Re: Cisco VPN Client issues with PIX 506e

From: mak <mak@xxxxxxxxxx>
Date: Fri, 15 Sep 2006 11:27:45 +0200

chrismtoth@xxxxxxxxx wrote:

Well I tried the 'clear ipsec sa' and it didn't work. I had to do a
'reload' and then the client was able to log in again and use the VPN.

I am not sure what could be going on here. I am coming from a Linux IP
Tables background to this Cisco PIX. The PIX command set seems simple
enough, but I see no logs or even logging options to even begin an
investigation as to what could be causing this.

try:logging

Use these commands to enable logging, view logs, and view configuration settings.

*

logging enable —Enables the transmission of syslog messages to all output locations.
*

no logging enable —Disables logging to all output locations.
*

show logging —Lists the contents of the syslog buffer and the current logging configuration.

PIX can send syslog messages to various destinations.
for instance:
Internal Buffer

logging buffered severity_level

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

and debug:

debug crypto ipsec - View the IPSec negotiations of phase 2.
*

debug crypto isakmp - View the ISAKMP negotiations of phase 1.
*

debug crypto engine - View the traffic that is encrypted.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml
.

Follow-Ups:
- Re: Cisco VPN Client issues with PIX 506e
  - From: chrismtoth@xxxxxxxxx

References:
- Cisco VPN Client issues with PIX 506e
  - From: chrismtoth
- Re: Cisco VPN Client issues with PIX 506e
  - From: chrismtoth@xxxxxxxxx
- Re: Cisco VPN Client issues with PIX 506e
  - From: Walter Roberson
- Re: Cisco VPN Client issues with PIX 506e
  - From: chrismtoth@xxxxxxxxx
- Re: Cisco VPN Client issues with PIX 506e
  - From: Walter Roberson
- Re: Cisco VPN Client issues with PIX 506e
  - From: chrismtoth@xxxxxxxxx

Prev by Date: Re: Portfast question
Next by Date: Re: Help on logging on my Soho 77
Previous by thread: Re: Cisco VPN Client issues with PIX 506e
Next by thread: Re: Cisco VPN Client issues with PIX 506e
Index(es):
- Date
- Thread

Relevant Pages

RE: [fw-wiz] Log checking?
... tend to evaluate where and what logging is important in a different light. ... I've been happy to analyze a year's worth of firewall denied logs, ... have denied firewall traffic logs or denied logs with any relevant data. ...
(Firewall-Wizards)
Re: Login Errors Seem to indicate we are being hacked?
... thing on the box using that authentication package. ... The SMTP or IIS logs should answer everything. ... I'm not familiar with that particular router or its logging capabilities, ...
(microsoft.public.windows.server.sbs)
Re: Logging Best Practice?
... a lot depends on who's going to read the logs. ... lookup where the log line originated and look at the program flow. ... I usually implement logging in a way the user can choose the logging level ... Those are ment for checking if the ...
(comp.programming)
[TOOL] The Logging Project
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... of a need for secure, centralized, fault tolerant, real time logging. ... system logs are only part of the package. ... * Message queuing when tunnel is offline (sptc) ...
(Securiteam)
Re: Need help finding tools to diagnose SBS/Exchange prob...
... Its logging is fairly limited, ... Then there's the SMTP logs. ... messages explaining why the receiving servers would not accept mail. ... Most advice around this says that maximum logging degrades Exchange ...
(microsoft.public.windows.server.sbs)