Dr.VPNlabs		Discussion		Newsletter

Search VPN Topics  All Categories  Primers  VPN, Firewall, Security ...  Guides  HowTo, Choosing a VPN ...  Reference  Articles, FAQs, Whitepapers ...  Standards  Architectures, Protocols ...  Downloads  VPN, Firewall, Security ...  Products & Services  Hardware, Software, Services  Organizations  Business  Market Research, Law ...  Forums  News  Archive, Events, Newsletters ...   VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News.

VPN Forum Technical Topic: VPN CLIENT BLOCKING CONNECTIONS [New Topic]  [New Reply]  Author  Message Jamesy281 Member since: 2008-11-24 07:55:30   posted: 2008-11-24 08:05:38 VPN Client Blocking Connections ---------- Hi There, I have a VPN setup on a PIX 501 and i am connecting via the Cisco VPN client v5. the connection is authenticated and established fine however when i try to connect to a share on a server that i have opened to NAT traversal the stateful firewall on the Client shows as having blocked the traffic. I have pasred the contents of the log from the last time i tried connecting. Any suggestions welcome. Cisco Systems VPN Client Version 5.0.04.0300 Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Windows, WinNT Running on: 5.1.2600 Service Pack 2 25 17:16:15.484 11/21/08 Sev=Info/4 CM/0x63100002< br>Begin connection process 26 17:16:15.500 11/21/08 Sev=Info/4 CM/0x63100004< br>Establish secure connection 27 17:16:15.500 11/21/08 Sev=Info/4 CM/0x63100024< br>Attempt connection with server "xxx.xxx.xxx.xxx" 28 17:16:15.500 11/21/08 Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with xxx.xxx.xxx.xxx. 2 9 17:16:15.500 11/21/08 Sev=Info/4 IKE/0x63000001 Starting IKE Phase 1 Negotiation 30 17:16:15.500 11/21/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to xxx.xxx.xxx.xxx 31 17:16:15.703 11/21/08 Sev=Info/4 IPSEC/0x637000 08 IPSec driver successfully started 32 17:16:15.703 11/21/08 Sev=Info/4 IPSEC/0x637000 14 Deleted all keys 33 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = xxx.xxx.xxx.xxx 34 17:16:17.093 11/21/08 Sev=Info/4 IKE/0x63000014 RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity), VID(?), KE, ID, NON, VID(?), VID(Nat-T), NAT-D, NAT-D, HASH) from xxx.xxx.xxx.xxx 35 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x63000001 Peer supports XAUTH 36 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x63000001 Peer supports DPD 37 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x63000001 Peer is a Cisco-Unity compliant peer 38 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x6300008 2 Received IOS Vendor ID with unknown capabilities flag 0x000000A5 39 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x63000001 Peer supports NAT-T 40 17:16:17.093 11/21/08 Sev=Info/6 IKE/0x63000001 IOS Vendor ID Contruction successful 41 17:16:17.093 11/21/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CON TACT, NAT-D, NAT-D, VID(?), VID(Unity)) to xxx.xxx.xxx.xxx 42 17:16:17.093 11/21/08 Sev=Info/4 IKE/0x63000083 IKE Port in use - Local Port = 0x041A, Remote Port = 0x01F4 43 17:16:17.093 11/21/08 Sev=Info/5 IKE/0x63000072 Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device 44 17:16:17.093 11/21/08 Sev=Info/4 CM/0x6310000E< br>Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system 45 17:16:17.093 11/21/08 Sev=Info/4 CM/0x6310000E< br>Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system 46 17:16:17.109 11/21/08 Sev=Info/5 IKE/0x6300005E Client sending a firewall request to concentrator 47 17:16:17.109 11/21/08 Sev=Info/5 IKE/0x6300005D Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy). 48 17:16:17.109 11/21/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx 49 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = xxx.xxx.xxx.xxx 50 17:16:17.500 11/21/08 Sev=Info/4 IKE/0x63000014 RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETI ME) from xxx.xxx.xxx.xxx 51 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x63000045 RESPONDER-LIFETIME notify has value of 86400 seconds 52 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x63000047 This SA has already been alive for 2 seconds, setting expiry to 86398 seconds from now 53 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = xxx.xxx.xxx.xxx 54 17:16:17.500 11/21/08 Sev=Info/4 IKE/0x63000014 RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_INITIAL_CON TACT) from xxx.xxx.xxx.xxx 55 17:16:17.500 11/21/08 Sev=Warning/2 IKE/0xA3000 067 Received Unexpected InitialContact Notify (PLMgrNotify:886) 56 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = xxx.xxx.xxx.xxx 57 17:16:17.500 11/21/08 Sev=Info/4 IKE/0x63000014 RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xxx.xxx.xxx.xxx 58 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x63000010 MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.1.xx 59 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x63000010 MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = xxx.xxx.x.x 60 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300000E MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = CRC 61 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300000D MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLU DE (# of split_nets), value = 0x00000001 62 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300000F SPLIT_NET #1 subnet = xxx.xxx.xxx.x mask = 255.255.255.255 proto col = 0 src port = 0 dest port=0 63 17:16:17.500 11/21/08 Sev=Info/5 IKE/0x6300000D MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000 64 17:16:17.500 11/21/08 Sev=Info/4 CM/0x63100019< br>Mode Config data received 65 17:16:18.515 11/21/08 Sev=Info/4 IKE/0x63000056 Received a key request from Driver: Local IP = 192.168.1.xx, GW IP = xxx.xxx.xxx.xxx, Remote IP = 0.0.0.0 66 17:16:18.515 11/21/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to xxx.xxx.xxx.xxx 67 17:16:18.515 11/21/08 Sev=Info/4 IPSEC/0x637000 14 Deleted all keys 68 17:16:18.796 11/21/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = xxx.xxx.xxx.xxx 69 17:16:18.796 11/21/08 Sev=Info/4 IKE/0x63000014 RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETI ME) from xxx.xxx.xxx.xxx 70 17:16:18.796 11/21/08 Sev=Info/5 IKE/0x63000045 RESPONDER-LIFETIME notify has value of 28800 seconds 71 17:16:18.796 11/21/08 Sev=Info/5 IKE/0x63000046 RESPONDER-LIFETIME notify has value of 4608000 kb 72 17:16:18.796 11/21/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK QM *(HASH) to xxx.xxx.xxx.xxx 73 17:16:18.796 11/21/08 Sev=Info/5 IKE/0x63000059 Loading IPsec SA (MsgID=EE74445E OUTBOUND SPI = 0x7722B420 INBOUND SPI = 0x6C0328D7) 74 17:16:18.796 11/21/08 Sev=Info/5 IKE/0x63000025 Loaded OUTBOUND ESP SPI: 0x7722B420 75 17:16:18.796 11/21/08 Sev=Info/5 IKE/0x63000026 Loaded INBOUND ESP SPI: 0x6C0328D7 76 17:16:18.875 11/21/08 Sev=Info/5 CVPND/0x634000 13 Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx xxx.xxx.xxx.xxx 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 xxx.xxx.xxx.xx 255.255.255.248 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 xxx.xxx.xxx.xxx 255.255.255.255 127.0.0.1 127.0.0.1 20 xxx.xxx.xxx.xxx 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 224.0.0.0 240.0.0.0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 255.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 1 255.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1 77 17:16:20.687 11/21/08 Sev=Info/4 FIREWALL/0x63A 00002 BLOCK: IGMP 192.168.1.xx to 224.0.0.22 78 17:16:20.718 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: UDP 192.168.1.xx:1055 to 239.255.255.250:1900 < br>79 17:16:20.734 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: UDP 192.168.1.xx:137 to 192.168.1.255:137 80 17:16:20.750 11/21/08 Sev=Info/4 CM/0x63100034< br>The Virtual Adapter was enabled: IP=192.168.1.xx/255. 255.255.0 DNS=192.168 .1.x,0.0.0.0 WINS=0.0 .0.0,0.0.0.0 Domain=x xx Split DNS Names= 81 17:16:20.750 11/21/08 Sev=Info/5 CVPND/0x634000 13 Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx xxx.xxx.xxx.xxx 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.xx 192.168.1.xx 20 192.168.1.xx 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.xx 192.168.1.xx 20 xxx.xxx.xxx.xx 255.255.255.248 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 xxx.xxx.xxx.xxx 255.255.255.255 127.0.0.1 127.0.0.1 20 xxx.xxx.xxx.xxx 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 224.0.0.0 240.0.0.0 192.168.1.xx 192.168.1.xx 20 224.0.0.0 240.0.0.0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 255.255.255.255 255.255.255.255 192.168.1.xx 192.168.1.xx 1 255.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 1 255.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1 82 17:16:20.781 11/21/08 Sev=Info/4 CM/0x63100038< br>Successfully saved route changes to file. 83 17:16:20.781 11/21/08 Sev=Info/5 CVPND/0x634000 13 Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx xxx.xxx.xxx.xxx 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.xx 192.168.1.xx 20 xxx.xxx.xxx.x 255.255.255.255 192.168.1.xx 192.168.1.xx 1 192.168.1.xx 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.xx 192.168.1.xx 20 xxx.xxx.xxx.xxx 255.255.255.255 xxx.xxx.xxx.xx xxx.xxx.xxx.xxx 1 xxx.xxx.xxx.xx 255.255.255.248 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 xxx.xxx.xxx.xxx 255.255.255.255 127.0.0.1 127.0.0.1 20 xxx.xxx.xxx.xx 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1 xxx.xxx.xxx.xxx 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 224.0.0.0 240.0.0.0 192.168.1.xx 192.168.1.xx 20 224.0.0.0 240.0.0.0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 20 255.255.255.255 255.255.255.255 192.168.1.xx 192.168.1.xx 1 255.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 1 255.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1 84 17:16:20.781 11/21/08 Sev=Info/6 CM/0x63100036< br>The routing table was updated for the Virtual Adapter 85 17:16:20.812 11/21/08 Sev=Info/4 CM/0x6310001A< br>One secure connection established 86 17:16:20.812 11/21/08 Sev=Info/4 CM/0x6310003B< br>Address watch added for xxx.xxx.xxx.xxx. Current hostname: hostname, Current address(es): 192.168.1.xx, xxx.xxx.xxx.xxx. 8 7 17:16:20.812 11/21/08 Sev=Info/4 CM/0x6310003B< br>Address watch added for 192.168.1.xx. Current hostname: hostname, Current address(es): 192.168.1.xx, xxx.xxx.xxx.xxx. 8 8 17:16:20.812 11/21/08 Sev=Info/4 IPSEC/0x637000 10 Created a new key structure 89 17:16:20.812 11/21/08 Sev=Info/4 IPSEC/0x637000 0F Added key with SPI=0x20b42277 into key list 90 17:16:20.812 11/21/08 Sev=Info/4 IPSEC/0x637000 10 Created a new key structure 91 17:16:20.812 11/21/08 Sev=Info/4 IPSEC/0x637000 0F Added key with SPI=0xd728036c into key list 92 17:16:20.812 11/21/08 Sev=Info/4 IPSEC/0x637000 2F Assigned VA private interface addr 192.168.1.xx 93 17:16:20.812 11/21/08 Sev=Info/4 IPSEC/0x637000 37 Configure public interface: xxx.xxx.xxx.xxx. SG: xxx.xxx.xxx.xxx 94 17:16:20.812 11/21/08 Sev=Info/6 CM/0x63100046< br>Set tunnel established flag in registry to 1. 95 17:16:22.640 11/21/08 Sev=Info/4 FIREWALL/0x63A 00002 BLOCK: ICMP 192.168.1.xx to 192.168.1.99 96 17:16:23.640 11/21/08 Sev=Info/4 FIREWALL/0x63A 00002 BLOCK: ICMP 192.168.1.xx to xxx.xxx.xxx.x0 97 17:16:26.640 11/21/08 Sev=Info/6 FIREWALL/0x63 A00005 FORWARD: ICMP 192.168.1.xx to xxx.xxx.xxx.x 98 17:16:26.640 11/21/08 Sev=Info/6 FIREWALL/0x63A 00005 FORWARD: ESP xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx 99 17:16:27.640 11/21/08 Sev=Info/6 FIREWALL/0x63A 00005 FORWARD: ESP xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx 10 0 17:16:28.640 11/21/08 Sev=Info/6 FIREWALL/0x63A 00005 FORWARD: ESP xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx 10 1 17:16:32.203 11/21/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to xxx.xxx.xxx.xxx 10 2 17:16:32.203 11/21/08 Sev=Info/6 IKE/0x6300003D Sending DPD request to xxx.xxx.xxx.xxx, our seq# = 2365716101 103 17:16:32.421 11/21/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = xxx.xxx.xxx.xxx 10 4 17:16:32.421 11/21/08 Sev=Info/4 IKE/0x63000014 RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from xxx.xxx.xxx.xxx 10 5 17:16:32.421 11/21/08 Sev=Info/5 IKE/0x63000040 Received DPD ACK from xxx.xxx.xxx.xxx, seq# received = 2365716101, seq# expected = 2365716101 106 17:16:49.109 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1057 to xxx.xxx.xxx.x0:445 107 17:16:49.109 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1058 to xxx.xxx.xxx.x0:139 108 17:17:10.140 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1060 to xxx.xxx.xxx.x0:80 109 17:17:31.046 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1061 to xxx.xxx.xxx.x0:445 110 17:17:31.046 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1062 to xxx.xxx.xxx.x0:139 111 17:17:52.062 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1064 to xxx.xxx.xxx.x0:80 112 17:17:53.796 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: UDP 192.168.1.xx:138 to 192.168.1.255:138 113 17:18:13.046 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1065 to xxx.xxx.xxx.x0:445 114 17:18:13.046 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1066 to xxx.xxx.xxx.x0:139 115 17:18:34.046 11/21/08 Sev=Info/4 FIREWALL/0x63A 00003 BLOCK: TCP 192.168.1.xx:1068 to xxx.xxx.xxx.x0:80 Cheers, James.

Link to VPNlabs  |  Suggest a Link  |  Contact Us  |  About Us

© 2001 - 2011 VPNlabs.org Disclaimer