VPN 3060 concentrator error

I have a Cisco VPN 3060 concentrator and sometimes I get the following message from syslog. What does this error mean?

Local7.warning, SEV 2 RPT EVENT/42 = 30 = save to FTP server failed (9)

It seems that you configure the VPN concentrator to send the log saved on an FTP file.

You can check the following for parameters:

Configuration | System | Events | FTP backup

These are the 2 FTP options which can be configured on the VPN concentrator.

Tags: Cisco Security

Similar Questions

Cisco VPN 3060 - Cisco ASA conversion

We are about to embark on the passage of all extensions L2L and network (Cisco ASA 5505 s) of the Cisco VPN 3060 concentrator to a Cisco ASA 5520.

We bsemblable woul to see if there is a simple method to do this as a converter? Also, there are lessons learned? We run 8.4.3 so that we know that the NAT configuration has differed. The 3060 configuration can be changed in anyway for help in configuring the ASA?

Thank you

Dwane

Thank you for your understanding Dwane.

Please mark this message as answered.

Good day.

Console Cable - Cisco VPN 3000 Concentrator

Where can I get a cable from the console to the Cisco VPN 3000 Concentrator? The place I bought the hub of not sent me one with it.

Thank you

JP

JP,

Console port for the concentrator vpn being complient rs-232, you can buy two female DB9 to RJ45 / adapters, one for the concetrator and one for the PC to use in the COM1 port, then use a regular straight through CAT5 cable, that's the way I do and it is convenient as suppose to use the straight through serial rs-232 cable.

http://www.sealevel.com/product_detail.asp?product_id=787

With regard to the regular cable this hub comes with you can use it.

http://www.stonewallcable.com/product.asp?Dept%5Fid=35&PF%5Fid=SC%2DS9%2DFF

Adidtional information for your initial hub seup -.

http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/3_6/getting/gs2inst.htm#1050260

Concerning

PLS rate useful posts

IPSec remote VPN with VPN client in error

Hello

ASA 5505 configuration is: (installation using ASDM)

output from the command: 'show running-config '.

: Saved
:
ASA Version 8.2 (5)
!
hostname TEST

Select _ from encrypted password
_ encrypted passwd
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
passive FTP mode
sap_vpn_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.224
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
IP local pool test_pool 192.168.10.0 - 192.168.10.20 mask 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
AAA authentication http LOCAL console
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
dhcpd address 192.168.1.5 - 192.168.1.132 inside
dhcpd allow inside
!

a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal sap_vpn group policy
attributes of the strategy of group sap_vpn
value of server DNS 192.168.2.1
Protocol-tunnel-VPN IPSec

Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list sap_vpn_splitTunnelAcl
username password encrypted _ privilege 0 test
username test attributes
VPN-group-policy sap_vpn
Username password encrypted _ privilege 15 TEST
type tunnel-group sap_vpn remote access
tunnel-group sap_vpn General-attributes
address test_pool pool
Group Policy - by default-sap_vpn
sap_vpn group of tunnel ipsec-attributes
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:b67cdffbb9567f754052e72f69ef95f1
: end

I use customer VPN authentication with IP 192.168.2.20 host group with username:sap_vpn and key pre-shared password but not able to connect to the vpn and the error message attached.

ASA, set up with the initial wizard ASDM: inside the interface IP 192.168.1.1 (VLAN1) and outside (VLAN2) IP 192.168.2.20 assigned by using DHCP. I use outside interface IP 192.168.2.20 to HOST IP to the VPN client for the remote connection? is it good?

Please advise for this.

Hello

What train a static IP outside? We need a static IP address to connect, please try again and let us know how it works?

Kind regards

VPN 3005 concentrator Web Administration fails

I have a vpn concentrator 3005 I can't connect to the web administration page. When I have the access concentrator, I get an HTTP 403 forbidden error. IE, the details of the error is "this error (HTTP 403 Forbidden) means that Internet Explorer was able to connect on the site, but it doesn't have permission to view the Web page." I tried several machines and Firefox as well, but all give the same error. I have no problem with the administration via telnet, but wishes to get the web interface works again. I even tried updating the hub to 4.7.2.P (from 4.7.2.O), but it does not solve the problem either. I also noticed an error in the event log which shows demand and an error HTTP 404 not found (/). Any ideas?

On your interfaces, for example, "Configuration | Interfaces | Ethernet 1 ", on the WebVPN tab you have the check box for"allow management HTTPS sessions "?

PIX 515e VPN 3005 concentrator cannot pass phase 1

My list of vpn access increases, so I know that it is correct. IM testing with ping. Debug configurations and follow. Remote location through VPN connection attempt with THE. Thanks to all who can help. His failure in the first phase which means configuration mess up, but I can't find a miss-match for me? Maybe ive been looking at this for a long time.

Pix515e config:

----------------

Crypto ipsec transform-set esp - esp-md5-hmac aptset

aptmap 10 ipsec-isakmp crypto map

aptmap 10 correspondence address vpn crypto card

card crypto aptmap 10 peers set yyy.xxx.xxx.131

card crypto aptmap 10 transform-set aptset

aptmap interface card crypto outside

ISAKMP allows outside

ISAKMP key * address yyy.xxx.xxx.131 netmask 255.255.255.255

part of pre authentication ISAKMP policy 10

encryption of ISAKMP policy 10

ISAKMP policy 10 md5 hash

10 2 ISAKMP policy group

ISAKMP life duration strategy 10 86400

Debugs ipsec, isakmp, ca

-------------------------

Peer VPN: ISAKMP: approved new addition: ip:yyy.xxx.xxx.131 Total VPN peer: 1

Peer VPN: ISAKMP: ip:yyy.xxx.xxx.131 Ref cnt is incremented to peers: 1 Total peer VPN: 1

ISAKMP (0): early changes of Main Mode

ISAKMP (0): retransmission of phase 1... IPSEC (key_engine): request timer shot: count = 1,.

local (identity) = zzz.xxx.xxx.226, distance = yyy.xxx.xxx.131,

local_proxy = 192.168.33.0/255.255.255.0/0/0 (type = 4),

remote_proxy = 192.168.65.0/255.255.255.0/0/0 (type = 4)

ISAKMP (0): retransmission of phase 1...

ISAKMP (0): delete SA: src zzz.xxx.xxx.226 dst yyy.xxx.xxx.131

ISADB: Reaper checking HIS 0x81377ad8, id_conn = 0 DELETE IT!

Peer VPN: ISAKMP: ip:yyy.xxx.xxx.131 Ref cnt decremented to peers: 0 Total of VPN peer: 1

Peer VPN: ISAKMP: deleted peer: ip:yyy.xxx.xxx.131 VPN peer Total: 0

results of ' show crypto isamkp his. "

-----------------------------------

Total: 1

Embryonic: 1

Src DST in the meantime created State

YYY.xxx.xxx.131 zzz.xxx.xxx.226 MM_NO_STATE 0 0

Error messages on the concentrator 3005

------------------------------------

11:14:47.640 57 07/01/2004-SEV = 4 RPT IKE/48 = 23 yyy.xxx.xxx.226

Support useful treatment of error: ID payload: 1

11:15:02.770 58 07/01/2004-SEV = 4 RPT IKE/48 = 24 yyy.xxx.xxx.226

Support useful treatment of error: ID payload: 1

3005 page concentrator Lan-To-Lan settings

-----------------------

Activated

External interface

Answer only

YYY.xxx.xxx.226 peer

Digital cert: no (use preshared keys)

Transmission of the CERT: (full certification chain)

Preshared key: {same on pix}

AUTH: esp, md5, hmac-128

encryption: des-56

proposal of IKE: IKE-DES-MD5

Filter: none

IPSec NAT - T not verified

No bandwidth policy

Routing: no

I noticed that you have a lifetime and a pfs group configured on the pix. The pfs group is 2 which I think will not work with-although I'm not positive, as I have only used with 3des. Diffie-Hellman Group1 should work with simple.

In any case, recheck the config vpn 3000 to see if a group and life expectancy have been speced on config. If not, or if you are not sure, then remove the two outside the pix and run the command of his clear cry on the pix. Then try again and let me know what you find.

Failures of intermittent connection to the VPN 3000 Concentrator

Hello

I managed a VPN 300 hub that works with happiness for several years with no problems. All users are part of the same group and authenticate on a server RSA. We recently moved from Authentication Manager RSA RSA 7.1 Authentication Manager 6.1. Continuous everthing works well for several weeks, then at the beginning of this week we started having users intermittently failing to connect to the VPN. I don't know if this problem is related to our new server RSA, but we have other devices on the network that authenticate on it without any problem, so I guess the problem is with the Concentrator VPN itself.

When users fail they just get a generic error message 'Reason 427 completed peer connection'. Live event log shows "group = vpn, status = is not off duty" when their connection fails. Other times they connect normally and no error messages appear. There seems to be no real reason, sometimes your connection fails, but if you keep trying you will get eventually in [However it may take several attempts in the course of an hour or two until you succeed, or you can get immediately without a problem].

I don't think that it's a network problem, because I ran continuous for the hub and the RSA server pings while users are experiencing these problems and there are no drops.

Authentication RSA server monitor always shows that the user is authenticated successfully, the connection of users actually succeed or not. I'm tempted to reboot just the hub, but we have tunnels VPN site-to-site connected on it and I'm a little worried if it is faulty you can not come back at all.

Has anyone encountered this problem before?

Thanks in advance

Hi Graham,

My guess is that the new RSA server is slower to react, causing the Timeout vpn3000 sometimes - this would explain all the symptoms (nature intermitten's not in service, the success of logs on the server).

I don't have a vpn3k at hand to check, but I think that in the config server aaa where you set the ip address etc. of the RSA server, you can also set a time-out value - see if increasing this value help.

HTH

Herbert

Mapping of VPN XP problem - error 53

Set up a VPN on a Windows XP SP3 computer. I can connect on the Wan to both a XP SP3 and Vista PC. But trying
card to a shared folder, the Vista is successful but when mapping the PC XP SP3 it fails with the ERROR 53 - the network
path is not found. I'm trying to map by IP address. I am able to ping the remote VPN from the two PC. Are the two XP PC
in the same working group. Any ideas?

Thank you

This should get out you of trouble

http://www.DameWare.com/support/KB/article.aspx?ID=300059

IOS XR MPLS VPN L3 + BGP error message

I use the file "iosxrv-k9-demo - 5.1.2" image on GNS3 for free practice.

When my IOS XR with MPLS L3 VPN router and assigning an interface of IOS XR to a VRF, it gives an error:

RP/0/0 / CPU0:Feb 19 20:16:50.182: bgp [1048]: ROUTING-BGP-3-RPC_SET_ERROR %: [22]: read all RPC operation: Table. Error: ' Subsystem (3373) "detected the status of 'fatal', 'Code (37)': pkg/bin/PMO: (PID = 663826):-traceback = b395988 b229e9c 8226a4b 8224bdc afb2e7c b22d857 8267050.

looking for a solution.

Hi umesh, there is a table operation handler problem that has been fixed in xr 513. When the list is empty, it returns "error", but which is not necessary to return the error, an empty list can be ok, so the sw fix that went in is to check that and return errors more detailed codes inside the s in this case table operations and PMO communition XR (which is made via RPC or remote call procedure).

few options who may be here to try:

-1 ignore it and continue the configuration

-2 set all definitions of vrf first under router bgp and everywhere where necessary before you assign it to an interface

-3 clear config, reboot, apply the new configuration step by step with the first definitions of vrf and last to apply to the interface.

-4 Download xr513 XRv.

see you soon

Xander

VPN 3000 Concentrator authentication failure.

Hi team,

I am facing the error of authentication in the hub.

Scenario: -.

Hub is integrated with AD.

Error: -.

---

2451 11/22/2009 13:20:35.550 SEV = 3 RPT AUTH/5 = 19132 86.62.198.251
Authentication was rejected: reason = Unspecified
manage 396, server = 172.27.1.13 =, user = 23733, area =

Hi subashmbi,

I have more questions for you: -.

1. which authentication protocol is used with AD?

2. by chance "23733" user which you see the authentication error, part of several groups defined in AD?

As a quick test, try to switch the VPN group to NT domain authentication and let me know how it goes...

If NT does not work then try LOCAL authentication.

Waiting for your answer, the answers to the questions posed above and the results of the test with NT and LOCAL...

Concerning

M

Recovery password: VPN 3005 concentrator

How 3005 Concentrator VPN admin password.

Here is the procedure

http://www.Cisco.com/en/us/products/HW/vpndevc/ps2284/products_password_recovery09186a008009434f.shtml

Cannot install the Client VPN Cisco due error 1722

Dear,

I went to istall the Cisco VPN Client SW. But my laptoop installation finished with error 1722. Here is the log file fagment:

MSI (s) (74:B0) [12:07:23:006]: product: Cisco Systems VPN Client 5.0.07.0440 - error 1722. There is a problem with this Windows Installer package. A program run as part of the Setup did not finish as expected. Contact your provider to support personal or package. Action CsCaExe_VAInstall, location: C:\Program Files (x 86) \Cisco Systems\VPN Client\VAInst64.exe, command: nopopup I "C:\Program Files (x 86) \Cisco Client\Setup\CVirtA64.inf" CS_VirtA

I use Windows 7 Home Premium on my laptop, the UAC turned OFF and the antivir SW is uninstalled. I searched on the net but I do not find a satisfactory solution.

Please someone knows how can I fix this?

Thank you

Milan

Hello

The question you posted would be better suited to the TechNet community. Please visit the link below to find a community that will provide the support you want.

http://social.technet.Microsoft.com/forums/en-us/category/w7itpro

Hope this information is useful.

AnyConnect vpn client gives error of certificate on ios cisco 2800 series

Dear all,

I set up a vpn on cisco router ios simple anyconnect 2811

I also configured natting on the inorder of router to access the internet for local users

My problem

I can not connect same vpn if I use the method of the anyconnect vpn client

Also please tell me how to access internal resources by configuring split tunneling

the error I get is as below

* 08:16:35.947 Feb 8: 252:error:14094416:SSL routines: SSL3_READ_BYTES:sslv3 certificate alert unknown:../../../../cisco.comp/pki_ssl/src/openssl/dist/ssl/s3_pkt
.c:1062:SSL alert number 46

Here is my configuration

ABC host name
!

start the flash system: c2800nm-advsecurityk9 - mz.124 - 24.T1.bin

!
AAA new-model
!
!
AAA authentication login default local
local connection SSL-VPN-AUTH authentication AAA
!
!
AAA - the id of the joint session
!
dot11 syslog
IP source-route
!
!
IP cef
!
!
IP-server names 4.2.2.2
!
Authenticated MultiLink bundle-name Panel
!
!
!
Crypto pki trustpoint ABC
enrollment selfsigned
crl revocation checking
rsakeypair ABC 1024
!
!
ABC crypto pki certificate chain
self-signed certificate 04
3082023 HAS 308201 3 A0030201 02020104 300 D 0609 2A 864886 F70D0101 04050030
27312530 2306092A 864886F7 0D 010902 73 732 6569 6173742D 6B 686177 16166D
616E6565 6A2D7261 31313032 30383038 32333036 5A170D32 30303130 301E170D
3030305A 31303030 30273125 30230609 2 A 864886 F70D0109 0216166D 65 73732
2D6B6861 69617374 77616E65 656A2D72 6130819F 300 D 0609 2A 864886 F70D0101
01050003 818 0030 81890281 8100C16D 1007E434 AFAEE3C1 90141205 E7785754
FA3C4589 3D6B3D47 57BC54A5 7237E7FE 9B7CA69C 999B4DAF 835B98E9 972CFD03
5A43488C 05E82E10 9B540AB9 5A54AB0C 525FED0E 05B6F2FF 6703F0BD F28AE6F2
9E98298D E184CCDC 2D54741D 589 9731 C2BA5191 59DC7DC8 1F03C116 DDCF21EB D
0BB4E931 02F61F64 D64A6F36 92F70203 010001A 3 76307430 0F060355 1 130101
FF040530 030101FF 30210603 551D 1104 1A 301882 7373 656961 2 73742D6B 166D
68617761 2 726130 1 230418 30168014 2FA1E05E 1BD981A0 1F060355 6E65656A
A3485444 0B151D9E 44A3F6F6 301D 0603 551D0E04 1604142F A1E05E1B D981A0A3
4854440B 151D9E44 A3F6F630 0D06092A 864886F7 010104 05000381 810096EF 0D
39D4EEED E3CA162B E6BC1B61 0C3C66ED 02884209 0F4B54F1 BA7BEFF4 CAA206CE
44 C 99817 134363 2 F29A9E6A 945AA1B4 E4B85ED7 1800DAA1 30BE25C3 8340AE80
714F8FBD 9A433C4B 3EE2204D 88F7AB6D 929B5C88 5E7BC2B9 25754390 1622DB7B
EEB11694 F381E995 59C825BE 52EA5923 F87C43A3 98744BE8 BB27C381 BE14
quit smoking
!
!
privilege of username XXXX XXXX 15
username password ABC ABC
Archives
The config log
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
IP address | public IP address. 255.255.255.252
NAT outside IP
IP virtual-reassembly
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 192.168.0.7 255.255.255.0
IP nat inside
IP virtual-reassembly
automatic duplex
automatic speed
!
interface FastEthernet0/2/0
no ip address
Shutdown
automatic duplex
automatic speed
!
local pool IP 10.10.10.1 intranet 10.10.10.254
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 GATEWAY
no ip address of the http server
IP http secure server
!
!
IP nat inside source map route sheep interface FastEthernet0/0 overload
!
extended IP access allow-traffic-to-lan list
deny ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
Licensing ip 192.168.0.0 0.0.0.255 any
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
!
!
!
sheep allowed 10 route map
match ip address allow-traffic-to-lan
!
!
!
WebVPN EIAST gateway
IP address | public-ip | port 443
redirect http port 80
SSL trustpoint ABC
development
!
WebVPN install svc flash:/webvpn/anyconnect-win-2.5.2018-k9.pkg sequence 1
!
WebVPN context XYZ
SSL authentication check all
!
!
political group XYZ
functions compatible svc
SVC-pool of addresses "intranet".
SVC split include 10.10.10.0 255.255.255.0
SVC-Server primary dns 213.42.20.20
Group Policy - by default-XYZ
list of authentication SSL-VPN-AUTH of AAA.
area of bridge XYZ XYZ
10 Max-users
development
!
end

Thank you

Jvalin

You could hit the next bug

CSCtb73337 AnyConnect does not work with IOS if cert not trust/name of offset
which is set at 12.4 (24) T02.

Please update the code and give it a try.

Cannot access Internet on VPN 3005 concentrator

I installed a new concentrator 3005. I am able to connect using the Cisco VPN client. Everything seems to work except the Internet. I am able to access everything in the local network, including local intranet Web pages. If I try to access Web pages on the outside, it does not. Any ideas?

OK, so it seems there is a configuration or a problem with routing somewhere. Concentrator vpn routing table look like? Is there a default route set correctly? You can use ping to ping the default gateway?

NAT is used? Is it possible the problem is that packages are not properly natted out to internet?

Client VPN fails with errors ISAKMP

Hello

location:

Cisco 878 configured to accept applications for the vpn client. Potential customer people get error 412 and they cannot connect. Don't know what's wrong, suite isakmp configuration and debugging. Authentication through a radius server.

Thanks in advance.

In the above - configuration, you have bad card crypto assigned to the interface.

Also, I suggest using VTI based program installation and not cryptographic cards.

VPN 3060 concentrator error

Similar Questions

Maybe you are looking for