get a reboot approved.
-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 2:40 PM
To: [EMAIL PROTECTED]
Subject: PIX/w/WIN2k VPN3000 client problem [7:12181]
I'm having a problem. I'm running a PIX520 (5.3) with multiple VPNGROUPs. I
have a client installed on a WIN2k machine. The machine was using a group
that didn't split tunnel. I changed the group to a group that does, and now
I get a failed to negotiate error AFTER THE LOGON and the Your link is now
secure error. I have cleared IPSEC SA and ISAKMP SA. I even went as far
as deleting the MAPS. The Client has been removed and re-installed. I'm
thinking the problem is either something embedded somewhere in the WIN2k, or
an association to the peer IP in the PIX, but I have successfully changed
the group on other win 9x machines without a problem after the SA timed out,
and the Dynamic Maps cleared. This is a production PIX, but do I get a
reboot approved to try to clear old info out of memory, or do I go after the
client and see if the problem lies there?
Any input appreciated.
Thank you,
Michael
Privileged/Confidential Information may be contained in this message or
attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12190t=12181
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
