1

I'm using Windows 8.1 trying to connect to an Office using Cisco VPN.

I try to connect and after a few seconds I get this:

The Secure VPN connection terminated locally by the client reason 412: the remote peer is no longer responding.

My IT department says something is blocking port 10000 traffic. I've tried turning off all my software firewalls and have validated that my router has VPN passthrough enabled.

I contacted my ISP and they claim it should work and the profiles they've provided have worked for everyone else.

here are my logs:

Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.2.9200 

205    14:09:57.154  05/28/15  Sev=Info/4   CM/0x63100002
Begin connection process

206    14:09:57.156  05/28/15  Sev=Info/4   CM/0x63100004
Establish secure connection

207    14:09:57.156  05/28/15  Sev=Info/4   CM/0x63100024
Attempt connection with server "66.162.2.6"

208    14:09:57.159  05/28/15  Sev=Info/6   CM/0x6310002F
Allocated local TCP port 57238 for TCP connection.

209    14:09:57.705  05/28/15  Sev=Info/4   IPSEC/0x63700008
IPSec driver successfully started

210    14:09:57.705  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

211    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x6370002C
Sent 4 packets, 0 were fragmented.

212    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x63700020
TCP SYN sent to 66.162.2.6, src port 57238, dst port 10000

213    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x6370001C
TCP SYN-ACK received from 66.162.2.6, src port 10000, dst port 57238

214    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x63700021
TCP ACK sent to 66.162.2.6, src port 57238, dst port 10000

215    14:09:57.705  05/28/15  Sev=Info/4   CM/0x63100029
TCP connection established on port 10000 with server "66.162.2.6"

216    14:09:58.207  05/28/15  Sev=Info/4   CM/0x63100024
Attempt connection with server "66.162.2.6"

217    14:09:58.213  05/28/15  Sev=Info/6   IKE/0x6300003B
Attempting to establish a connection with 66.162.2.6.

218    14:09:58.216  05/28/15  Sev=Info/4   IKE/0x63000001
Starting IKE Phase 1 Negotiation

219    14:09:58.226  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to 66.162.2.6

220    14:10:03.707  05/28/15  Sev=Info/4   IKE/0x63000021
Retransmitting last packet!

221    14:10:03.707  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 66.162.2.6

222    14:10:08.707  05/28/15  Sev=Info/4   IKE/0x63000021
Retransmitting last packet!

223    14:10:08.707  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 66.162.2.6

224    14:10:14.205  05/28/15  Sev=Info/4   IKE/0x63000021
Retransmitting last packet!

225    14:10:14.205  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 66.162.2.6

226    14:10:19.207  05/28/15  Sev=Info/4   IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=4CE6E0F6AFDD6219 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

227    14:10:20.206  05/28/15  Sev=Info/4   IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=4CE6E0F6AFDD6219 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

228    14:10:20.206  05/28/15  Sev=Info/4   CM/0x63100014
Unable to establish Phase 1 SA with server "66.162.2.6" because of "DEL_REASON_PEER_NOT_RESPONDING"

229    14:10:20.206  05/28/15  Sev=Info/5   CM/0x63100025
Initializing CVPNDrv

230    14:10:20.217  05/28/15  Sev=Info/4   CM/0x6310002D
Resetting TCP connection on port 10000

231    14:10:20.218  05/28/15  Sev=Info/6   CM/0x63100030
Removed local TCP port 57238 for TCP connection.

232    14:10:20.225  05/28/15  Sev=Info/6   CM/0x63100046
Set tunnel established flag in registry to 0.

233    14:10:20.226  05/28/15  Sev=Info/4   IKE/0x63000001
IKE received signal to terminate VPN connection

234    14:10:20.241  05/28/15  Sev=Info/6   IPSEC/0x63700023
TCP RST sent to 66.162.2.6, src port 57238, dst port 10000

235    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

236    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

237    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

238    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x6370000A
IPSec driver successfully stopped

Does anyone know of why this might be happening and any other steps to troubleshoot?

Snowburnt
  • 775
  • 2
  • 5
  • 18
  • What version of the Cisco VPN Client are you using? Some older versions have a finicky requirement to have their virtual adapter at the top of the NIC priority list, which can cause this problem. – CIA May 28 '15 at 20:23
  • The logfile shows connections on port 10000 going through (`TCP SYN sent, dst port 10000. TCP SYN-ACK received, src port 10000. TCP connection established on port 10000 with server`). The IT department should look at their side to see why their side is not responding to IPSEC phase 1 requests. (`Unable to establish Phase 1 SA with server because of "DEL_REASON_PEER_NOT_RESPONDING"`). – TessellatingHeckler May 28 '15 at 20:23
  • @CIA it's Cisco Systems VPN Client Version 5.0.07.0440 – Snowburnt May 29 '15 at 02:03

1 Answers1

2

Caused by several different reasons:

  1. The client is behind (or using) a firewall that is blocking ports TCP 4500/10000 or UDP 4500/10000 or 500 and/or ESP.

  2. Your Internet connection is not stable and dropping packets.

  3. The VPN client is behind a NAT device and the VPN Server doesn’t have NAT-T enabled.

Possible solutions:

  1. If you are using wireless, try to connect wired, and ensure you have a stable network to your 851.

  2. Turn your firewall off on your client, then test the connection to see whether the problem still occurs. If it doesn’t then you can turn your firewall back on, add exception rules for port 500, port 4500 and the ESP protocol in your firewall

  3. Turn on NAT-T/TCP in your profile ( remember to unblock port 10000 in your firewall)

  4. Edit your profile with your editor and change ForceKeepAlive=0 to 1

--Dont forgot to restart the service--

-go to services by issuing command services.msc in command prompt

-Stop the Cisco Systems,Inc.VPN service

-Stop the Internet Connection Sharing (ICS) service

-Right click on ICS service and choose Properties. Then change Startup type to Disabled or Manual.

-Start Cisco Systems,Inc.VPN service

El Chapo Gluzman
  • 396
  • 2
  • 16
  • Also try http://www.vmwareandme.com/2013/12/solved-windows-8-and-windows-81-cisco.html#.VWd2n89Viko – El Chapo Gluzman May 28 '15 at 20:12
  • You gave me a clue that fixed it...the Internet Connection Sharing...I was running HyperV on this box. To get the networking to work with the virtual switch you have to bridge the virtual switches network adapter with the one that will be using the connection. I broke the bridge and viola! everything worked. – Snowburnt May 29 '15 at 02:09
  • One detail I didn't think to mention was that I was hosting a hyperV set up for development purposes on my laptop. In order for the virtual switch to work properly you have to create a network bridge between it and the network connection you want to use for it to get to the internet. This created an issue earlier when I was trying to access Azure via powershell from my PC also. I removed the bridge and the connection worked fine. – Snowburnt May 30 '15 at 21:06