Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Screwed up VPN Client Connection

Screwed up VPN Client Connection 7 years 9 months ago #29328

  • timparker
  • timparker's Avatar
  • Offline
  • Distinguished Member
  • Posts: 96
  • Karma: 0
I was working from home this morning trying to get one of our Cisco 871's to set up a site-to-site to our main office.

I was cleaning up stuff that wasn't needed from a previous attempt and I must have deleted too much and something that was needed. Whats the easiest way to fix this...Looks like I deleted the crypto map for my connection....

TIA.

Tim


[code:1]
5 Feb 19 2009 10:33:32 713904 IP = 204.210.167.198, Received encrypted packet with no matching SA, dropping
4 Feb 19 2009 10:33:32 113019 Group = mops-vpn, Username = timparker, IP = MOPS_Thru_Dlink, Session disconnected. Session Type: IPSec, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
3 Feb 19 2009 10:33:32 713902 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Removing peer from correlator table failed, no match!
3 Feb 19 2009 10:33:32 713902 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, QM FSM error (P2 struct &0x42181d8, mess id 0x51a6f5b0)!
3 Feb 19 2009 10:33:32 713061 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.5.95/255.255.255.255/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
3 Feb 19 2009 10:33:32 713119 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, PHASE 1 COMPLETED
6 Feb 19 2009 10:33:32 713228 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Assigned private IP address 192.168.5.95 to remote user
6 Feb 19 2009 10:33:32 713184 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Client Type: WinNT Client Application Version: 5.0.02.0090
5 Feb 19 2009 10:33:32 713130 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Received unsupported transaction mode attribute: 5
6 Feb 19 2009 10:33:32 113008 AAA transaction status ACCEPT : user = timparker
6 Feb 19 2009 10:33:32 113009 AAA retrieved default group policy (mops-vpn) for user = timparker
6 Feb 19 2009 10:33:32 113011 AAA retrieved user specific group policy (mops-vpn) for user = timparker
6 Feb 19 2009 10:33:32 113003 AAA group policy for user timparker is being set to mops-vpn
6 Feb 19 2009 10:33:32 113012 AAA user authentication Successful : local database : user = timparker

[/code:1]
The administrator has disabled public write access.

Re: Screwed up VPN Client Connection 7 years 9 months ago #29329

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Restore the config from a backup that you created before removing parts of the configuration...?
The administrator has disabled public write access.

Re: Screwed up VPN Client Connection 7 years 9 months ago #29330

  • timparker
  • timparker's Avatar
  • Offline
  • Distinguished Member
  • Posts: 96
  • Karma: 0
Ah. hmmm yeah.....well, let's see.....

Ok. you got me. I didn't make a backup.....I was on a roll (so I thought and I didn't think before making changes....).....

Lesson learned
The administrator has disabled public write access.

Re: Screwed up VPN Client Connection 7 years 9 months ago #29331

  • timparker
  • timparker's Avatar
  • Offline
  • Distinguished Member
  • Posts: 96
  • Karma: 0
well I found a printout of a config from 2/13 and the only entries that I see that aren't in the current one that look to be vpn/crypto related are:

[code:1]
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
[/code:1]

so I added these back in but it doesn't appear to have helped at all. Guess this is what I get for not making a backup before doing a change.

Any one have thoughts? I also tried the account that I set up for my boss and it did the same thing.
The administrator has disabled public write access.

Re: Screwed up VPN Client Connection 7 years 9 months ago #29332

  • timparker
  • timparker's Avatar
  • Offline
  • Distinguished Member
  • Posts: 96
  • Karma: 0
Well I deleted the vpn tunnel group and rebuilt it. It is now working again. Time to get a good config and figure out what I was missing....sorry for the forum noise.
The administrator has disabled public write access.

Re: Screwed up VPN Client Connection 7 years 9 months ago #29335

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
No worries. I try to make a backup before any changes, but sadly I skip it from time to time. For some reason I feel it takes more than 5 seconds to make a backup and I am that lazy!

After you put the configuration back in you could try to clear the crypto. The command is something like clear crypto isa sa for phase 1 and clear crypto map sa for phase 2... I think.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup