Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco VPN & Vodafone GPRS 1

Status
Not open for further replies.

bas95

Technical User
Aug 22, 2002
31
NL
Dear all,

At this moment i am testing a VPN solution using GPRS.
The GPRS provider is Vodafone..

The VPN solution (Cisco PIX with Cisco VPN client) is working well with dial-up and fixed internet connection, but GPRS is not working.

The IPSEC Log viewer shows the following error.

1 14:37:04.570 02/24/03 Sev=Warning/2IKE/0xE300007C
Exceeded 3 IKE SA negotiation retransmits... peer is not responding
2 14:37:04.620 02/24/03 Sev=Warning/3DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).

I know that Vodafone uses a NAPT router between the GPRS network and the internet. Could this be a problem..??

I appreciate any advice..

Bastiaan van Utrecht
Shimano Europe
 
HI.

GPRS - This is a cellular connection, right?

Can you ping from VPN client to the pix and vice versa?

Anyway, if it doesn't work with the pix, you should consider purchasing a Cisco VPN 3xxx because this device supports more options that can overcome such problems.
One of them is "transparent tunneling" which is encapsulation of IPSec over a single UDP or TCP session.
The pix currenlty does not support this - maybe in newer version.

Bye
Yizhar Hurwitz
 
Hi Yizhar,

Many thanks for your response..

I have contacted the provider and they told me that the solution must be NAPT aware. (ESP encapsulated in UDP or TCP)

Is this the so called "transparant tunneling"..??

Regards


Bastiaan van Utrecht
Shimano Europe
 
HI.

> Is this the so called "transparant tunneling"..??
Yes.

The Cisco unity VPN software client supports this feature, but the pix does not...

Another alternate solution to consider is a terminal server that is hardened and configured with strong authentication and other OS and 3rd party security features.

The best solution I can think of is to use both - a VPN server and a hardened terminal server.

Bye
Yizhar Hurwitz
 
Hi,

FYI

I recieved some inside information from a Cisco employee.
He told me that around 26 march a new IOS version for the Cisco pix will released (V6.3). This version will support the so called "transparant tunneling"

Regards,

Bastiaan van Utrecht
Shimano Europe
 
Hi,

FYI

I recieved some inside information from a Cisco employee.
He told me that around 26 march a new IOS version for the Cisco pix will released (V6.3). This version will support the so called "transparant tunneling"

Regards,

Bastiaan van Utrecht
Shimano Europe
 
I also has the same problem, but this time not with GPRS. I do have Cisco VPN Client 3.6.3 on Win XP pro and trying to connect to my VPN concentrator using my laptop's integrated wireless adapter. Everytime, I started my "VPN dialer" application, I am getting "Remote Peer is no longer responding" and the log shows the following:

1 19:32:24.736 05/13/03 Sev=Warning/2 IKE/0xE300007C
Exceeded 3 IKE SA negotiation retransmits... peer is not responding

2 19:32:24.786 05/13/03 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).


I am able to ping to the my remote VPN concentrator and able to traceroute to the server IP. But, seems the problem with VPN client? Another thing is that I am able to connect to my corporate VPN using my desktop's eithernet card (with the same netgear wireless router).

Any clues?

Thanks,
sks2003
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top