Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 2669 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN isn't working anymore (I think it happened after the Upgrade to Firmware Version 9.603-1)

Andreas Czech

Hi all,

as the Subject says -> I'm not able to establish an VPN Connection.

I think it happened after the Upgrade to Firmware Version 9.603-1,

because I wrote to the DynDNS Provider and after checking they confirmed the DynDNS is working.

Attached is a Screenshot of the OpenVPN Log:

 

 

Steps which I've already tried:

- registered with another DynDNS Provider

- created new User (new Certificate)

- changed the Remote Access DNS Settings

 

Help is really appreciated



This thread was automatically locked due to age.
  • 0

    since the last upgrade, we've been having problems with the UTMs IPS system blocking normal VPN traffic and causing IPSec tunnels to go down.  You might want to check/disable IPS to see if that's what's going on in your case.    I'm getting a warning like:

     

    Message........: SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt
    Details........: www.snort.org/search
    Time...........: 2019-07-05 13:04:41
    Packet dropped.: yes
    Priority.......: high
    Classification.: Attempted Administrator Privilege Gain
    IP protocol....: 17 (UDP)

    Source IP address: << IP Address of our ASA >>
    Source port: 4500 (ipsec-msft)
    Destination IP address: x.x.x.x (utm1.xxxxx.xxx)
    Destination port: 4500 (ipsec-msft)


  • 0 in reply to lprikockis

    lprikockis said:

    since the last upgrade, we've been having problems with the UTMs IPS system blocking normal VPN traffic and causing IPSec tunnels to go down.  You might want to check/disable IPS to see if that's what's going on in your case.    I'm getting a warning like:

     

    Message........: SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt
    Details........: www.snort.org/search
    Time...........: 2019-07-05 13:04:41
    Packet dropped.: yes
    Priority.......: high
    Classification.: Attempted Administrator Privilege Gain
    IP protocol....: 17 (UDP)

    Source IP address: << IP Address of our ASA >>
    Source port: 4500 (ipsec-msft)
    Destination IP address: x.x.x.x (utm1.xxxxx.xxx)
    Destination port: 4500 (ipsec-msft)


     

    thanks for your Suggestion

    disabled -> Webfiltering, Application Control, Advanced Tread Protection, IPS but still not able to use VPN (the Failure changed, looks now it isn't able to authenticate)

    try now to rollback to Firmware 9.507 -> will post the result.

     

    ##################################### UPDATE #######################################

     

    the Firmware Downgrade don't worked using the GUI

    tried 9.601, 9.600 and 9.508, but after the Reboot it still says Firmware: 9.603

    Furthermore the Installation of the Downgrade Firmware Packages was shown after the First Point (Verification) as successful.

    EDIT:

    looked in some previous Posts -> Downgrade isn't possible, only Re-image via CD and Restore the Settings

     

    any other Ideas?

    I think it's something with the Configuration of the Remote Access

  • +1 in reply to Andreas Czech

    Solved:

     

    Since I changed the VPN SSL Port from 443 to 1137 -> all work again

Unfiltered HTML