无法连接 Cisco VPN 客户端,原因 412

tag-icon tag-icon networking vpn cisco-vpn
无法连接 Cisco VPN 客户端,原因 412

我正在使用 Windows 8.1,尝试使用 Cisco VPN 连接到 Office。

我尝试连接,几秒钟后收到此信息:

安全 VPN 连接由客户端本地终止,原因 412:远程对等体不再响应。

我的 IT 部门说有东西阻止了端口 10000 流量。我尝试关闭所有软件防火墙,并验证我的路由器是否启用了 VPN 直通。

我联系了我的 ISP,他们声称它应该可以工作,并且他们提供的配置文件对其他所有人都有效。

这是我的日志:

Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.2.9200 

205    14:09:57.154  05/28/15  Sev=Info/4   CM/0x63100002
Begin connection process

206    14:09:57.156  05/28/15  Sev=Info/4   CM/0x63100004
Establish secure connection

207    14:09:57.156  05/28/15  Sev=Info/4   CM/0x63100024
Attempt connection with server "66.162.2.6"

208    14:09:57.159  05/28/15  Sev=Info/6   CM/0x6310002F
Allocated local TCP port 57238 for TCP connection.

209    14:09:57.705  05/28/15  Sev=Info/4   IPSEC/0x63700008
IPSec driver successfully started

210    14:09:57.705  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

211    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x6370002C
Sent 4 packets, 0 were fragmented.

212    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x63700020
TCP SYN sent to 66.162.2.6, src port 57238, dst port 10000

213    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x6370001C
TCP SYN-ACK received from 66.162.2.6, src port 10000, dst port 57238

214    14:09:57.705  05/28/15  Sev=Info/6   IPSEC/0x63700021
TCP ACK sent to 66.162.2.6, src port 57238, dst port 10000

215    14:09:57.705  05/28/15  Sev=Info/4   CM/0x63100029
TCP connection established on port 10000 with server "66.162.2.6"

216    14:09:58.207  05/28/15  Sev=Info/4   CM/0x63100024
Attempt connection with server "66.162.2.6"

217    14:09:58.213  05/28/15  Sev=Info/6   IKE/0x6300003B
Attempting to establish a connection with 66.162.2.6.

218    14:09:58.216  05/28/15  Sev=Info/4   IKE/0x63000001
Starting IKE Phase 1 Negotiation

219    14:09:58.226  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to 66.162.2.6

220    14:10:03.707  05/28/15  Sev=Info/4   IKE/0x63000021
Retransmitting last packet!

221    14:10:03.707  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 66.162.2.6

222    14:10:08.707  05/28/15  Sev=Info/4   IKE/0x63000021
Retransmitting last packet!

223    14:10:08.707  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 66.162.2.6

224    14:10:14.205  05/28/15  Sev=Info/4   IKE/0x63000021
Retransmitting last packet!

225    14:10:14.205  05/28/15  Sev=Info/4   IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 66.162.2.6

226    14:10:19.207  05/28/15  Sev=Info/4   IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=4CE6E0F6AFDD6219 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

227    14:10:20.206  05/28/15  Sev=Info/4   IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=4CE6E0F6AFDD6219 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

228    14:10:20.206  05/28/15  Sev=Info/4   CM/0x63100014
Unable to establish Phase 1 SA with server "66.162.2.6" because of "DEL_REASON_PEER_NOT_RESPONDING"

229    14:10:20.206  05/28/15  Sev=Info/5   CM/0x63100025
Initializing CVPNDrv

230    14:10:20.217  05/28/15  Sev=Info/4   CM/0x6310002D
Resetting TCP connection on port 10000

231    14:10:20.218  05/28/15  Sev=Info/6   CM/0x63100030
Removed local TCP port 57238 for TCP connection.

232    14:10:20.225  05/28/15  Sev=Info/6   CM/0x63100046
Set tunnel established flag in registry to 0.

233    14:10:20.226  05/28/15  Sev=Info/4   IKE/0x63000001
IKE received signal to terminate VPN connection

234    14:10:20.241  05/28/15  Sev=Info/6   IPSEC/0x63700023
TCP RST sent to 66.162.2.6, src port 57238, dst port 10000

235    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

236    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

237    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x63700014
Deleted all keys

238    14:10:20.241  05/28/15  Sev=Info/4   IPSEC/0x6370000A
IPSec driver successfully stopped

有谁知道为什么会发生这种情况以及还有其他排除故障的步骤吗?

答案1

由多种不同原因造成:

  1. 客户端位于(或使用)防火墙后面,该防火墙阻止端口 TCP 4500/10000 或 UDP 4500/10000 或 500 和/或 ESP。

  2. 您的互联网连接不稳定并且丢包。

  3. VPN 客户端位于 NAT 设备后面,并且 VPN 服务器未启用 NAT-T。

可能的解决方案:

  1. 如果您使用无线,请尝试有线连接,并确保您的 851 拥有稳定的网络。

  2. 关闭客户端上的防火墙,然后测试连接以查看问题是否仍然存在。如果没有,则可以重新打开防火墙,在防火墙中添加端口 500、端口 4500 和 ESP 协议的例外规则

  3. 在您的配置文件中打开 NAT-T/TCP(记得在防火墙中解除对端口 10000 的阻止)

  4. 使用编辑器编辑您的个人资料,并将 ForceKeepAlive=0 更改为 1

--不要忘记重启服务--

-在命令提示符下发出命令 services.msc 转到服务

-停止思科系统公司的VPN服务

-停止 Internet 连接共享 (ICS) 服务

-右键单击 ICS 服务并选择属性。然后将启动类型更改为禁用或手动。

-启动 Cisco Systems,Inc.VPN 服务

相关内容