Cisco VPN client not connecting

[seedubya]

OK. New client. 2 Sites. Main site 8 users on SBS 2003. 2nd site 3 users connecting via VPN. Don't now if it's site to site or client to site. 4 roadwarriors using the Cisco VPN client.

Today one of the RWs got "Error 5: No hostname exists for this connection entry. Unable to make vpn connection." Documentation mostly points to a corrupt .pcf file (which stores the VPN client connection settings). General advice is replace the file with a known good copy and away you go!

Not so much. Now I have "Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"

I have tried many different solutions to this - none of which have worked. Interestingly, I have installed the VPN client software on one of my own pcs and no joy connecting from there either.

Can any of you point me in the right direction?

 

[teksquad]

What device is the vpn terminating on? What type of vpn is it. Ipsec, PPTP. Is it a L2L tunnel or a Remote Access vpn or both? Are these clients behind a nat device? If so make sure NAT-T is checked on the vpn client profile. Does the terminating device have a static ip address? Can also try editing the vpn profile and change ForceKeepAlive =1. Have the remote users disable their windows firewall temporarily.

 

[seedubya]

The device is terminating at a Cisco 830 router I think. Unfortunately I have very little information. It's an IPSEC connection. L2L or Tunnel I don't know and don't know how to find out. Yes they're behind a NAT device - Zyxel dsl modem/router (domestic model) I assume the terminating router has a static IP as the pcf file has an IP address rather than a host name.

 

[YeOldeStonecat]

The device is terminating at a Cisco 830 router I think. Unfortunately I have very little information. .

Without knowing "for sure"..and without having access to the router/VPN end point itself so you can check settings and look at logs....to be blunt..you're spinning your wheels and wasting your time. Can you get access to it?

 

[teksquad]

If you can get access to the 830.


debug crypto isakmp


debug crypto ipsec


Log to syslog if possible as the output will be rather verbose.

Also double check its a static ip address.


The cisco vpn client also has a logging feature. May want to look at that as well.

 

[seedubya]

Just wanted to let you guys know that this is now resolved. Turns out the .pcf file I was using to replace the corrupted one was one that was no longer valid i.e. the IP address of the VPN termination device had changed.

This is what happens when you don't have enough information!

Thanks for the help guys.

 

[YeOldeStonecat]

Ahh that'll do it. Just yesterday had a client call..the admin there that sets up/deploys the laptops to their mobile staff had setup the Sonicewall Global VPN client with an old config to their old DSL address. So I had to edit it to enter the address of the new cable address.

Yup...VPN client looking for a dead peer address will fail!