Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem connecting to PIX

Status
Not open for further replies.
Blai1017

Blai1017

MIS
Nov 6, 2003
2
US
Hi we just installed a PIX firewall next to our server, but we seem to have trouble connecting to it. It would work from time to time. We were using wireless connections but since having the VPN problem, we've gone back to landline. The problem still occurs though. Right now only one of my staff members can connect to the server with no problem. The network that we use is also firewalled, so it doesn't allow incoming connections either. Can anyone tell me what the problem is? Here is the log from the VPN software:

Cisco Systems VPN Client Version 4.0.1 (Rel)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600

1 13:09:34.154 11/06/03 Sev=Info/4 CM/0x63100002
Begin connection process

2 13:09:34.154 11/06/03 Sev=Info/4 CM/0x63100004
Establish secure connection using Ethernet

3 13:09:34.154 11/06/03 Sev=Info/4 CM/0x63100024
Attempt connection with server "192.168.2.1"

4 13:09:34.154 11/06/03 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 192.168.2.1.

5 13:09:34.169 11/06/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 192.168.2.1

6 13:09:34.997 11/06/03 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

7 13:09:34.997 11/06/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

8 13:09:39.498 11/06/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

9 13:09:39.498 11/06/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 192.168.2.1

10 13:09:44.498 11/06/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

11 13:09:44.498 11/06/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 192.168.2.1

12 13:09:49.498 11/06/03 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

13 13:09:49.498 11/06/03 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 192.168.2.1

14 13:09:54.499 11/06/03 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=0126F61C7E28203B R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

15 13:09:54.999 11/06/03 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=0126F61C7E28203B R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

16 13:09:54.999 11/06/03 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "192.168.2.1" because of "DEL_REASON_PEER_NOT_RESPONDING"

17 13:09:54.999 11/06/03 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

18 13:09:54.999 11/06/03 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

19 13:09:54.999 11/06/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

20 13:09:54.999 11/06/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

21 13:09:54.999 11/06/03 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

22 13:09:54.999 11/06/03 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped


Thank You in advance
 
Sort by date Sort by votes
HI.

Please provide more specific details, including:
pix version.
physical cabling connections.
pix config (see the FAQ of this forum for safe posting).
networking devices and configuration.
ip addressing.
Internet connections.
And more relevant details + general info.

Anyway from your post I would focus on this:
************
14 13:09:54.499 11/06/03 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=0126F61C7E28203B R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
**********

Which might mean that the firewall between the peers is blocking some part of the traffic.



Yizhar Hurwitz
 
Upvote 0 Downvote
Hi thanks for the prompt reply.
i have a Cisco Pix 501 running 6.3(2)
The PIX is is connected to the server and the server is hosted elsewhere. What I've found out, is that when one person connects to the PIX, it works just fine. The problem occurs when another user tries to connect to the VPN. The client will timeout and report an error. When the first user disconnects from the VPN. If you wait 10 minutes or so, the second user was able to connect to the VPN. Is this a licensing issue, or is this just how Cisco developed the PIX?
Once again, thanks in advance.
 
Upvote 0 Downvote
Like Yizhar said... We need more info: Config, show version, etc. When you experience the issue do a show local-host to determine if it is a licensing issue. Are both VPN sessions started from the same network? Are the VPN clients being patted? Some PAT devices have issues with ESP and can only handle one VPN session at a time.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
798
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
657
Johnkite
Johnkite
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
169
brownmab53
brownmab53
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
584
nnaarrnn
nnaarrnn
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
123
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top