Skip to main content

PIX VPN Client Error – Fragmented msg rcvd with no associated SA

You may get following error (shown in blue) in your VPN Client LOG, while connecting through Cisco VPN Client to PIX Firewall, which is configured to allow VPN Connections for Remote Access.
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 11:42:49.467 07/30/13 Sev=Warning/2 IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)
2 11:42:49.467 07/30/13 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0x00000000)
3 11:42:54.863 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
4 11:42:54.864 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
5 11:42:59.943 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
6 11:42:59.944 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
7 11:43:05.022 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
8 11:43:05.023 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
Solution
Cisco had dropped support for DES with the 4.0(2) VPN client’s release. So the VPN Client doesn’t support combination of  cipher/hash (in this case, DES/SHA1)
But the VPN Client continues to support DES/MD5. However, support for DES/SHA is no longer available, and Release 3.7 and later VPN Clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN Client must either connect to a different group or the system administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration.
Labels:

Comments

Post a Comment

Popular posts from this blog

What is Cisco Supervisor Engine?

Supervisor Engine is a module that is installed in the Cisco Chassis-based Catalyst Switches or Routers. Supervisor engine contains nearly all the same components of a fixed Cisco Switches or Routers. These Supervisor engines come in a variety of different types with different functionalities and are installed in the Switches/Router Chassis as per requirements of the network types.

Benefits of Supervisor Engines
By installing Latest Supervisor Engines in your existing investments (Switches and Routers) you can scale system performance and integrate next-generation services into your Networks.
Within a single multilayer switch chassis, two supervisor modules with integrated route processors can be used to provide hardware redundancy. If an entire supervisor module fails, the other module can pick up the pieces and continue operating the switch.
The supervisor engine contains the following integrated daughter cards that perform forwarding and routing and provide the protocols supported …
Post a Comment
Read more

GNS3 Docker Error while creating node: Docker has returned an error: Cannot connect to host docker:80

Error while creating node: Docker has returned an error: Cannot connect to host docker:80 ssl:False [No such file or directory]

After adding docker template for Alpine Linux in gns3, you get above mentioned message when you want to use alpine linux in GNS3.

To get rid of this message you have to install Docker by following below link
curl -fsSL https://get.docker.com/ | sh

If you do not have curl installed then instal curl first with below command.apt-get install curl
After installing Docker you need to add your user name in the docker group with the following command. $ sudo usermod -aG docker your_username

Verify if the docker service is started with following command$ service docker status
If docker is not started then start with following command $ sudo service docker start
Logout from GNS3 Virtual Machines and log back. Start gns3 and use alpine linux.
Post a Comment
Read more

Telnet Client is Disabled Enable it to use it from this application

This is a Cisco Network Assistant (CNA) error when you want to telnet any Cisco Devices from within CNA.
Solution to remove this error is related to Windows 7 or Windows Vista. First of all you need to Add TELNET program from Control Panel, which by Default is not added in fresh installation of Windows 7.For adding and using Telnet Program in Windows 7, Click Start > Control Panel > Uninstall a Program > Turn Windows Features On and OFF > Scroll to TELNET and Select it > Press OK After Adding Telnet Program into the Windows 7 you need to Copy Telent.exe from C:\Windows\System32 folder and paste it to C:\Windows\SysWOW64\ Now you should not get the same error.
Post a Comment
Read more