09-24-2010 06:15 AM
Hi,
First of all I have to admit that I'm not very well versed in Cisco gear or IPSEC connections in general so apologies if I'm doing something really obviously stupid, but I have checked through any stuff I could find on the internet about setting up IPSEC VPN.
The setup I have is an asa 5520 firewall (o/s 8.2) which for the moment is connected to a temporary home broadband style internet connection for testing purposes. The netopia router is configured to allow ipsec passthrough and to forward ports UDP 62515, TCP 10000, UDP 4500, UDP 500 to the asa 5520.
I am trying to connein from a laptop with windows firewall turned off and cisco vpn client version 5.0.02.0090.
I have run through the ipsec setup wizard several times trying different options. most of the time nothing comes up in the log to show that a connection has been attempted but there is one way i can set up the options that produces the following on the firewall log:
4|Sep 24 2010|13:54:29|713903|||||Group = VPNtest9, IP = 86.44.x.x, Error: Unable to remove PeerTblEntry
3|Sep 24 2010|13:54:29|713902|||||Group = VPNtest9, IP = 86.44.x.x, Removing peer from peer table failed, no match!
6|Sep 24 2010|13:54:21|713905|||||Group = VPNtest9, IP = 86.44.x.x, P1 Retransmit msg dispatched to AM FSM
5|Sep 24 2010|13:54:21|713201|||||Group = VPNtest9, IP = 86.44.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.
6|Sep 24 2010|13:54:16|713905|||||Group = VPNtest9, IP = 86.44.x.x, P1 Retransmit msg dispatched to AM FSM
5|Sep 24 2010|13:54:16|713201|||||Group = VPNtest9, IP = 86.44.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.
6|Sep 24 2010|13:54:11|713905|||||Group = VPNtest9, IP = 86.44.x.x, P1 Retransmit msg dispatched to AM FSM
5|Sep 24 2010|13:54:11|713201|||||Group = VPNtest9, IP = 86.44.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
6|Sep 24 2010|13:54:06|302015|86.44.x.x|51905|192.168.0.27|500|Built inbound UDP connection 7487 for Internet:86.44.x.x/51905 (86.44.x.x/51905) to identity:192.168.0.27/500 (192.168.0.27/500)
and this in the client log:
Cisco Systems VPN Client Version 5.0.02.0090
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
24 13:54:08.250 09/24/10 Sev=Info/4 CM/0x63100002
Begin connection process
25 13:54:08.265 09/24/10 Sev=Info/4 CM/0x63100004
Establish secure connection
26 13:54:08.265 09/24/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "213.94.x.x"
27 13:54:08.437 09/24/10 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 213.94.x.x.
28 13:54:08.437 09/24/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 213.94.x.x
29 13:54:08.484 09/24/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
30 13:54:08.484 09/24/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
31 13:54:13.484 09/24/10 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
32 13:54:13.484 09/24/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 213.94.x.x
33 13:54:18.484 09/24/10 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
34 13:54:18.484 09/24/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 213.94.x.x
35 13:54:23.484 09/24/10 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
36 13:54:23.484 09/24/10 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 213.94.x.x
37 13:54:28.484 09/24/10 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=36C50ACCE984B0B0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
38 13:54:28.984 09/24/10 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=36C50ACCE984B0B0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
39 13:54:28.984 09/24/10 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "213.94.x.x" because of "DEL_REASON_PEER_NOT_RESPONDING"
40 13:54:28.984 09/24/10 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
41 13:54:28.984 09/24/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
42 13:54:28.984 09/24/10 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
43 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
44 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
45 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
46 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
I have full http connectivity from the internet to a machine on the inside of the asa 5520 so i think the static routing and NAT'ing should be ok, but i'm happy to provide any details.
Can anyone see what i'm doing wrong?
Thanks,
Sam
Solved! Go to Solution.
12-03-2012 09:01 AM
Hello Jennifer
I am having a similar issue running the Cisco VPN clinet behind a Motorola NVG5510. I recieve the
082 12/03/12 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "???.com" because of "DEL_REASON_PEER_NOT_RESPONDING"
082 12/03/12 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "??.com" because of "DEL_REASON_PEER_NOT_RESPONDING"
It fails Phase 1 , have you heard anything allong these lines?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide