ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
DieselJeeper
Ultimate Member
Posts:
508
Joined:
Wed Aug 03, 2011 12:24 pm
Certs:
MCSE, MCP+I, SEC+ (working on CCENT/CCNA)

IPSEC VPN problem

Fri Feb 24, 2012 12:31 pm

I have an IPSEC VPN that has worked just fine.. until now...

I am using Cisco client to connect to the ASA 5520 here, I've had success using this setup in the past. In fact just yesterday I was able to connect clients to this VPN....

Setting up a new machine, I am now getting this error on the client:
"Secure VPN connection terminated by the client. Reason 412: The remote peer is no longer responding"

The ASA log is showing an error:
""received encrypted Oakley informational packet with invalid payloads" after several instances of "P1 retransmit package dispatched to MM FSM" and ""Dulpicate Phase 1 packet detected. Retransmitting last packet".

Any guidance on this?

DieselJeeper
Ultimate Member
Posts:
508
Joined:
Wed Aug 03, 2011 12:24 pm
Certs:
MCSE, MCP+I, SEC+ (working on CCENT/CCNA)

Re: IPSEC VPN problem

Fri Feb 24, 2012 1:38 pm

Have more traffic on this from my troubleshooting, will provide soonest

DieselJeeper
Ultimate Member
Posts:
508
Joined:
Wed Aug 03, 2011 12:24 pm
Certs:
MCSE, MCP+I, SEC+ (working on CCENT/CCNA)

Re: IPSEC VPN problem

Fri Feb 24, 2012 5:30 pm

troubleshooting and debugs have narrowed this down to a Max simultaneous login problem. I believe someone may have made some changes without my knowledge...

DieselJeeper
Ultimate Member
Posts:
508
Joined:
Wed Aug 03, 2011 12:24 pm
Certs:
MCSE, MCP+I, SEC+ (working on CCENT/CCNA)

Re: IPSEC VPN problem

Mon Feb 27, 2012 7:52 am

pardon, ttsaon?

DieselJeeper
Ultimate Member
Posts:
508
Joined:
Wed Aug 03, 2011 12:24 pm
Certs:
MCSE, MCP+I, SEC+ (working on CCENT/CCNA)

Re: IPSEC VPN problem

Tue Feb 28, 2012 8:22 am

OK I am pretty sure the initial problem was caused by poor connectivity to our Aircard provider. That's been addressed, and now I am getting the following:
error on client: "Secure VPN connection terminated by peer. Reason 433: (Reason not specified by peer)" Which is utterly useless...

ASDM log shows me:
"login authentication failed due to max simulataneous-login restriction"

Testing on a known-good machine and configuration of VPN client (I used it just last Thursday afternoon), I get the same error.

User avatar
Halo
Post Whore
Posts:
1008
Joined:
Thu Oct 14, 2010 4:39 am
Certs:
CCNP (R&S, Security), ITILv3 Foundation

Re: IPSEC VPN problem

Tue Feb 28, 2012 9:38 am

How about some debugs from the box?

DieselJeeper
Ultimate Member
Posts:
508
Joined:
Wed Aug 03, 2011 12:24 pm
Certs:
MCSE, MCP+I, SEC+ (working on CCENT/CCNA)

Re: IPSEC VPN problem

Tue Feb 28, 2012 1:13 pm

Which would you like? I'll have to sterilize them of course...

'

Return to Cisco Security

Who is online

Users browsing this forum: soreilly and 8 guests