09-24-2002 05:37 AM - edited 02-21-2020 12:04 PM
We're using a Cisco VPN 3000 series Concentrator and the Cisco VPN Client (both running v3.6.1).
Connecting to the internet via Dial-Up a(ISDN) and then setting-up a VPN works fine.
However, when connecting to the internet via ADSL and then setting-up a VPN does time-out with a "Remote peer is no longer responding".
Hereby the the log from the concentrator.
(I've replaced our ADSL-connections's IP-address with x.x.x.x for security-reasons)
1981 09/24/2002 14:26:20.280 SEV=4 IKE/52 RPT=22 x.x.x.x
Group [TestGroup] User [testuser]
User (testuser) authenticated.
1982 09/24/2002 14:26:20.440 SEV=5 IKE/184 RPT=22 x.x.x.x
Group [TestGroup] User [testuser]
Client OS: WinNT
Client Application Version: 3.6.1 (Rel)
1984 09/24/2002 14:26:52.440 SEV=4 IKEDBG/65 RPT=21 x.x.x.x
Group [TestGroup] User [testuser]
IKE TM V6 FSM error history (struct &0x1c718e4)
<state>, <event>:
TM_DONE, EV_ERROR
TM_WAIT_QM_MSG, EV_TIMEOUT
TM_WAIT_QM_MSG, NullEvent
TM_SND_REPLY, EV_SND_MSG
1989 09/24/2002 14:26:52.440 SEV=4 IKEDBG/65 RPT=22 x.x.x.x
Group [TestGroup] User [testuser]
IKE AM Responder FSM error history (struct &0x1ead230)
<state>, <event>:
AM_DONE, EV_ERROR
AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL
AM_TM_INIT_MODECFG_V6H, NullEvent
AM_TM_INIT_MODECFG, EV_WAIT
1995 09/24/2002 14:26:52.440 SEV=5 IP/43 RPT=21
Deleting TCP entry for device x.x.x.x on port 2796
09-24-2002 07:48 AM
Please specify the number of VPN tunnels you are having over any link at a given time. ALso ADSL has different speeds for upstream / downstream traffic. This could be an issue, if the number of tunnels are more.
09-24-2002 11:19 PM
I'm not sure if I understand you correctly.
In this test setup user "testuser" is the only user setting up a VPN-connection.
I was under the impression that it had something to do with the new 3.6.1 release for both Concentrator and VPN Client.
The same setup worked some time ago with the 3.5.x releases. Only difference then, was that we were using an ADSL-router (827) instead of an ADSL-modem (Alcatel Speedtouch Home) as we do now (PPTP between workstation and ADSL-modem)
FYI; we're using IPSec over TCP.
Kind regards,
Marcel
11-05-2002 06:19 AM
We had the same problem with some of our xDSL provider and the fix aroud was changing the MTU size on the VPN Client. Also if your Concentrator or client is behind a NAT or fw device you will need to enable keepalives on the client (on the *.pcf file).
We still having problems for xDSL or Cable modem clients connecting to the VCA address (load balancing address) and Cisco TAC is dealing with our problem as it seems to be a bug.
I hope it helps.
Ta,
G.
09-24-2002 08:21 AM
Hi
- Ensure that you are using TCP encapsulation on the VPN client as your ADSL router is almost definitely doing PAT. This is in the general tab, under "enable transparent tunnelling".
- Ensure that your VPN concentrator is configured to allow TCP connections (and on the same port that the VPN client is configured to use - default 10000)
- If your 3000 is behind a firewall, ensure that port 10000 is open inbound in the rule base.
Hope this helps.
Regards, Barry
09-24-2002 11:27 PM
Hi Barry,
Thanks for your reply.
We are using transparent tunneling (IPSec over TCP) so that is not the problem (hence, from the same workstation we are able to setup a VPN connection with Dial-Up networking just fine).
As we're using an ADSL-modem (PPTP connection between workstation and ADSL-modem) I was thinking that maybe this conflicts with the AES encryption used with the v3.6.1 release (both Concentrator and VPN Client).
The error-messages from the Concentrator log are also not very descriptive. I was hoping for someone else with this same issue and their solution or it.
Kind regards,
Marcel
09-24-2002 11:55 PM
Hi Marcel
Does the Log Viewer (on the client) tell you anything useful..? I have had problems in the past caused by MTU sizes on the VPN 3000 which manifest themselves with messages like
Unexpected message (Exchange type 6) while negotiating IKE. Message discarded.
appearing in the log.
Providing your PPTP (is it really PPTP and not PPoE/A?) provides a transparent IP connection as far as your workstation is concerned, I would expect all of this to work.
Let me know how you get on with the Log Viewer....
Regards, Barry
09-25-2002 05:14 AM
Hi Barry,
This is a copy&paste from the VPN Client Log viewer:
1 14:50:19.859 09/24/02 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).
It's the only entry in this log.
I will try if changing the MTU has any effect.
Cheers,
Marcel
09-25-2002 06:20 AM
Marcel
Ensure that you have "verbose" turned on the message viewer.
Start the log viewer, Options -> Filter. Right click on each category and ensure that they are all set to high....
Barry
09-27-2002 06:00 AM
Hi Barry,
Ok, here's the log from the VPN Client.
I've replaced the following listed IP-addresses for security.
VPN Concentrators's Ip-addresses = x.x.x.x
Primary DNS/Wins = y.y.y.y
Secondary DNS/Wins = z.z.z.z
Workstations given IP-address (from pool in VPN Concentrator) = v.v.v.v
Workstations own IP-address = w.w.w.w
ADSL-connection static IP-address = t.t.t.t
I think maybe lines 108, 111 and 117 might be useful information for you.
1 15:10:39.222 09/27/02 Sev=Info/6 DIALER/0x63300002
Initiating connection.
2 15:10:39.252 09/27/02 Sev=Info/4 CM/0x63100002
Begin connection process
3 15:10:39.322 09/27/02 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet
4 15:10:39.322 09/27/02 Sev=Info/4 CM/0x63100026
Attempt connection with server "x.x.x.x"
5 15:10:39.332 09/27/02 Sev=Info/6 CM/0x63100033
Allocated local TCP port 2083 for TCP connection.
6 15:10:39.482 09/27/02 Sev=Info/4 CM/0x6310002D
TCP connection established on port 10001 with server "x.x.x.x"
7 15:10:39.592 09/27/02 Sev=Info/4 CM/0x63100026
Attempt connection with server "x.x.x.x"
8 15:10:39.592 09/27/02 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.
9 15:10:39.752 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID) to x.x.x.x
10 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
11 15:10:40.223 09/27/02 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, VID, VID, VID, VID) from x.x.x.x
12 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100
13 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
14 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 09002689DFD6B712
15 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
16 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100
17 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000001
Peer supports DPD
18 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000
19 15:10:40.223 09/27/02 Sev=Info/5 IKE/0x63000059
Vendor ID payload = 1F07F70EAA6514D3B0FA96542A500306
20 15:10:40.253 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to x.x.x.x
21 15:10:40.253 09/27/02 Sev=Info/6 IPSEC/0x6370001F
TCP SYN sent to x.x.x.x, src port 2083, dst port 10001
22 15:10:40.253 09/27/02 Sev=Info/6 IPSEC/0x6370001C
TCP SYN-ACK received from x.x.x.x, src port 10001, dst port 2083
23 15:10:40.253 09/27/02 Sev=Info/6 IPSEC/0x63700020
TCP ACK sent to x.x.x.x, src port 2083, dst port 10001
24 15:10:40.253 09/27/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
25 15:10:40.253 09/27/02 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (w.w.w.w)
26 15:10:40.413 09/27/02 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
27 15:10:40.413 09/27/02 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
28 15:10:40.413 09/27/02 Sev=Info/4 CM/0x63100015
Launch xAuth application
29 15:10:48.916 09/27/02 Sev=Info/4 CM/0x63100017
xAuth application returned
30 15:10:48.916 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
31 15:10:51.389 09/27/02 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
32 15:10:51.389 09/27/02 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
33 15:10:51.389 09/27/02 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Phase 1 SA in the system
34 15:10:51.389 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
35 15:10:51.469 09/27/02 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator
36 15:10:51.469 09/27/02 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Integrated Client, Capability= (Centralized Protection Policy).
37 15:10:51.479 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
38 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
39 15:10:51.640 09/27/02 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
40 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = v.v.v.v
41 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = y.y.y.y
42 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = z.z.z.z
43 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = y.y.y.y
44 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(2) (a.k.a. WINS): , value = z.z.z.z
45 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = WARNING:
Unauthorised access or use of this computer system is prohibited.
If you are unauthorised to use this system disconnect now!
46 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
47 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
48 15:10:51.640 09/27/02 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.1.Rel built by vmurphy on Aug 29 2002 18:34:44
49 15:10:51.710 09/27/02 Sev=Info/4 CM/0x63100019
Mode Config data received
50 15:10:51.730 09/27/02 Sev=Info/5 IKE/0x63000055
Received a key request from Driver for IP address x.x.x.x, GW IP = x.x.x.x
51 15:10:51.730 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x
52 15:10:51.730 09/27/02 Sev=Info/5 IKE/0x63000055
Received a key request from Driver for IP address 10.10.10.255, GW IP = x.x.x.x
53 15:10:51.770 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x
54 15:10:52.311 09/27/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
55 15:10:52.311 09/27/02 Sev=Info/6 IPSEC/0x6370002B
Sent 5 packets, 0 were fragmented.
56 15:10:56.767 09/27/02 Sev=Info/4 IKE/0x63000056
Phase 2 exchange timed out (message id = 0x588D41CA). Retry count: 1
57 15:10:56.767 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x
58 15:10:56.817 09/27/02 Sev=Info/4 IKE/0x63000056
Phase 2 exchange timed out (message id = 0x7689694E). Retry count: 1
59 15:10:56.817 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x
60 15:11:01.774 09/27/02 Sev=Info/4 IKE/0x63000056
Phase 2 exchange timed out (message id = 0x588D41CA). Retry count: 2
61 15:11:01.774 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x
62 15:11:01.824 09/27/02 Sev=Info/4 IKE/0x63000056
Phase 2 exchange timed out (message id = 0x7689694E). Retry count: 2
63 15:11:01.824 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x
64 15:11:06.782 09/27/02 Sev=Info/4 IKE/0x63000056
Phase 2 exchange timed out (message id = 0x588D41CA). Retry count: 3
65 15:11:06.782 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x
66 15:11:06.832 09/27/02 Sev=Info/4 IKE/0x63000056
Phase 2 exchange timed out (message id = 0x7689694E). Retry count: 3
67 15:11:06.832 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to x.x.x.x
68 15:11:11.789 09/27/02 Sev=Info/4 IKE/0x63000053
Phase-2 retransmission count exceeded, message id = 0x00000003
69 15:11:11.789 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080284
70 15:11:11.789 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
71 15:11:11.839 09/27/02 Sev=Info/4 IKE/0x63000053
Phase-2 retransmission count exceeded, message id = 0x00000003
72 15:11:16.796 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080285
73 15:11:16.796 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
74 15:11:21.804 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080286
75 15:11:21.804 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
76 15:11:26.811 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080287
77 15:11:26.811 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
78 15:11:31.818 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080288
79 15:11:31.818 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
80 15:11:36.825 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080289
81 15:11:36.825 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
82 15:11:41.833 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080290
83 15:11:41.833 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
84 15:11:46.840 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080291
85 15:11:46.840 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
86 15:11:51.847 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080292
87 15:11:51.847 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
88 15:11:56.855 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080293
89 15:11:56.855 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
90 15:12:01.862 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080294
91 15:12:01.862 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
92 15:12:06.869 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080295
93 15:12:06.869 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
94 15:12:11.877 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080296
95 15:12:11.877 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
96 15:12:16.884 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080297
97 15:12:16.884 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
98 15:12:21.891 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080298
99 15:12:21.891 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
100 15:12:26.898 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080299
101 15:12:26.898 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
102 15:12:31.906 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080300
103 15:12:31.906 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
104 15:12:31.906 09/27/02 Sev=Warning/3 IKE/0xE3000068
Failed to send 92 bytes to x.x.x.x, error = 0xFFFFFFF0
105 15:12:36.913 09/27/02 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 1225080301
106 15:12:36.913 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
107 15:12:36.913 09/27/02 Sev=Warning/3 IKE/0xE3000068
Failed to send 92 bytes to x.x.x.x, error = 0xFFFFFFF0
108 15:12:41.920 09/27/02 Sev=Info/5 IKE/0x63000017
Marking IKE SA for deletion (COOKIES = EF654A83FFBFCCE9 5A2420FEC83E7E1D) reason = DEL_REASON_DONT_NOTIFY_CM
109 15:12:41.920 09/27/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.x
110 15:12:41.920 09/27/02 Sev=Warning/3 IKE/0xE3000068
Failed to send 92 bytes to x.x.x.x, error = 0xFFFFFFF0
111 15:12:41.920 09/27/02 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_PEER_NOT_RESPONDING". 0 Phase 1 SA currently in the system
112 15:12:41.920 09/27/02 Sev=Info/5 CM/0x63100029
Initializing CVPNDrv
113 15:12:41.920 09/27/02 Sev=Info/4 CM/0x63100031
Resetting TCP connection on port 10001
114 15:12:41.920 09/27/02 Sev=Warning/3 CVPND/0xA3400006
IPC to driver failed: Could not send, error code of -16
115 15:12:41.920 09/27/02 Sev=Info/4 CM/0x63100032
Unable to reset TCP connection
116 15:12:41.920 09/27/02 Sev=Info/6 CM/0x63100034
Removed local TCP port 2083 for TCP connection.
117 15:12:42.021 09/27/02 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).
118 15:12:43.022 09/27/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
119 15:12:43.022 09/27/02 Sev=Info/6 IPSEC/0x6370002B
Sent 24 packets, 0 were fragmented.
120 15:12:43.022 09/27/02 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (t.t.t.t)
Thanks in advance for your help. It is much appreciated.
Marcel
P.S. I've experimented with different MTU-sizes to no avail.
09-30-2002 04:38 AM
i've seen this problem before. how are you making your connection to adsl....do you specify a vpn conneciton? if so, that is your problem. you can have only one vpn connection and will need to go back to your provider. your provider is giving you the wrong type of adsl. had the same problem with a european provider, giving the user a business type connection instead of a home users type of connection.
10-11-2002 03:23 PM
Hi,
im getting always the message "Remote peer is no longer responding"
when i start the ipsecdialer .If you are shure you can ping the remote
peer without vpn , then you close the ipsecdialer connection windows
go to ms-dos mode and launch couple of times cvpnd.exe .
Then try again to connect !
Good luck,
Patrizio
10-14-2002 05:49 AM
Hello all,
I have also the same problem.
I'm under W2K, and an ADSL PPTP connexion.
my company use a cisco VPN 3000 with RSA SecureID authentication.
the connexion to the VPN group work correctly, after I enter my username, my password (PIN+secureID code). and after 90s I have "... no longer responding"
In the logs the authentication is correct.
I ask France Telecom to swap my ADSL to PPPOE and all works like that.
Do you know if it will be possible to connect to the VPN 3000 over PPTP ADSL one day ?
thank to everybody for you answers ?
10-16-2002 05:08 AM
Most of the problem i've seen depend on the router that connect to the ADSL.
For example with Cisco 827 you must use an Ios image that is aware of the Ipsec protocol (esp on port 50) and the other port involved 500 and 10000 , to let this traffic pass as raw .
Also for your specific probem try to force the keepalives on the VPN software.
Regards,
Patrizio
11-05-2002 07:07 AM
Hi Patrizio,
We're using an ADSL-modem (PPTP between workstation and ADSL-modem), not an ADSL-router. The ADSL-modem is an Alcatel SpeedTouch home.
I believe that in the beginning (releases 3.1 of both Client and Concentrator) everything worked fine. Then we evaluated two ADSL-routers (The Cisco 827 and a Allied Data Technologies CopperJet 810). In the meantime both the VPN Client and the Concentrator were updated to the most recent versions (3.6.2B fot the Client and 3.6.1. for the concentrator as 3.6.3 does not allow AES-encryption). Now back to working over a ADSL-modem the VPN-session can no longer be setup. I've posted the logs from the concentrator and VPN-Client for those interested earlier in this thread.
Somehow I think, our "problem" is thus 3.6.x related.
Cheers,
Marcel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide