<div>Hey you all!</div>
<div> </div>
<div>I'm new in VPN world, but I'm having problems to connect a PC(behind a NAT), to my VPN server(valid IP adress) using Cisco VPN Client. I've already forwarded the following ports to my PC:</div>
<div> </div>
<div>500 UDP</div>
<div>4500 UDP (The server negotiate this port with me)</div>
<div>5000 and 5001 TCP/UDP</div>
<div> </div>
<div>What else must I do? The VPN works normally for directed connected PCs.</div>
<div> </div>
<div>I'll post the VPN client log here so you can see the problem, sorry for ANOTHER cisco VPN problem behind NAT:</div>
<div> </div>
<div>------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div> </div><font size="2"><font size="1"><font size="1">
<p>Cisco Systems VPN Client Version 4.7.00.0533</p>
<p>Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.</p>
<p>Client Type(s): Windows, WinNT</p>
<p>Running on: 5.1.2600 Service Pack 2</p>
<p>Config file directory: C:\Arquivos de programas\Cisco Systems\VPN Client\</p>
<p>1 21:27:26.703 07/03/06 Sev=Info/4 CM/0x63100002</p>
<p>Begin connection process</p>
<p>2 21:27:26.718 07/03/06 Sev=Info/4 CM/0x63100004</p>
<p>Establish secure connection using Ethernet</p>
<p>3 21:27:26.718 07/03/06 Sev=Info/4 CM/0x63100024</p>
<p>Attempt connection with server "<b>X.X.X.X</b>"</p>
<p>4 21:27:26.718 07/03/06 Sev=Info/6 IKE/0x6300003B</p>
<p>Attempting to establish a connection with<b> X.X.X.X</b>.</p>
<p>5 21:27:26.734 07/03/06 Sev=Info/4 IKE/0x63000013</p>
<p>SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to <b>X.X.X.X</b></p>
<p></p>
<p>6 21:27:26.921 07/03/06 Sev=Info/5 IKE/0x6300002F</p>
<p>Received ISAKMP packet: peer = <b>X.X.X.X</b></p>
<p></p>
<p>7 21:27:26.921 07/03/06 Sev=Info/4 IKE/0x63000014</p>
<p>RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from <b>X.X.X.X</b></p>
<p></p>
<p>8 21:27:26.921 07/03/06 Sev=Info/5 IKE/0x63000001</p>
<p>Peer is a Cisco-Unity compliant peer</p>
<p>9 21:27:26.921 07/03/06 Sev=Info/5 IKE/0x63000001</p>
<p>Peer supports DPD</p>
<p>10 21:27:26.921 07/03/06 Sev=Info/5 IKE/0x63000001</p>
<p>Peer supports DWR Code and DWR Text</p>
<p>11 21:27:26.921 07/03/06 Sev=Info/5 IKE/0x63000001</p>
<p>Peer supports XAUTH</p>
<p>12 21:27:26.921 07/03/06 Sev=Info/5 IKE/0x63000001</p>
<p>Peer supports NAT-T</p>
<p>13 21:27:26.937 07/03/06 Sev=Info/6 IKE/0x63000001</p>
<p>IOS Vendor ID Contruction successful</p>
<p>14 21:27:26.937 07/03/06 Sev=Info/4 IKE/0x63000013</p>
<p>SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to <b>X.X.X.X</b></p>
<p></p>
<p>15 21:27:26.937 07/03/06 Sev=Info/6 IKE/0x63000055</p>
<p>Sent a keepalive on the IPSec SA</p>
<p>16 21:27:26.937 07/03/06 Sev=Info/4 IKE/0x63000083</p>
<p>IKE Port in use - Local Port = 0x1194, Remote Port = 0x1194</p>
<p>17 21:27:26.937 07/03/06 Sev=Info/5 IKE/0x63000072</p>
<p>Automatic NAT Detection Status:</p>
<p>Remote end is NOT behind a NAT device</p>
<p>This end IS behind a NAT device</p>
<p>18 21:27:26.937 07/03/06 Sev=Info/4 CM/0x6310000E</p>
<p>Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system</p>
<p>19 21:27:26.937 07/03/06 Sev=Info/4 CM/0x6310000E</p>
<p>Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system</p>
<p>20 21:27:26.968 07/03/06 Sev=Info/5 IKE/0x6300005E</p>
<p>Client sending a firewall request to concentrator</p>
<p>21 21:27:26.968 07/03/06 Sev=Info/5 IKE/0x6300005D</p>
<p>Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).</p>
<p>22 21:27:26.968 07/03/06 Sev=Info/4 IKE/0x63000013</p>
<p>SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to <b>X.X.X.X</b></p>
<p></p>
<p>23 21:27:26.968 07/03/06 Sev=Info/4 IPSEC/0x63700008</p>
<p>IPSec driver successfully started</p>
<p>24 21:27:26.968 07/03/06 Sev=Info/4 IPSEC/0x63700014</p>
<p>Deleted all keys</p>
<p>25 21:27:27.046 07/03/06 Sev=Info/5 IKE/0x6300002F</p>
<p>Received ISAKMP packet: peer = <b>X.X.X.X</b></p>
<p></p>
<p>26 21:27:27.046 07/03/06 Sev=Info/4 IKE/0x63000014</p>
<p>RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from <b>X.X.X.X</b></p>
<p></p>
<p>27 21:27:27.046 07/03/06 Sev=Info/5 IKE/0x63000045</p>
<p>RESPONDER-LIFETIME notify has value of 86400 seconds</p>
<p>28 21:27:27.046 07/03/06 Sev=Info/5 IKE/0x63000047</p>
<p>This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now</p>
<p>29 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300002F</p>
<p>Received ISAKMP packet: peer = <b>X.X.X.X</b></p>
<p></p>
<p>30 21:27:27.109 07/03/06 Sev=Info/4 IKE/0x63000014</p>
<p>RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from <b>X.X.X.X</b></p>
<p></p>
<p>31 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x63000010</p>
<p>MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = <b>X.X.X.X</b></p>
<p></p>
<p>32 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x63000010</p>
<p>MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = <a href="http://255.255.255.0">255.255.255.0</a></p>
<p>33 21:27:27.109 07/03/06 Sev=Info/5 IKE/0xA3000017</p>
<p>MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-256) is not supported</p>
<p>34 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000D</p>
<p>MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000</p>
<p>35 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000D</p>
<p>MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000007</p>
<p>36 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #1</p>
<p>subnet = <b>X.X.X.X</b> </p>
<p>mask = <a href="http://255.255.255.0">255.255.255.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>37 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #2</p>
<p>subnet = <b>X.X.X.X</b></p>
<p></p>
<p>mask = <a href="http://255.255.0.0">255.255.0.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>38 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #3</p>
<p>subnet = <b>X.X.X.X</b></p>
<p></p>
<p>mask = <a href="http://255.255.0.0">255.255.0.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>39 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #4</p>
<p>subnet = <b>X.X.X.X</b> </p>
<p>mask = <a href="http://255.255.0.0">255.255.0.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>40 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #5</p>
<p>subnet = <b>X.X.X.X</b></p>
<p></p>
<p>mask = <a href="http://255.255.0.0">255.255.0.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>41 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #6</p>
<p>subnet = <b>X.X.X.X</b> </p>
<p>mask = <a href="http://255.255.0.0">255.255.0.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>42 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000F</p>
<p>SPLIT_NET #7</p>
<p>subnet = <b>X.X.X.X</b> </p>
<p>mask = <a href="http://255.255.0.0">255.255.0.0</a></p>
<p>protocol = 0</p>
<p>src port = 0</p>
<p>dest port=0</p>
<p>43 21:27:27.109 07/03/06 Sev=Info/5 IKE/0xA3000015</p>
<p>MODE_CFG_REPLY: Received MODECFG_UNITY_SPLITDNS_NAME attribute with no data</p>
<p>44 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000E</p>
<p>MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(7a), RELEASE SOFTWARE (fc3)</p>
<p>Technical Support: <a href="http://www.cisco.com/techsupport">http://www.cisco.com/techsupport</a></p>
<p>Copyright (c) 1986-2006 by Cisco Systems, Inc.</p>
<p>Compiled Tue 25-Apr-06 02:54 by ssearch</p>
<p>45 21:27:27.109 07/03/06 Sev=Info/5 IKE/0x6300000D</p>
<p>MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194</p>
<p>46 21:27:27.109 07/03/06 Sev=Info/4 CM/0x63100019</p>
<p>Mode Config data received</p>
<p>47 21:27:27.109 07/03/06 Sev=Info/4 IKE/0x63000056</p>
<p><font size="2">Received a key request from Driver: Local IP = <b>Y.Y.Y.Y</b>, GW IP = <b>X.X.X.X</b>, Remote IP = </font><b><u><font size="2"><a href="http://0.0.0.0">0.0.0.0</a></font></u></b></p>
<p></p>
<p>48 21:27:27.109 07/03/06 Sev=Info/4 IKE/0x63000013</p>
<p>SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to <b>X.X.X.X</b></p>
<p></p>
<p>49 21:27:27.312 07/03/06 Sev=Info/5 IKE/0x6300002F</p>
<p>Received ISAKMP packet: peer = <b>X.X.X.X</b></p>
<p></p>
<p>50 21:27:27.312 07/03/06 Sev=Info/4 IKE/0x63000014</p>
<p>RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from <b>X.X.X.X</b></p>
<p></p>
<p>51 21:27:27.312 07/03/06 Sev=Info/4 IKE/0x63000013</p>
<p>SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to <b>X.X.X.X</b></p>
<p></p>
<p>52 21:27:27.312 07/03/06 Sev=Info/4 IKE/0x63000049</p>
<p>Discarding IPsec SA negotiation, MsgID=9C889DF0</p>
<p>53 21:27:27.312 07/03/06 Sev=Info/4 IKE/0x63000017</p>
<p>Marking IKE SA for deletion (I_Cookie=4A3797BB0E9DACC7 R_Cookie=67C4C5E4CD6CD6AD) reason = DEL_REASON_IKE_NEG_FAILED</p>
<p>54 21:27:27.484 07/03/06 Sev=Info/4 IPSEC/0x63700014</p>
<p>Deleted all keys</p>
<p>55 21:27:30.453 07/03/06 Sev=Info/4 IKE/0x6300004B</p>
<p>Discarding IKE SA negotiation (I_Cookie=4A3797BB0E9DACC7 R_Cookie=67C4C5E4CD6CD6AD) reason = DEL_REASON_IKE_NEG_FAILED</p>
<p>56 21:27:30.453 07/03/06 Sev=Info/4 CM/0x63100012</p>
<p>Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system</p>
<p>57 21:27:30.453 07/03/06 Sev=Info/5 CM/0x63100025</p>
<p>Initializing CVPNDrv</p>
<p>58 21:27:30.453 07/03/06 Sev=Info/4 IKE/0x63000001</p>
<p>IKE received signal to terminate VPN connection</p>
<p>59 21:27:30.468 07/03/06 Sev=Info/4 IPSEC/0x63700014</p>
<p>Deleted all keys</p>
<p>60 21:27:30.468 07/03/06 Sev=Info/4 IPSEC/0x63700014</p>
<p>Deleted all keys</p>
<p>61 21:27:30.468 07/03/06 Sev=Info/4 IPSEC/0x63700014</p>
<p>Deleted all keys</p>
<p>62 21:27:30.468 07/03/06 Sev=Info/4 IPSEC/0x6370000A</p>
<p>IPSec driver successfully stopped</p>
<p></p></font></font></font>
<div> </div>
<div>--------------------------------------------------------------------------------------------------------------------------------------</div>
<div>Resumed log:</div>
<div> </div>
<div>2 21:20:47.953 07/03/06 Sev=Warning/3 IKE/0xA3000029<br>No keys are available to decrypt the received ISAKMP payload</div>
<div> </div>
<div> </div>
<div> </div>
<div>Thank you all! :)</div>
<div>[]'s</div>