Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
7
Replies

New Config

Go to solution
dianewalker
Level 1
Level 1

‎01-28-2011 01:15 PM

I am running IOS 8.2 (4) on ASA 5540.  I am setting up a new config and am using Cisco VPN client.   For some reason, when I double-click on Cisco VPN client, I got the error message "Secure VPN connection terminated locally by the client.  Reason 412:  The remote peer is no longer responding".  I verified that the group name and group password are setup correctly on Cisco VPN client and ASA.  Do you have any suggestions on how to fix this problem?

Thanks.

Diane

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dianewalker

‎01-31-2011 05:26 PM

Diane,

You could have the same configuration you had with a minor change (note the subnet mask on the IP address below):

interface GigabitEthernet0/0
speed 100
duplex full
nameif Outside
security-level 0
ip address 66.102.7.18 255.255.255.224
!
interface GigabitEthernet0/1
speed 100
duplex full
nameif Inside
security-level 100
ip address 66.102.7.35 255.255.255.224

Federico.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎01-28-2011 01:20 PM

Hi Diane,

The problem could be many things.

For example if you don't have connectivity between the client and the ASA to establish the tunnel, you will get that error.

If some negotiation failed on phase 1 or phase 2 you will also get that error.

I would suggest to start the following:

- Post a copy of the configuration (without sensitive information)

- Make sure you can PING the outside IP of the ASA (IP used to connect the VPN client) from the VPN client itself.

Federico.

0 Helpful

Go to solution
dianewalker
Level 1
Level 1
In response to Federico Coto Fajardo

‎01-31-2011 01:33 PM

Sorry for the late reply.  We had several production problems.  Attached is the config.

From the workstation, I was not able to ping to the outside interface 66.102.7.18.  However, from the ASA, I was able to ping the inside and outside interfaces and the inside network.  I also verified that the group name and group password are typed correctly at the VPN client.

Please let me know if you need anything else.

Thanks very much.

Diane

79601-ciscoasa.txt.zip
0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dianewalker

‎01-31-2011 01:39 PM

Diane,

You said that from the VPN client you cannot PING the outside IP of the ASA?

In order to check if the VPN packets are arriving at the ASA and to check why the connection is failing do the following

On the ASA:

debug cry isa 127

debug cry ipsec 127

ter mon

Then, try to connect from the VPN client and collect the output of the above debug messages.

Federico.

0 Helpful

Go to solution
dianewalker
Level 1
Level 1
In response to Federico Coto Fajardo

‎01-31-2011 02:16 PM

From the VPN client, I am not able to ping the outside interface of the ASA.

I typed those debug commands on the ASA and tried to connect to Cisco VPN client.  No debug messages showed up on the ASA.

 

Thanks.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dianewalker

‎01-31-2011 02:32 PM

Diane,

This is incorrect...

interface GigabitEthernet0/0
speed 100
duplex full
nameif Outside
security-level 0
ip address 66.102.7.18 255.255.255.0
!
interface GigabitEthernet0/1
speed 100
duplex full
nameif Inside
security-level 100
ip address 66.102.7.35 255.255.255.0

You have the same IP range on both outside and inside. You need to correct that.

Do you have Internet access from the ASA itself?

Log in to the ASA and PING 4.2.2.2

I think the ASA is not reachable via the Internet an not a single packet is getting to it.

Federico.

0 Helpful

Go to solution
dianewalker
Level 1
Level 1
In response to Federico Coto Fajardo

‎01-31-2011 02:57 PM

You are correct.  I am not able to get out to the internet from the ASA.  I was not able to ping 4.2.2.2 from the ASA.

Thanks for finding out my problem.  But, I don't know how to fix this problem.  My network is 66.102.7.0/24 with 8 subnets.  Each subnet has 30 hosts.

Subnet address        Hosts from           Hosts to              Broadcast Address

66.102.7.0                66.102.7.1           66.102.7.30         66.102.7.31

66.102.7.32              66.102.7.33         66.102.7.62          66.102.7.63

66.102.7.64              66.102.7.65         66.102.7.94          66.102.7.95

66.102.7.96              66.102.7.97         66.102.7.126        66.102.7.127

66.102.7.128            66.102.7.129       66.102.7.158         66.102.7.159

66.102.7.160            66.102.7.161       66.102.7.190         66.102.7.191

66.102.7.192            66.102.7.193       66.102.7.222         66.102.7.223

66.102.7.224            66.102.7.225       66.102.7.254         66.102.7.255

Let me know what you see wrong that I do not see.  Thanks.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dianewalker

‎01-31-2011 05:26 PM

Diane,

You could have the same configuration you had with a minor change (note the subnet mask on the IP address below):

interface GigabitEthernet0/0
speed 100
duplex full
nameif Outside
security-level 0
ip address 66.102.7.18 255.255.255.224
!
interface GigabitEthernet0/1
speed 100
duplex full
nameif Inside
security-level 100
ip address 66.102.7.35 255.255.255.224

Federico.

0 Helpful
Customers Also Viewed These Support Documents