[vpn-help] Help Connecting do Cisco ASA Device

Matthew Grooms mgrooms at shrew.net
Wed Jun 12 23:16:08 CDT 2013


On 6/12/2013 10:41 AM, Breno Jacinto wrote:
> Hello fellows,
>
>      I've been trying to connect to a VPN using Shrew VPN Client on
> Windows. They were behind NAT (Linksys WAG120N) in the beginning, so
> after trying to get through I decided to put the device into bridge mode
> and now the Windows 7 machine is getting a public IP and at least by now
> I can abstract away any NAT related problems. I attached my full log so
> that I would not bloat this email message so much. The connection seems
> to get into a loop:
>

At this point the client has successfully negotiated an ISAKMP SA and is 
attempting to send a config pull request. The ASA is refusing to respond 
to this packet ...

13/06/12 12:24:06 ii : building config attribute list
13/06/12 12:24:06 ii : - IP4 Address
13/06/12 12:24:06 ii : - Address Expiry
13/06/12 12:24:06 ii : - IP4 Netmask
13/06/12 12:24:06 ii : - IP4 DNS Server
13/06/12 12:24:06 ii : - DNS Suffix
13/06/12 12:24:06 ii : - IP4 Split Network Include
13/06/12 12:24:06 ii : - IP4 Split Network Exclude
13/06/12 12:24:06 ii : - Login Banner
13/06/12 12:24:06 ii : - Application Version = Cisco Systems VPN Client 
4.8.01.0300:WinNT
13/06/12 12:24:06 ii : - Firewall Type = CISCO-UNKNOWN
13/06/12 12:24:06 == : new config iv ( 16 bytes )
13/06/12 12:24:06 ii : sending config pull request
...
13/06/12 12:24:11 -> : resend 1 config packet(s) [0/2] 
177.135.217.188:500 -> 200.169.XXX.XX:500
13/06/12 12:24:16 -> : resend 1 config packet(s) [1/2] 
177.135.217.188:500 -> 200.169.XXX.XX:500
...
13/06/12 12:24:21 -> : resend 1 config packet(s) [2/2] 
177.135.217.188:500 -> 200.169.XXX.XX:500
...
13/06/12 12:24:26 ii : resend limit exceeded for config exchange

I can only guess as to why the ASA is rejecting the packet. The only 
good source of information would be to check the debug output of the 
ASA. Do you have administrative access to that device?

Thanks,

-Matthew



More information about the vpn-help mailing list