cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2157
Views
0
Helpful
1
Replies

Intermittent VPN connection problems

slee
Level 1
Level 1

Hello, right off the bat I should let you guys know that I'm not much of a networking person, I'm more of on the systems side.  However, since the network admin is on vacation and the IT manager is off as well, I'm stuck with this issue. 

We have a Cisco ASA 5520, with VPN configured.  This VPN has been up for a while, at least a year since I've started working here, and haven't experienced any problems so far.  However, sometime between 5:30 pm last night and 8 AM this morning, something must have changed, because people are experiencing connection problems.  We have the VPN configured with IPSec and L2TP/IPSec enabled, authentication with our RADIUS server, and using a DHCP server.  The configuration looks correct, I verified it with the manuals you can find on the cisco site.  When I attempt to connect to the VPN, I see this in the real-time log viewer:

6Apr 04 201217:03:51734001



DAP: User slee, Addr xxx.xxx.xxx.xxx, Connection IPSec: The following DAP records were selected for this connection: DfltAccessPolicy

5Apr 04 201217:03:52713130



Group = GST_NEW, Username = slee, IP = xxx.xxx.xxx.xxx, Received unsupported transaction mode attribute: 5

6Apr 04 201217:03:52713184



Group = GST_NEW, Username = slee, IP = xxx.xxx.xxx.xxx, Client Type: WinNT  Client Application Version: 5.0.06.0160

5Apr 04 201217:03:57713201



Group = GST_NEW, Username = slee, IP = xxx.xxx.xxx.xxx, Duplicate Phase 2 packet detected.  No last packet to retransmit.
5Apr 04 201217:04:02713201



Group = GST_NEW, Username = slee, IP = xxx.xxx.xxx.xxx, Duplicate Phase 2 packet detected.  No last packet to retransmit.

3Apr 04 201217:04:04713132



Group = GST_NEW, Username = slee, IP = xxx.xxx.xxx.xxx, Cannot obtain an IP address for remote peer

We have DHCP set to the xxx.xxx.xxx.10 - xxx.xxx.xxx.199 scope, and occasionally one or two people are able to connect, but then they get disconnected intermittently as well.  I am completely unable to connect, with the VPN client log as follows:

1034   17:49:30.825  04/04/12  Sev=Info/4          CM/0x63100002

Begin connection process

1035   17:49:30.830  04/04/12  Sev=Info/4          CM/0x63100004

Establish secure connection

1036   17:49:30.830  04/04/12  Sev=Info/4          CM/0x63100024

Attempt connection with server "xxx.xxx.xxx.xxx"

1037   17:49:30.835  04/04/12  Sev=Info/6          IKE/0x6300003B

Attempting to establish a connection with xxx.xxx.xxx.xxx.

1038   17:49:30.839  04/04/12  Sev=Info/4          IKE/0x63000001

Starting IKE Phase 1 Negotiation

1039   17:49:30.844  04/04/12  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to xxx.xxx.xxx.xxx

1040   17:49:35.848  04/04/12  Sev=Info/4          IKE/0x63000021

Retransmitting last packet!

1041   17:49:35.848  04/04/12  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to xxx.xxx.xxx.xxx

1042   17:49:40.918  04/04/12  Sev=Info/4          IKE/0x63000021

Retransmitting last packet!

1043   17:49:40.918  04/04/12  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to xxx.xxx.xxx.xxx

1044   17:49:45.988  04/04/12  Sev=Info/4          IKE/0x63000021

Retransmitting last packet!

1045   17:49:45.988  04/04/12  Sev=Info/4          IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to xxx.xxx.xxx.xxx

1046   17:49:51.058  04/04/12  Sev=Info/4          IKE/0x63000017

Marking IKE SA for deletion  (I_Cookie=2AB90BEA7FD60E73 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

1047   17:49:51.572  04/04/12  Sev=Info/4          IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=2AB90BEA7FD60E73 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

1048   17:49:51.572  04/04/12  Sev=Info/4          CM/0x63100014

Unable to establish Phase 1 SA with server "xxx.xxx.xxx.xxx" because of "DEL_REASON_PEER_NOT_RESPONDING"

1049   17:49:51.572  04/04/12  Sev=Info/5          CM/0x63100025

Initializing CVPNDrv

1050   17:49:51.584  04/04/12  Sev=Info/6          CM/0x63100046

Set tunnel established flag in registry to 0.

1051   17:49:51.584  04/04/12  Sev=Info/4          IKE/0x63000001

IKE received signal to terminate VPN connection

Does anybody have any idea where the issue is?  Trying to narrow it down is driving me crazy...are there any other logs that I should upload?  Thanks so much!

EDIT:

Also, I should note that in this case it did not even get to the point where it asks me for domain credentials, but sometimes it will get that far, but to the same result.

1 Reply 1

slee
Level 1
Level 1

I was able to find the resolution, as it turns out somehow our DHCP database got corrupted, so after replacing the dhcp.mdb file with a backup (we use Windows Server 2003) we're good to go.