Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1470
Views
0
Helpful
5
Replies

Why won't this VPN work?

stalljh
Level 1
Level 1

‎10-01-2004 08:34 AM - edited ‎02-21-2020 01:22 PM

I set up PIX with dynamic map so that remote client (workstation with Cisco VPN Client 4.6.00.0049) will work. Testing this on a Laptop with Windows 2000, where I had an internet connection outside of my outside interface of the PIX, I get the connection OK(See Atth 1, a debug of the connection). If I take my laptop to my house, where I have cable modem connection through an ISP, it also works fine. The problem is that when I load the Cisco VPN Client to my home PC, on XP with all setups the same as my laptop, it doesn't work. I don't get the popup that allows me to put in the username and password. I have a debug of the connection attempt (See Attch 2). At attch 3 is my Pix setup. Any help or suggestions are most appreciated.

Labels:
Preview file
8 KB
Preview file
2 KB
Preview file
13 KB
0 Helpful
5 Replies 5

Patrick Iseli
Level 7
Level 7

‎10-01-2004 09:35 AM

Add the following command to your config. You run probably into a NAT-T problem.

isakmp nat-traversal 20

sincerly

Patrick

0 Helpful

stalljh
Level 1
Level 1
In response to Patrick Iseli

‎10-01-2004 07:21 PM

Thanks Patrick. I put the command in but it did not help.Any other ideas?

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to stalljh

‎10-02-2004 04:05 AM

Sounds like an application problem. Have you allready reinstaled it once?

0 Helpful

stalljh
Level 1
Level 1
In response to Patrick Iseli

‎10-04-2004 03:29 PM

Yes, I have. It is really frustrating. I am wondering if being a PC on the domain makes any difference. I ask this because the Laptop that I loaded the Cisco client on is a member of the domain that I log in to. Again, if I take this laptop home and get an IP through DHCP on my little home switch/router that connects to my cable modem, I can use the client and get into my work network. But if I load the client on my home Windows XP home edition PC, if won't let me into the network. I can use my laptop and get into the pix from home and watch on debug as I try to connect from my XP workstation. So the packets make it to the Pix, but the setup of the isakmp dynamic tunnel is not made. I get messages like "No peer information found". Which I thought is the purpose of the client to create a dynamic peer with the pix. What am I doing wrong?

Thanks.

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to stalljh

‎10-04-2004 05:03 PM

No, domain member or not there is no diffrence for the Cisco VPN Client.

Your setup looks like:

PC XP ---- Router ---Intenet ---- PIX --- Network

Laptop

Thats right? From your laptop it works but not from your XP PC !!

Have you Windows XP with SP2? Maybe the Firewall blocks that, add your Application to the trusted list.

0 Helpful
Customers Also Viewed These Support Documents