11-12-2005 07:03 AM
Yesturday, my office changed ISP's for the office network. With both ISP's we have a static IP. After the change, I updated our Pix 501 with the new IP/Gateway/Netmask etc.
Everything works with our new ISP (NAT, inbound and outbound rules) except for incoming VPN connections. We are using the Cisco VPN client version 4.0.5.
When we try to connect, there are several errors in the client's log, including:
113 09:58:28.859 11/12/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from 68.191.235.75
114 09:58:28.859 11/12/05 Sev=Warning/3 IKE/0xA300004B
Received a NOTIFY message with an invalid protocol id (0)
122 09:58:48.984 11/12/05 Sev=Info/4 IKE/0x6300002D
Phase-2 retransmission count exceeded: MsgID=7B547781
127 09:59:18.984 11/12/05 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=9E21D7B4888AE395 R_Cookie=BCEB70FBDCF2CE50) reason = DEL_REASON_PEER_NOT_RESPONDING
There is nothing in the Pix PDM log. We have been successfully connecting to this firewall VPN for three months prior. Again, the only configuration change was the ISP info.
Attempting to crrect the problem, we have tried CLEAR XLATE, power cycling the PIX, and creating a new VPN account.
Any input on this would be appreciated.
11-12-2005 07:15 AM
although it's very unusual, however you may need to verify with the new isp as the isp may have restriction on the vpn traffic.
11-12-2005 01:54 PM
11-12-2005 02:52 PM
couple things you may try. firstly, try applying "isakmp identity address" on the pix.
further, it is not recommended to overlap the vpn client pool and the pix inside net.
11-12-2005 03:00 PM
Problem Solved: Oddly enough, a second power-cycle of the firewall cleared up the problem.
Thanks for the help!
11-12-2005 03:03 PM
i thought v6.3.4 is very stable. anyhow, it's good to learn that your issue has been resolved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide