Customer VPN CISCO C2691 4.9.01.0180 does not work

Hello

After reading and find information about the client IPsec and VPN som, I now try to make it work, but:

The TEST LABORATORY is to follow:

INTERNET-> (IP 192.168.10.1/24) C1841-> INT0/1 TEST LAB

C2691 INT0/1 (IP 192.168.10.166/24)-> C2691 INT0/0 (IP 172.18.124.159/24)-> COMPUTER (DIFFICULTY IP 172.18.124.10/24)

I can PING from the computer:

192.168.10.1

172.18.124.159

But when I run the VPN, I have no communication, the PASSWORD and LOGIN are correct with the scrip.

Here below what I get when I try to connect:

Cisco Systems VPN Client Version 4.9.01.0180
Copyright (C) 1998-2009 Cisco Systems, Inc.. All rights reserved.
Type of client: Mac OS X
Running: the Darwin 10.6.0 Darwin kernel Version 10.6.0: Wed Nov 10 18:13:17 PST 2010; root:XNU-1504.9.26~3/RELEASE_I386 i386
Config files directory: / etc/opt/cisco-vpnclient

1 20:23:49.072 14/01/2011 Sev = Info/4 CM / 0 x 43100002
Start the login process

2 20:23:49.073 14/01/2011 Sev = WARNING/2 CVPND / 0 x 83400011
Send error - 28 package. ADR DST: 0xAC127CFF, ADR Src: 0xAC127C0A (DRVIFACE:1158).

3 20:23:49.073 14/01/2011 Sev = WARNING/2 CVPND / 0 x 83400011
Send error - 28 package. ADR DST: 0x0AD337FF, ADR Src: 0x0AD33702 (DRVIFACE:1158).

4 20:23:49.073 14/01/2011 Sev = WARNING/2 CVPND / 0 x 83400011
Send error - 28 package. ADR DST: 0x0A2581FF, ADR Src: 0x0A258102 (DRVIFACE:1158).

5 20:23:49.080 14/01/2011 Sev = Info/4 CM / 0 x 43100004
Establish a connection using Ethernet

6 20:23:49.081 14/01/2011 Sev = Info/4 CM / 0 x 43100024
Attempt to connect with the server "172.18.124.159".

7 20:23:49.081 14/01/2011 Sev = Info/6 CM/0x4310002F
Assigned TCP port local 49164 for the TCP connection.

8 20:23:49.261 14/01/2011 Sev = Info/4 IPSEC / 0 x 43700008
IPSec driver started successfully

9 20:23:49.261 14/01/2011 Sev = Info/4 IPSEC / 0 x 43700014
Remove all keys

10 20:23:49.261 14/01/2011 Sev = Info/6 IPSEC / 0 x 43700020
TCP SYN sent 172.18.124.159, src port 49164, port 10000 DST

11 20:23:54.261 14/01/2011 Sev = Info/6 IPSEC / 0 x 43700020
TCP SYN sent 172.18.124.159, src port 49164, port 10000 DST

12 20:23:59.261 14/01/2011 Sev = Info/6 IPSEC / 0 x 43700020
TCP SYN sent 172.18.124.159, src port 49164, port 10000 DST

13 20:24:04.761 14/01/2011 Sev = Info/6 IPSEC / 0 x 43700020
TCP SYN sent 172.18.124.159, src port 49164, port 10000 DST

14 20:24:09.261 14/01/2011 Sev = Info/4 CM/0x4310002A
Unable to establish a TCP connection on port 10000 with server '172.18.124.159 '.

15 20:24:09.261 14/01/2011 Sev = Info/5 CM / 0 x 43100025
Initializing CVPNDrv

16 20:24:09.262 14/01/2011 Sev = Info/4 CM/0x4310002D
Reset the TCP connection on port 10000

17 20:24:09.262 14/01/2011 Sev = Info/6 CM / 0 x 43100030
Removed the TCP port local 49164 for the TCP connection.

18 20:24:09.262 14/01/2011 Sev = Info/4 CVPND/0x4340001F
Separation of privileges: restore MTU on the main interface.

19 20:24:09.262 14/01/2011 Sev = Info/6 IPSEC / 0 x 43700023
TCP RST sent to 172.18.124.159, src port 49164, port 10000 DST

20 20:24:09.262 14/01/2011 Sev = Info/4 IPSEC / 0 x 43700014
Remove all keys

21 20:24:09.263 14/01/2011 Sev = Info/4 IPSEC / 0 x 43700014
Remove all keys

22 20:24:09.263 14/01/2011 Sev = Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped

The manuscript in the CISCO 2691 is just suited for my setup, I don't think that I made a few mistakes, but you never know.

If has a first time, I'm able to establish a VPN connection to my computer and my router, I'll be happy, if I see my home network of the CISCO 1841 (ROUTER MAIN one) this will be perfect, that's also what I would like to check in.

Here, the manuscript of the CISCO 2691:

!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot system flash: c2691-adventerprisek9 - mz.124 - 5a .bin
boot-end-marker
!
!
AAA new-model
!
!
AAA authentication login userauthen local
AAA authorization groupauthor LAN
!
AAA - the id of the joint session
!
resources policy
!
IP cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
Fax fax-mail interface type
0 username cisco password Cisco
!
!
!
crypto ISAKMP policy 3
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group 3000client
key cisco123
DNS 8.8.8.8
domain cisco.com
pool ippool
ACL 108
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
Crypto-map dynamic dynmap 10
Set transform-set RIGHT
!
!
map clientmap client to authenticate crypto list userauthen
card crypto clientmap isakmp authorization list groupauthor
client configuration address map clientmap crypto answer
10 ipsec-isakmp crypto map clientmap Dynamics dynmap
!
!
!
!
interface FastEthernet0/0
IP 172.18.124.159 255.255.255.0
automatic speed
Half duplex
clientmap card crypto
!
interface Serial0/0
no ip address
Shutdown
!
interface FastEthernet0/1
IP 192.168.10.166 255.255.255.0
automatic speed
Half duplex
!
interface Serial1/0
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
interface Serial1/1
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
interface Serial1/2
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
interface Serial1/3
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
IP local pool ippool 192.168.10.170 192.168.10.175
IP route 0.0.0.0 0.0.0.0 192.168.10.1
!
!
IP http server
no ip http secure server
!
access-list 108 permit ip 192.168.10.0 0.0.0.255 host 0.0.0.0
!
!
!
!
control plan
!
!
!
!
!
!
Dial-peer cor custom
!
!
!
!
!
!
Line con 0
transportation out all
Speed 115200
line to 0
transportation out all
line vty 0 4
transport of entry all
transportation out all
!
!
end

Best regards

Didier

Hi Didier,.

Looking at your first series of VPN client logs, it seems that the VPN client is set to use IPSec/TCP on port 10000 while CTCP has not been enabled on the router.

I suggest you to change the configuration on the client VPN IPSec/UDP rather than TCP. (Go to the tab "Transport" when you change the corresponding connection on the VPN client).

Let me know if this helps out!

See you soon,.

Assia

Tags: Cisco Security

Similar Questions

  • no service to customer without having to pay when the product does not work?

    no service to customer without having to pay when the product does not work?

    You will need to tell us more of the history for anyone to be able to give advice. The WHOLE story would be great!

  • Cisco MSE 8510 MCU - comments PIN does not work

    Hello

    We have a few conferences on 8510 blade. Each conference is the main AXIS and the comments set up PIN. When I dial in the Conference, main SPINDLE works fine but the PIN prompt does not work.

    I tried to deal with the PIN of an endpoint, then the guest PIN from the other end, but the Conference does not accept the feedback PIN. I can use the good main SPINDLE on the two end points.

    Anyone know what may be the issue?

    I just tested this without 8510, no problem at all.

    Can you give us a screenshot of the configuration of your conference?

    I had used the same digital ID for Chair and comments, with a different PIN for each.  When I connected as Chairman, I went straight in.  When I connected as a guest, I went straight in, but I got a quick saying saying President to arrive or to connect.

  • Cisco Anyconnect VPN does not work in windows 7 64 bit

    Hello
    I found that the cisco anyconnect (version 3, any series) does not work in windows 7 (64-bit).
    The vpn is connected, but there is not any internet access.

    I tried to solve the problems of:

    -Disabling the firewall.

    -disable the anti-virus etc.

    But while I tried using with 32 bit, it works very well.

    Also, I found that there is not a specific version of anyconnect vpn for only 64-bit.

    Do any body have the idea how to solve this problem, either it's a bug of cisco vpn itself?

    Certainly, you just need to install a later version of AnyConnect.  You need a Cisco, for example a SmartNet maintenance contract, to download the new versions.

  • After the upgrade yesterday from Vista to Windows 7, now my Cisco VPN does not work and I get an error message titled: grounds 440 driver fault. Any ideas to fix this?

    After the upgrade yesterday from Vista to Windows 7, now my Cisco VPN does not work and I get an error message titled: grounds 440 driver fault.  Any ideas to fix this?

    This was the solution!  The works of vpn as $ 1 million now.  I followed the instructions above to enter the uninstall program and selecting the repair option.  I rebooted the machine, then used the troubleshooting on vpn software compatibility option.  Selected Windows windows xp (service pack 2) as the correct software and cisco vpn client started right up.

    Thanks, Nick!

    Rick

  • custom ring tone does not work

    After the update this morning I hope this question was correct.

    I use a custom for some people to know how ringtone call by ringing. But nothing changes.

    It does not work.

    Nobody knows or has heard of this problem?

    Thank you

    Try these general steps. They could help.

    1 reset your iPhone by pressing and holding the sleep/wake and home buttons.

    2 disconnect you from your iCloud account and reconnect again.

  • T410 AiO customer CAPS, NUM, and scroll keyboard stop does not work with PCoIP view desktop computers

    We have problems with our t410 AiO customers, where the CAPS, NUM and scroll stop lights on the keyboard do not work with view PCoIP desktop computers.

    I found the below information and a work around:
    If you use the Protocol PCoIP to display on a client system Ubuntu 10.04, the CAPS Lock, NUM Lock, and Scroll Lock lights on your keyboard do not work with desktop view. Although the lights do not work, the keys themselves work.
    Solution: Set the following configuration in a configuration file, such as/etc/vmware/config:
    mks.keyboard.useXkbSetNamedIndicator = 'TRUE '.

    The problem is this difficulty is already in place via the latest version of the HP, Z6A440, software that is installed within our Organization.

    What I discovered, is that the model that we initially bought for the test doesn't have this problem.  However, the models that we ordered since that time, DO have the problem and the solution above does not work as expected.

    The model originally ordered for test is still a customer of IOA t410... but there are 4 "under models' for customers of IOA t410... that we have to test is a H2W20AA, while those we receive and distribution are the H2W21AA model.

    No idea why, when connected to the desktop from view, that models of H2W21AA have this problem?

    H2W20AA is with Teradici PCoIP optimized, which can support PCoIP better, but H2W21AA is not with Teradici. That's the difference.

    However, the issue that you are experiencing does not matter in fact, we have not heard of this problem before. I would suggest that you do the following to see if there is no change:

    1. Go to download the latest VMware View 2.3.4 for t410, follow the instructions to install.
    2. If suggestion 1 does not work for you, try to connect to another VM group or set up a new machine virtual clean
    3. Call HP service center to save your problem for further investigation if the suggestion above did not work

  • Halo 2 for windows vista does not work on my windows 7. Saiys it cannot start the direct customer

    original title: Halo 2 for windows vista

    Halo 2 for windows vista does not work on my windows 7.  Saiys it cannot start the direct customer.  It will not work in single user either...

    Hello

    Plase make sure you have the latest version of the GFWL Client installed:

    http://www.Microsoft.com/games/en-us/live/pages/livemarketplace.aspx

  • LAN does not work when the Cisco E1000 router hangs

    Original title: Download sp3

    Remember - this is a public forum so never post private information such as numbers of mail or telephone! I bought recently a new Cisco E1000 router. My computer is a laptop model Lenovo 0769.

    I am running windows XP with sp2. The cisco software requires sp3. I called support of cisco and even they couldn't get to download sp3. My network is wireless on the router and I had to install from another laptop computer on the system. My LAN does not work when hooked. What do you suggest to me.

    Ideas:

    • You have problems with programs
    • Error messages
    • Recent changes to your computer
    • What you have already tried to solve the problem

    Hi mdenrique,

    1. what exactly do you mean by LAN (Local Area Network) does not work? You get the error message?

    If you have not installed Service Pack 3, try the following steps:
    Step 1: Download Service Pack 3
    see How to obtain the latest Windows XP service pack .
    b. scroll the window and click on "Download now the Windows XP Service Pack 3 package" to download the service pack.
    c. save the file on the desktop.

    Step 2: Install Service Pack 3
    a. open the file downloaded and follow the instructions in the wizard to complete the installation.
    b. restart the computer once the installation is complete.

    For more information, see steps to take before you install Windows XP Service Pack 3

    Note: Once you have installed service pack 3, install the router and check if the problem persists.

    Step 3: To troubleshoot LAN, run home and small Office Networking Troubleshooter
    a. Click Start and then click Help and Support.
    b. under Pick a help topic, click Network and Internet.
    c. under network and the Web, click on resolution of networking or Web problems and then click on home and small Office Networking convenience store.
    d. answer the questions in the troubleshooter to try to find a solution.

    For more information, see the following articles:
    1 see How to troubleshoot a network in Windows XP
    2 see two resources to solve the problems of connection network in Windows XP

    Visit our Microsoft answers feedback Forum and let us know what you think.

  • I am trying to create a VPN connection, but it does not work

    I am trying to create a VPN connection, but it does not work
    The wizard cannot establish a connection. And if I try to record simply does not connect
    It does not work. If I try to click on find the problem, there simply
    do nothing.
    I tried it on another pc, where it worked. So the problem is not the
    router or data network. And the curious thing is that I installed it before, but only from one day to the other, the VPN connection was missing.

    It does not create even a the connection icon
    Thank you

    Try a system restore to a Date before the problem began:

    Restore point:

    http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/

    Do Safe Mode system restore, if it is impossible to do in Normal Mode.

    Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

    Try a restore of the system once, to choose a Restore Point prior to your problem...

    Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.

    http://www.windowsvistauserguide.com/system_restore.htm

    Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.

    See you soon.

    Mick Murphy - Microsoft partner

  • VPN error 809 does not work

    I have a windows vista, before my vpn network worked perfectly, but when the update sp2 vpn does not work again so could any body can help me with this sound like Windows have no clue at all to this subject, so far I try most of the answers

    but none works

    Support FREE from Microsoft for SP2:

    https://support.Microsoft.com/OAS/default.aspx?PRID=13014&Gprid=582034&St=1

    Free unlimited installation and compatibility support is available for Windows Vista, but only for Service Pack 2 (SP2). This support for SP2 is valid until August 30, 2010.

    Microsoft free support for Vista SP2 at the link above.

    See you soon.

    Mick Murphy - Microsoft partner

  • Cisco WLC 2504 internal DHCP does not work properly

    Hi all

    I m trials with a Cisco WLC 2504 and some APs of 1832. I set up a DHCP scope on the interface of the controller with 2

    a large number of different configurations, but the DHCP protocol does not work and Don t Access Point to obtain an IP address. My first question: is it possible to do DHCP for Access Points or only for wireless clients?

    These are my interfaces:

    Interface of the PA-Manager:

    My DHCP scope:

    Advanced DHCP:

    I forgot something? Is there anyone using DHCP for its access points?

    Thank you!

    Hello

    On Cisco WLC internal DHCP, you can add the option 43 to say where APs must register. In this case, they will try to resolve the DNS CISCO-CAPWAP-CONTROLLER or CISCO-LWAPP entry.

    Let me explain briefly how AP-Manager works on WLC:

    1. Boots of Access Point and sends a discovery request to the management interface of the controller using the intellectual property you configured as DHCP Option 43 (as described above, it can be resolved by the DNS entry)
    2. Controller, sends it a response discovered that contains the name of the system, addresses AP-Manager, the number of access points already connected to each interface AP-Manager and the overall capacity of the controller.
    3. Joints access point controller using the less loaded interface AP Manager.

    With this, every AP Manager must have a good configured interface and be connected to a different port, no LAG.

    I drop a post here sometimes there is which might help:

    https://supportforums.Cisco.com/document/118311/configuring-multiple-AP-...

    Thank you

    PS: Please do not forget to rate and score as correct answer if this answered your question

  • Check sensor SFR with FireSight via VPN - does not work

    Hello security experts.

    I have an ASA5515-X with SFR installed 5.4.0 and manage with 5.4 FireSight installed on the virtual machine on LAN and I record the sensor without any problem but when I try to register the sensor to FireSight via VPN I can't do. The interface on the ASA management has no intellectual property nor nameif configured and the interface is connected to the switch, SFR has the IP even configured as LAN addressing. I can see traffic being exchanged between the sensor and the FireSight but I can't save the sensor.

    Has anyone managed to register the sensor via VPN? Is there something else to be configured in order to save the sensor with the MC via the VPN?

    The delay between the Firesight and the sensor (on WAN and VPN) I get between 80 and 100 ms, what could be the problem?

    Thank you very much!

    Remi

    Hello

    If you are unable to telnet from DC to the sensor on the port 8305 delivers connectivity then.

    Can try you to ping from sensor to DC:

    ping -M do -c 20 -s 1572
    By default, the MTU is 1500 on eth0, if the ping does not work I will suggest to lower the MTU on the interface and see if it works. See also: / var/log/messages | grep sftunnel and see the error messages on DC and sensor and send it to me everywhere. Best regards, Aastha Bhardwaj rate if this is useful!

  • Client VPN suddenly does not work

    An external interface address changed on this PIX 501 yesterday - all of a sudden their client VPN does not work.  I checked that nothing in the config VPN configuration has changed.  I now see a *(HASH.) ("OAK NOTIFY ISAKMP INFO: NO_PROPOSAL_CHOSEN") in the journal on the VPN client.

    I crossed referenced on google - nothing in the statements of NAT, Access-list, or VPN configurations have changed.  Any ideas?

    Thank you
    Greg

    Your configuration is absolutely perfect.

    Please, try the following:

    no interface card VPN crypto outdoors

    card crypto VPN outside interface

    Remove and reapply the cryptomap on the external interface and see if that helps.

    Thank you

    Jeet Kumar

  • France / Customer Service / < deleted by the moderator > does not work

    Hello

    Client of I want to contact the service pay an Adobe Creative product subscription question.

    Indeed, only the country 'United States' appears on the subscription page, under the heading "billing" and cannot be changed, except to call the 800-585-0774.

    Alternatively, this one does not work.

    Have other people encountered this problem? and found a solution?

    Thank you pour your "lights"!

    Agnes

    Contact support using cat - for the link below click the still need help? option in the blue box below and choose the option to chat or by phone...

    Make sure that you are logged on the Adobe site, having cookies enabled, clearing your cookie cache.  If it fails to connect, try to use another browser.

    Creative cloud support (all creative cloud customer service problems)

    http://helpx.Adobe.com/x-productkb/global/service-CCM.html ( http://adobe.ly/19llvMN )

Maybe you are looking for