Hi again boss,ok i`ll do it

Mohammed Al-odhari · ‎09-02-2015

Dear all,
i gave up in configuring cisco vpn client in cisco 1841.
i used i-map and isakmp profile , but i got an error Reoson 412 (remote peer no longer responding)

attached is sh run with debug using isakmp and i-map
plz help as also i replace the ios but still issue exists.

regards,

pjain2 · ‎09-02-2015

Hey Mohammed,

From the debugs, I can see that the router is sending the UDP 500 packet back to the Client but it is not reaching the Client.

Can you check with your ISP or the Natt'ing device in front of your router to check if the UDP 500 is getting blocked?

Regards

Mohammed Al-odhari · ‎09-02-2015

Hi pjain2,

thanks for your replay,

our ISP is fine and the front natting device is attached and everything seems to be ok, but still the vpn client cannot connect.

Is all the config ok???

any other possibilities???

thanks.

pjain2 · ‎09-02-2015

can you try changing the communication from UDP to TCP.

on the ipsec client, in the transparent tunneling, select ipsec over tcp port 10000.

on the router, add the following command:

cry ctcp port 10000

if the udp 500 is blocked, the client will be able to connect on TCP

Mohammed Al-odhari · ‎09-02-2015

Hi again boss,

ok i`ll do it later as i cant reach the router right now, and i `ll inform you back.

Plz consider my answer later as i fed up with this issue.

thanks again,

Mohammed Al-odhari · ‎09-04-2015

Hi again,

using the above tcp port 10000, am able to connect which sounds very good, but after i connect i can only reach the local lan ip of the router (192.168.0.254), i cant reach the local lan (192.168.0.x)

i attached the debug and show run, is there any issue prevent reaching the local lan????

thanks again for your time.

regards,

pjain2 · ‎09-04-2015

if you are able to connect with TCP it means that the UDP 500 is getting blocked somewhere in the path between the client and the router.

is the internal lan 192.168.0.0/24 connected via any L3 device. If so, do you have correct static routes on them to send the traffic back to the router.

you can also do the following:

1. configure the below access-list

ip access-list ext 123

perm ip host <pool ip> host 192.168.0.x log

permit ip host 192.168.0.x host <pool ip> log

permit ip any any

2. int fa0/0

ip access-group 123 in

ip access-group 123 out

initiate the traffic to the internal host and check hit counts on the 123 access-list; you will see if the traffic is going out and coming in or not.

Mohammed Al-odhari · ‎09-04-2015

Hi,

the local lan is directly connected to fa0/0 of the router via switch.

fa0/1 (192.168.1.254) of the router is connected to internet modem (192.168.1.1)

modem is configured for natting all ports to 192.168.1.254

attach is tracert from my laptop after i connect using vpn client.

it reaches the fa0/0 of the router only, local lan no.

any suggessions.?? plz

pjain2 · ‎09-05-2015

you need to take the captures that i mentioned above.

Mohammed Al-odhari · ‎09-05-2015

hi boss,

it seems that traffic doesnt go out or comes in via fa0/0.

when i do ping from inside router using source interface fa0/1 (192.168.1.254) to internal network, ping fails. and i showed you yesterday the tracert to the internal network it stops on ip of fa0/1.

is it routing issue??? but networks are directly connected.

how come i can ping the fa0/0 of the router (192.168.0.254) and internal network i cant despite it is the same network.

firewall is disabled in internal network,,,

can you help plz...

VPNclient issue:412 (remote peer no longer responding)-urgent