09-26-2004 10:59 AM - edited 02-21-2020 01:21 PM
Hi,
I am trying to connect to PIX firewall using Cisco VPN Client 4.0.3.
When I try to connect it, after typing user name and password, its
says "
Secure VPN connection is terminated locally by the client
Reason 412: The remote peer is no longer responding."
The portion of a log file is as under:
1 14:49:40.769 09/26/04 Sev=Info/4 CM/0x63100002
Begin connection process
2 14:49:41.029 09/26/04 Sev=Info/4 CVPND/0xE3400001
Microsoft IPSec Policy Agent service stopped successfully
3 14:49:41.029 09/26/04 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
4 14:49:41.099 09/26/04 Sev=Info/4 CM/0x63100024
Attempt connection with server "105.179.139.34"
5 14:49:42.101 09/26/04 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 105.179.139.34.
6 14:49:42.281 09/26/04 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd),
VID(Nat-T), VID(Frag), VID(Unity)) to 105.179.139.34
7 14:49:42.291 09/26/04 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
8 14:49:42.291 09/26/04 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
9 14:49:42.561 09/26/04 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 105.179.139.34
10 14:49:42.561 09/26/04 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity),
The complete log file is attached.
The firewall config is attached.
Please help me to fix whats I am doing wrong.
Thanks alot for your help.
Asif.
09-26-2004 05:15 PM
At the pix, please run a show version and the debug isakmp commands and post the results here. I want to know if your pix code is at the 6.3.3 level and if it supports AES (the show ver will tell me that). The debug isakmp commands will aid in determining why the no proposal chosen appears in the vpn client log file.
09-27-2004 05:46 AM
09-28-2004 04:04 PM
The debug indicates that the phase 1 sa's are established correctly. We need to determine if the error is in IPSec SA (phase 2) or in user authentication. How is the pix configured to authenticate remote access vpn clients? Local db or using an external AAA system?
Please run a debug crypto ipsec the debug aaa authentication commands and post the results here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide