means your client i tried to communicate,

can you please check your internet connection work properly when you use internet adapter. and also remember if you

are using adapter your firewall configuration should allow vpn traffic. some point you may be help you.

  • If it is wirelessly connected then try to connecting it with cable
  • Turn the installed firewall off. Test the connection to see whether the problem still occurs. If it doesn’t then you can turn your firewall back on, add exception rules for port 500, port 4500 and the ESP protocol in your firewall
  • Turn on NAT-T/TCP in your profile (remember to unblock port 10000 in your firewall or turn the firewall off temporarily)
  • Edit the profile with an editor and change ForceKeepAlive=0 to ForceKeepAlive =1

Try this,

HTH

Jignesh

0 Helpful
Customers Also Viewed These Support Documents