12-11-2003 10:40 AM - edited 02-21-2020 12:57 PM
Hi,
I'm trying to connect a VPN client 4.0.3(C) to a PIX506. The PIX 506 has 3 other PIX501s already connecting to it statically as well as 2 501s dynamically.
Here is the client log just a bit before it establishes phase 1 all the way to the end:
244 09:17:09.026 12/11/03 Sev=Info/4 IKE/0x63000082
IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194
245 09:17:09.026 12/11/03 Sev=Info/5 IKE/0x63000071
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end IS behind a NAT device
246 09:17:09.026 12/11/03 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
247 09:17:09.026 12/11/03 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
248 09:17:09.056 12/11/03 Sev=Info/5 IKE/0x6300005D
Client sending a firewall request to concentrator
249 09:17:09.056 12/11/03 Sev=Info/5 IKE/0x6300005C
Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).
250 09:17:09.056 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 60.122.144.158
251 09:17:10.879 12/11/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 60.122.144.158
252 09:17:10.879 12/11/03 Sev=Warning/2 IKE/0xE3000099
Responder cookie must be empty (PacketReceiver:765)
253 09:17:14.214 12/11/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
254 09:17:14.214 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(Retransmission) to 60.122.144.158
255 09:17:19.221 12/11/03 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA
256 09:17:19.221 12/11/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
257 09:17:19.221 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(Retransmission) to 60.122.144.158
258 09:17:23.968 12/11/03 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 60.122.144.158
259 09:17:23.968 12/11/03 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (Retransmission) from 60.122.144.158
260 09:17:23.968 12/11/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
261 09:17:23.968 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(Retransmission) to 60.122.144.158
262 09:17:24.228 12/11/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
263 09:17:24.228 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(Retransmission) to 60.122.144.158
264 09:17:29.235 12/11/03 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA
265 09:17:29.235 12/11/03 Sev=Info/4 IKE/0x6300002D
Phase-2 retransmission count exceeded: MsgID=9F7E0889
266 09:17:29.235 12/11/03 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 60.122.144.158, seq# = 2183134406
267 09:17:29.235 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 60.122.144.158
268 09:17:29.235 12/11/03 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=D3F857F72C3D4B11 R_Cookie=646CC86ACB63E826) reason = DEL_REASON_IKE_NEG_FAILED
269 09:17:29.235 12/11/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 60.122.144.158
270 09:17:32.240 12/11/03 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=D3F857F72C3D4B11 R_Cookie=646CC86ACB63E826) reason = DEL_REASON_IKE_NEG_FAILED
271 09:17:32.240 12/11/03 Sev=Info/4 CM/0x6310000F
Phase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
272 09:17:32.240 12/11/03 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
273 09:17:32.270 12/11/03 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
274 09:17:32.280 12/11/03 Sev=Info/4 IKE/0x63000085
Microsoft IPSec Policy Agent service started successfully
275 09:17:32.290 12/11/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
276 09:17:32.290 12/11/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
277 09:17:32.290 12/11/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
278 09:17:32.290 12/11/03 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
279 12:22:44.278 12/11/03 Sev=Info/6 IKE/0x6300006F
Stateful Firewall (Always On) was started.
280 12:22:56.716 12/11/03 Sev=Info/4 PPP/0x63200015
Processing enumerate phone book entries command
281 12:22:57.097 12/11/03 Sev=Info/4 PPP/0x6320000D
Retrieved 8 dial entries
Can anyone tell me what may be wrong?
Thank you,
Mike
12-17-2003 01:03 PM
check all your IPSec parametres on both side of the network. THis could be because of simple parametre mismtch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide