Cisco vpn client 412 error windows 7
Настроил на маршрутизаторе 2911 Easy VPN Server.
Из внутренней сети могу подключиться на внешний интерфейс клиентом, тобишь в целом система работает.
А вот при попытке подключиться из вне выпадает ошибка 412. В чем может быть проблема?
Current configuration : 3255 bytes
!
! Last configuration change at 13:06:37 UTC Wed Dec 7 2016 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Sedova11_R
!
boot-start-marker
boot system flash:/c2900-universalk9-mz.SPA.154-3.M5.bin
boot-end-marker
!
!
no logging console
enable password 7 011F16035A0F0B062F
!
aaa new-model
!
!
aaa authentication login USER-AUTH local
aaa authorization network GROUP-AUTH local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!
ip dhcp relay information trust-all
!
!
!
ip domain name Roga.local
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO2911/K9 sn FCZ1533708R
license boot module c2900 technology-package securityk9
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group LENPROMGAZ
key Lpg6021ZVL
domain LPG.local
pool VPN-POOL
acl 110
crypto isakmp profile VPN-CLIENT
match identity group ROGA
client authentication list USER-AUTH
isakmp authorization list GROUP-AUTH
client configuration address respond
!
!
crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto dynamic-map DYNMAP 10
set transform-set 3DES-MD5
set isakmp-profile VPN-CLIENT
reverse-route
!
!
crypto map DMAP 1 ipsec-isakmp dynamic DYNMAP
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 172.14.110.254 255.255.255.0
!
interface GigabitEthernet0/0.101
encapsulation dot1Q 101
ip address 172.14.101.254 255.255.255.0
!
interface GigabitEthernet0/0.102
encapsulation dot1Q 102
ip address 172.14.200.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
ip address 77.231.57.184 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map DMAP
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
!
no ip http server
no ip http secure-server
!
!
!
access-list 10 permit 172.14.101.0
access-list 10 permit 172.14.102.0 0.0.0.255
access-list 110 permit ip 172.14.100.0 0.0.0.255 any
| Оглавление |
|
| 1. «Cisco VPN Client ошибка 412» | + / – |  |
| Сообщение от Username (?), 08-Дек-16, 16:45 | ||
| Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору | ||
 | ||
| 5. «Cisco VPN Client ошибка 412» | + / – |  |
Сообщение от Рихард (ok), 15-Дек-16, 12:53 | ||
| Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору | ||
| ||
| 6. «Cisco VPN Client ошибка 412» | + / – | |
| Сообщение от Рихард (ok), 15-Дек-16, 14:16 | ||
В общем сделал я тестовый access-list, что бы понять приходит ли ко мне хоть что то от клиента в процессе соединения, примерно следующего содержания: 18 permit esp any any log И собственно больше ничего не происходит. Т.е ISAKMP постучался на 500 порт, а дальше ничего не происходит. По идее дальше должен IPSEC начать работать, но до него по ходу дело не доходит. Dec 15 10:26:43.386: %SEC-6-IPACCESSLOGP: list NAT permitted udp 84.52.72.124(55936) -> 77.232.54.172(500), 1 packet | ||
| Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору | ||
| 2. «Cisco VPN Client ошибка 412» | + / – | |
| Сообщение от Username (?), 08-Дек-16, 16:47 | ||
| ||
| Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору | ||
| ||
| 3. «Cisco VPN Client ошибка 412» | + / – | |
| Сообщение от Рихард (ok), 13-Дек-16, 08:56 | ||
| ||
| Ответить | Правка | ^ к родителю #2 | Наверх | Cообщить модератору | ||
| ||
| 4. «Cisco VPN Client ошибка 412» | +1 + / – | |
| Сообщение от Рихард (ok), 13-Дек-16, 09:12 | ||
Не, ерунда. Попробовал повесить на внешний интерфейс debug: debug ip udp address , но в логах отображаются только подключения из внутренней сети, если пытаюсь стучаться на UDP из вне — все чисто. Тоже самое с ICMP. А как тогда внешние подключения мониторить? | ||
| Ответить | Правка | ^ к родителю #3 | Наверх | Cообщить модератору | ||
| ||
| 7. «Cisco VPN Client ошибка 412» | + / – |  |
| Сообщение от Таня (??), 21-Фев-18, 19:18 | ||
| ||
| Ответить | Правка | ^ к родителю #4 | Наверх | Cообщить модератору | ||
| ||
| 8 . «Cisco VPN Client ошибка 412» | + / – |  |
| Сообщение от Birzhan (ok), 23-Июл-18, 09:23 | ||
Добрый день, Cisco vpn client 412 error windows 7
Вопрос
I can’t get my cisco vpn to work. But I keep running into documentation that tells me to change the, «Edit your profile with your editor and change ForceKeepAlive=0 to 1.» How do I do that? Thanking in advance. Ответы
Please take the following steps: 1. On the main drive of the PC, choose Program Files > Cisco Systems > VPN Client > Profiles. 2. Right-click the profile that you use, and choose Open With in order to open the profile in a text editor (such as Notepad). (When you choose the program to use, be sure to uncheck the box that says Always use this program to open these files.) 3. Locate the profile parameter for ForcekeepAlives, and change the value from 0 to 1, then save the profile. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Все ответы
Please take the following steps: 1. On the main drive of the PC, choose Program Files > Cisco Systems > VPN Client > Profiles. 2. Right-click the profile that you use, and choose Open With in order to open the profile in a text editor (such as Notepad). (When you choose the program to use, be sure to uncheck the box that says Always use this program to open these files.) 3. Locate the profile parameter for ForcekeepAlives, and change the value from 0 to 1, then save the profile. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
I was facing this problem in a Gigabyte gaming laptop which came pre-loaded with Windows 8. After one day of problem, I unchecked the ‘Run as Administrator’ checkbox, and it started to work right after that. I rechecked ‘Run as Administrator’ again (in the main vpngui.exe) and it would return the ‘Remote Peer Not Responding’ message; but uncheck and it would work again! Thought I would share it in this thread in case someone keeps facing this problem.
I had this problem recently myself and it turned out to be the ASA firewall that I was trying to VPN into was incorrectly configured. It caused the same 412 error, so it threw me off, as that is usually an indication of a problem on the VPN client side, not the firewall side. Hope this helps for people looking for other causes.
Our VPN guy says 412 means » the token is unsynchronized» . however, three days later when we looked at it the token was «Active», not » Next tokencode mode «. Also, the token (3 days later) was not locked due to wrong tokencode. For the problem I recently worked on it appears to have been intermittant internet connection somewhere along the line as VPN just started working a few hours later. Firewall/NAT issues are also reported as a cause, rebooting your modem and router, unblocking ports 500 and 10000 (but if it used to work that’s likely not it). If you have one, try a VPN connection to somewhere else to see if it works. Try using another user’s Username and their passcode/token. Our profile PCF files do not contain a ForceKeepAlives parameter. Does anyone know if there is a default for this parameter? | ||
