Dr.VPNlabs		Discussion		Newsletter

Search VPN Topics  All Categories  Primers  VPN, Firewall, Security ...  Guides  HowTo, Choosing a VPN ...  Reference  Articles, FAQs, Whitepapers ...  Standards  Architectures, Protocols ...  Downloads  VPN, Firewall, Security ...  Products & Services  Hardware, Software, Services  Organizations  Business  Market Research, Law ...  Forums  News  Archive, Events, Newsletters ...   VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News.

VPN Forum Technical Topic: HELP!!! CISCO VPN PROBLME WITH ASA [New Topic]  [New Reply]  Author  Message fred Member since: 2009-03-18 05:21:35   posted: 2009-03-18 05:31:06 Help!!! Cisco VPN problme with ASA ---------- Hi, I have a problem to connect vpn with Cisco ASA. Please find below log: Cisco VPN Client (5.0.04): 52 20:26:48.906 03/18/09 Sev=Info/4 CM/0x63100002< br>Begin connection process 53 20:26:48.921 03/18/09 Sev=Info/4 CM/0x63100004< br>Establish secure connection 54 20:26:48.921 03/18/09 Sev=Info/4 CM/0x63100024< br>Attempt connection with server "202.82.118.126" 5 5 20:26:48.921 03/18/09 Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with 202.82.118.126. 56 20:26:48.921 03/18/09 Sev=Info/4 IKE/0x63000001 Starting IKE Phase 1 Negotiation 57 20:26:48.937 03/18/09 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 202.82.118.126 58 20:26:49.390 03/18/09 Sev=Info/4 IPSEC/0x63700 008 IPSec driver successfully started 59 20:26:49.390 03/18/09 Sev=Info/4 IPSEC/0x637000 14 Deleted all keys 60 20:26:54.234 03/18/09 Sev=Info/4 IKE/0x63000021 Retransmitting last packet! 61 20:26:54.234 03/18/09 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 202.82.118.126 62 20:26:59.296 03/18/09 Sev=Info/4 IKE/0x6300002 1 Retransmitting last packet! 63 20:26:59.296 03/18/09 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 202.82.118.126 64 20:27:04.296 03/18/09 Sev=Info/4 IKE/0x6300002 1 Retransmitting last packet! 65 20:27:04.296 03/18/09 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to 202.82.118.126 66 20:27:09.296 03/18/09 Sev=Info/4 IKE/0x6300001 7 Marking IKE SA for deletion (I_Cookie=454BB961CED4209 B R_Cookie=0000000000000000 ) reason = DEL_REASON_PEER_NOT_RESPO NDING 67 20:27:09.796 03/18/09 Sev=Info/4 IKE/0x6300004B Discarding IKE SA negotiation (I_Cookie=454BB961CED4209 B R_Cookie=0000000000000000 ) reason = DEL_REASON_PEER_NOT_RESPO NDING 68 20:27:09.796 03/18/09 Sev=Info/4 CM/0x63100014< br>Unable to establish Phase 1 SA with server "202.82.118.126" because of "DEL_REASON_PEER_NOT_RESP ONDING" 69 20:27:09.796 03/18/09 Sev=Info/5 CM/0x63100025< br>Initializing CVPNDrv 70 20:27:09.796 03/18/09 Sev=Info/6 CM/0x63100046< br>Set tunnel established flag in registry to 0. 71 20:27:09.796 03/18/09 Sev=Info/4 IKE/0x63000001 IKE received signal to terminate VPN connection 72 20:27:09.812 03/18/09 Sev=Info/4 IPSEC/0x637000 14 Deleted all keys 73 20:27:09.812 03/18/09 Sev=Info/4 IPSEC/0x637000 14 Deleted all keys 74 20:27:09.812 03/18/09 Sev=Info/4 IPSEC/0x637000 14 Deleted all keys 75 20:27:09.812 03/18/09 Sev=Info/4 IPSEC/0x637000 0A IPSec driver successfully stopped Cisco ASA config v(7.04): asdm image disk0:/asdm-504.bin as dm location 10.0.32.0 255.255.255.192 Outside no asdm history enable : Saved : ASA Version 7.0(4) ! hostname ciscoasa domain-name default.domain.invalid enable password 3VLOQOlhIsD7HLBK encrypted names !in terface Ethernet0/0 nameif Outside security-level 0 ip address 202.82.118.121 255.255.255.240 ! interface Ethernet0/1 nameif Inside security-level 100 ip address 10.0.0.6 255.255.254.0 ! interface Ethernet0/2 nameif DMZ security-level 50 ip address 192.168.200.1 255.255.255.0 ! interface Management0/0 nameif management security-le vel 100 ip address 192.168.1.1 255.255.255.0 management-only !< br>p asswd 2KFQnbNIdI.2KYOU encrypted ftp mode passive clock timezone HKST 8 same-security-traffi c permit inter-interface access -list Inside_access_in extended permit ip 10.0.0.0 255.255.254.0 any log debugging access-list Outside_access_in extended permit icmp any any log debugging access-list Inside_nat0_outbound extended permit ip 10.0.0.0 255.255.254.0 10.0.32.0 255.255.255.192 access-list microsoft-access_splitTun nelAcl standard permit any access-list Outside_cryptomap_dyn_20 extended permit ip 10.0.0.0 255.255.254.0 any pager lines 24 logging enable logging buffer-size 40960 logging asdm informational mtu Outside 1500 mtu Inside 1500 mtu DMZ 1500 mtu management 1500 ip local pool microsoft-vpn 10.0.32.1-10.0.32.50 mask 255.255.255.0 ERROR: Command requires failover license ERROR: Command requires failover license icmp permit any Outside icmp permit any Inside icmp permit any DMZ asdm image disk0:/asdm-504.bin no asdm history enable arp timeout 14400 global (Outside) 1 interface nat (Inside) 0 access-list Inside_nat0_outbound n at (Inside) 1 10.0.0.0 255.255.254.0 nat (DMZ) 1 192.168.200.0 255.255.255.0 nat (management) 0 0.0.0.0 0.0.0.0 access-group Outside_access_in in interface Outside access-group Inside_access_in in interface Inside route Outside 0.0.0.0 0.0.0.0 202.82.118.126 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute group-policy microsoft-access internal group-policy microsoft-access attributes wins-server value 10.0.0.71 10.0.0.72 dns-server value 10.0.0.71 10.0.0.72 vpn-tunnel-p rotocol IPSec split-tunnel-policy tunnelall split-tunnel -network-list value microsoft-access_splitTun nelAcl default-domain value thisisnoble.com webvpn username noble password JW174fq7cdlWxvd9 encrypted username microsoft1 password DxAbh.Z4oK59Ekd1 encrypted privilege 0 username microsoft1 attributes vpn-group-p olicy microsoft-access webvp n username admin password HTLtMvNz/yCAChvf encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 10.0.0.0 255.255.254.0 Inside http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20< br>crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map crypto map Outside_map interface Outside isakmp enable Outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 tunnel-group microsoft-access type ipsec-ra tunnel-group microsoft-access general-attributes add ress-pool microsoft-vpn default- group-policy microsoft-access tunne l-group microsoft-access ipsec-attributes pre-s hared-key * tunnel-group-map default-group microsoft-access telne t 10.0.0.0 255.255.254.0 Inside telnet timeout 5 ssh 10.0.0.0 255.255.254.0 Inside ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd lease 3600 dhcpd ping_timeout 50 Cryptochecksum:61b2 df7ed268da9f296f2b5454178 22f : end Any suggestion? I am quite new for config VPN... Please help!!! Thanks a lot!

Link to VPNlabs  |  Suggest a Link  |  Contact Us  |  About Us

© 2001 - 2011 VPNlabs.org Disclaimer