- Cisco Community
- Technology and Support
- Security
- VPN
- Connecting From Cisco Client to work VPN
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2012 04:50 AM
I recently picked up a Billion 7800N home router to replace my old netgear which was dropping signal alot.
I seem to have develpoed a problem accessing my work network through the VPN client. I am able to connect the Cisco VPN client to the network ok but I don't have any access to the server and exchange email. I have tested the client settings on my old Netgear and it is working fine. This points me to the direction of the router....
I don't have any packet filtering on and I have set up profile from my fixed internal home ip to the work ip to allow any protocol and any port.
I have also port forwarded 500, 4500 and 10000UDP to my internal ip adress.
I am a noob when it comes to networking and i'm a little bit lost. I sense this topic falls in the middle ground between the router seup and the client so I appreciate no one my have a definitive answer. I can post a copy of the clients logs if that helps.
I'm hopeful someone will be able to point me in the right direction ....
Thanks
Neil
Solved! Go to Solution.
- Labels:
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2012 02:47 PM
Hi,
It looks like your home network has the same ip range as your work network. I would recommend choosing a new range for your home network which is not identified in the routing table updates in your logs.
Eg: 10.255.255.0/24
Best Regards
Ju
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2012 08:22 AM
yes, pls post a copy of the vpn client logs to see where it's failing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2012 02:39 PM
Hi, Thanks for getting back to me.
I have set the log to high detail as i'm not too sure which parts are needed. Please find the copied log below;
Thanks
Neil
isco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 22:37:43.935 12/10/12 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
2 22:37:43.935 12/10/12 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
3 22:37:43.936 12/10/12 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 22:37:50.386 12/10/12 Sev=Info/4 CM/0x63100002
Begin connection process
2 22:37:50.397 12/10/12 Sev=Info/4 CM/0x63100004
Establish secure connection
3 22:37:50.397 12/10/12 Sev=Info/4 CM/0x63100024
Attempt connection with server "213.137.3.155"
4 22:37:50.403 12/10/12 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 213.137.3.155.
5 22:37:50.406 12/10/12 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
6 22:37:50.410 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 213.137.3.155
7 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
8 22:37:50.502 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 213.137.3.155
9 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
10 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
11 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports DPD
12 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
13 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
14 22:37:50.515 12/10/12 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
15 22:37:50.516 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 213.137.3.155
16 22:37:50.516 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
17 22:37:50.516 12/10/12 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xC87D, Remote Port = 0x1194
18 22:37:50.516 12/10/12 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end IS behind a NAT device
19 22:37:50.517 12/10/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
20 22:37:50.592 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
21 22:37:50.592 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 213.137.3.155
22 22:37:50.593 12/10/12 Sev=Info/4 CM/0x63100015
Launch xAuth application
23 22:37:50.617 12/10/12 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
24 22:37:50.788 12/10/12 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
25 22:37:50.788 12/10/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
26 22:37:58.177 12/10/12 Sev=Info/4 CM/0x63100017
xAuth application returned
27 22:37:58.178 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 213.137.3.155
28 22:37:58.253 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
29 22:37:58.253 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 213.137.3.155
30 22:37:58.253 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 213.137.3.155
31 22:37:58.253 12/10/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
32 22:37:58.256 12/10/12 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
33 22:37:58.256 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 213.137.3.155
34 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
35 22:37:58.332 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 213.137.3.155
36 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.170.5
37 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
38 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.254
39 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
40 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001
41 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
42 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = bbconsulting.local
43 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
44 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.0(5) built by builders on Mon 02-Nov-09 21:22
45 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT: , value = 0x00000001
46 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
47 22:37:58.341 12/10/12 Sev=Info/4 CM/0x63100019
Mode Config data received
48 22:37:58.356 12/10/12 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.170.5, GW IP = 213.137.3.155, Remote IP = 0.0.0.0
49 22:37:58.356 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 213.137.3.155
50 22:37:58.396 12/10/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
51 22:37:58.441 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
52 22:37:58.441 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 213.137.3.155
53 22:37:58.441 12/10/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
54 22:37:58.441 12/10/12 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 8 seconds, setting expiry to 86392 seconds from now
55 22:37:58.445 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
56 22:37:58.446 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 213.137.3.155
57 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
58 22:37:58.446 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 213.137.3.155
59 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=D9CB23FC OUTBOUND SPI = 0xEC03BF7F INBOUND SPI = 0x1256B5A4)
60 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xEC03BF7F
61 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x1256B5A4
62 22:37:58.457 12/10/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.201 192.168.1.201 281
192.168.1.201 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.255 255.255.255.255 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.201 192.168.1.201 281
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.201 192.168.1.201 281
63 22:37:58.770 12/10/12 Sev=Info/6 CVPND/0x63400001
Launch VAInst64 to control IPSec Virtual Adapter
64 22:37:59.125 12/10/12 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.170.5/255.255.255.0
DNS=192.168.1.254,0.0.0.0
WINS=0.0.0.0,0.0.0.0
Domain=bbconsulting.local
Split DNS Names=
65 22:37:59.137 12/10/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.201 192.168.1.201 281
192.168.1.201 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.255 255.255.255.255 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 276
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.201 192.168.1.201 281
255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 276
66 22:38:03.174 12/10/12 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
67 22:38:03.176 12/10/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.201 192.168.1.201 281
192.168.1.0 255.255.255.0 192.168.170.1 192.168.170.5 100
192.168.1.201 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.201 255.255.255.255 192.168.170.1 192.168.170.5 281
192.168.1.254 255.255.255.255 192.168.1.201 192.168.1.201 100
192.168.1.255 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.255 255.255.255.255 192.168.170.1 192.168.170.5 281
192.168.170.0 255.255.255.0 192.168.170.5 192.168.170.5 276
192.168.170.5 255.255.255.255 192.168.170.5 192.168.170.5 276
192.168.170.255 255.255.255.255 192.168.170.5 192.168.170.5 276
213.137.3.155 255.255.255.255 192.168.1.254 192.168.1.201 100
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 192.168.170.5 192.168.170.5 276
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.201 192.168.1.201 281
255.255.255.255 255.255.255.255 192.168.170.5 192.168.170.5 276
68 22:38:03.176 12/10/12 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
69 22:38:03.183 12/10/12 Sev=Info/4 CM/0x6310001A
One secure connection established
70 22:38:03.190 12/10/12 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.1.201. Current hostname: NEIL-XPS, Current address(es): 192.168.170.5, 192.168.1.201.
71 22:38:03.190 12/10/12 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.170.5. Current hostname: NEIL-XPS, Current address(es): 192.168.170.5, 192.168.1.201.
72 22:38:03.190 12/10/12 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
73 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
74 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x7fbf03ec into key list
75 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
76 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xa4b55612 into key list
77 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.170.5
78 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 192.168.1.201. SG: 213.137.3.155
79 22:38:03.191 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
80 22:38:08.542 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 213.137.3.155
81 22:38:08.543 12/10/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 213.137.3.155, our seq# = 1815102037
82 22:38:08.630 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
83 22:38:08.630 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 213.137.3.155
84 22:38:08.630 12/10/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 213.137.3.155, seq# received = 1815102037, seq# expected = 1815102037
85 22:38:13.610 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
86 22:38:19.206 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 213.137.3.155
87 22:38:19.206 12/10/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 213.137.3.155, our seq# = 1815102038
88 22:38:19.277 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
89 22:38:19.277 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 213.137.3.155
90 22:38:19.277 12/10/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 213.137.3.155, seq# received = 1815102038, seq# expected = 1815102038
91 22:38:23.794 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
isco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 22:37:43.935 12/10/12 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
2 22:37:43.935 12/10/12 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
3 22:37:43.936 12/10/12 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 22:37:50.386 12/10/12 Sev=Info/4 CM/0x63100002
Begin connection process
2 22:37:50.397 12/10/12 Sev=Info/4 CM/0x63100004
Establish secure connection
3 22:37:50.397 12/10/12 Sev=Info/4 CM/0x63100024
Attempt connection with server "213.137.3.155"
4 22:37:50.403 12/10/12 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 213.137.3.155.
5 22:37:50.406 12/10/12 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
6 22:37:50.410 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 213.137.3.155
7 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
8 22:37:50.502 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 213.137.3.155
9 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
10 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
11 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports DPD
12 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
13 22:37:50.502 12/10/12 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
14 22:37:50.515 12/10/12 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
15 22:37:50.516 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 213.137.3.155
16 22:37:50.516 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
17 22:37:50.516 12/10/12 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xC87D, Remote Port = 0x1194
18 22:37:50.516 12/10/12 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end IS behind a NAT device
19 22:37:50.517 12/10/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
20 22:37:50.592 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
21 22:37:50.592 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 213.137.3.155
22 22:37:50.593 12/10/12 Sev=Info/4 CM/0x63100015
Launch xAuth application
23 22:37:50.617 12/10/12 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
24 22:37:50.788 12/10/12 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
25 22:37:50.788 12/10/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
26 22:37:58.177 12/10/12 Sev=Info/4 CM/0x63100017
xAuth application returned
27 22:37:58.178 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 213.137.3.155
28 22:37:58.253 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
29 22:37:58.253 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 213.137.3.155
30 22:37:58.253 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 213.137.3.155
31 22:37:58.253 12/10/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
32 22:37:58.256 12/10/12 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
33 22:37:58.256 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 213.137.3.155
34 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
35 22:37:58.332 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 213.137.3.155
36 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.170.5
37 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
38 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.254
39 22:37:58.332 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
40 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001
41 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.1.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
42 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = bbconsulting.local
43 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
44 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.0(5) built by builders on Mon 02-Nov-09 21:22
45 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT: , value = 0x00000001
46 22:37:58.333 12/10/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
47 22:37:58.341 12/10/12 Sev=Info/4 CM/0x63100019
Mode Config data received
48 22:37:58.356 12/10/12 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.170.5, GW IP = 213.137.3.155, Remote IP = 0.0.0.0
49 22:37:58.356 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 213.137.3.155
50 22:37:58.396 12/10/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
51 22:37:58.441 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
52 22:37:58.441 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 213.137.3.155
53 22:37:58.441 12/10/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
54 22:37:58.441 12/10/12 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 8 seconds, setting expiry to 86392 seconds from now
55 22:37:58.445 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
56 22:37:58.446 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 213.137.3.155
57 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
58 22:37:58.446 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 213.137.3.155
59 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=D9CB23FC OUTBOUND SPI = 0xEC03BF7F INBOUND SPI = 0x1256B5A4)
60 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xEC03BF7F
61 22:37:58.446 12/10/12 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x1256B5A4
62 22:37:58.457 12/10/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.201 192.168.1.201 281
192.168.1.201 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.255 255.255.255.255 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.201 192.168.1.201 281
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.201 192.168.1.201 281
63 22:37:58.770 12/10/12 Sev=Info/6 CVPND/0x63400001
Launch VAInst64 to control IPSec Virtual Adapter
64 22:37:59.125 12/10/12 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.170.5/255.255.255.0
DNS=192.168.1.254,0.0.0.0
WINS=0.0.0.0,0.0.0.0
Domain=bbconsulting.local
Split DNS Names=
65 22:37:59.137 12/10/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.201 192.168.1.201 281
192.168.1.201 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.255 255.255.255.255 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 276
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.201 192.168.1.201 281
255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 276
66 22:38:03.174 12/10/12 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
67 22:38:03.176 12/10/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.201 192.168.1.201 281
192.168.1.0 255.255.255.0 192.168.170.1 192.168.170.5 100
192.168.1.201 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.201 255.255.255.255 192.168.170.1 192.168.170.5 281
192.168.1.254 255.255.255.255 192.168.1.201 192.168.1.201 100
192.168.1.255 255.255.255.255 192.168.1.201 192.168.1.201 281
192.168.1.255 255.255.255.255 192.168.170.1 192.168.170.5 281
192.168.170.0 255.255.255.0 192.168.170.5 192.168.170.5 276
192.168.170.5 255.255.255.255 192.168.170.5 192.168.170.5 276
192.168.170.255 255.255.255.255 192.168.170.5 192.168.170.5 276
213.137.3.155 255.255.255.255 192.168.1.254 192.168.1.201 100
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.201 192.168.1.201 281
224.0.0.0 240.0.0.0 192.168.170.5 192.168.170.5 276
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.201 192.168.1.201 281
255.255.255.255 255.255.255.255 192.168.170.5 192.168.170.5 276
68 22:38:03.176 12/10/12 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
69 22:38:03.183 12/10/12 Sev=Info/4 CM/0x6310001A
One secure connection established
70 22:38:03.190 12/10/12 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.1.201. Current hostname: NEIL-XPS, Current address(es): 192.168.170.5, 192.168.1.201.
71 22:38:03.190 12/10/12 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.170.5. Current hostname: NEIL-XPS, Current address(es): 192.168.170.5, 192.168.1.201.
72 22:38:03.190 12/10/12 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
73 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
74 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x7fbf03ec into key list
75 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
76 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xa4b55612 into key list
77 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.170.5
78 22:38:03.190 12/10/12 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 192.168.1.201. SG: 213.137.3.155
79 22:38:03.191 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
80 22:38:08.542 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 213.137.3.155
81 22:38:08.543 12/10/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 213.137.3.155, our seq# = 1815102037
82 22:38:08.630 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
83 22:38:08.630 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 213.137.3.155
84 22:38:08.630 12/10/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 213.137.3.155, seq# received = 1815102037, seq# expected = 1815102037
85 22:38:13.610 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
86 22:38:19.206 12/10/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 213.137.3.155
87 22:38:19.206 12/10/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 213.137.3.155, our seq# = 1815102038
88 22:38:19.277 12/10/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 213.137.3.155
89 22:38:19.277 12/10/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 213.137.3.155
90 22:38:19.277 12/10/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 213.137.3.155, seq# received = 1815102038, seq# expected = 1815102038
91 22:38:23.794 12/10/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2012 02:47 PM
Hi,
It looks like your home network has the same ip range as your work network. I would recommend choosing a new range for your home network which is not identified in the routing table updates in your logs.
Eg: 10.255.255.0/24
Best Regards
Ju
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2012 11:48 AM
Thank you very much that works a treat!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide