Skip to main content

PIX VPN Client Error – Fragmented msg rcvd with no associated SA

You may get following error (shown in blue) in your VPN Client LOG, while connecting through Cisco VPN Client to PIX Firewall, which is configured to allow VPN Connections for Remote Access.
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 11:42:49.467 07/30/13 Sev=Warning/2 IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)
2 11:42:49.467 07/30/13 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0x00000000)
3 11:42:54.863 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
4 11:42:54.864 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
5 11:42:59.943 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
6 11:42:59.944 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
7 11:43:05.022 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
8 11:43:05.023 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
Solution
Cisco had dropped support for DES with the 4.0(2) VPN client’s release. So the VPN Client doesn’t support combination of  cipher/hash (in this case, DES/SHA1)
But the VPN Client continues to support DES/MD5. However, support for DES/SHA is no longer available, and Release 3.7 and later VPN Clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN Client must either connect to a different group or the system administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration.
Labels:

Comments

Post a Comment

Popular posts from this blog

a file I/O error has occurred while accessing vmware converter

While converting physical Windows 7 machine to Virtual machine of infrastructure type, I got this error. The error seems it is unable to read/write source or destination datastore.

I have installed VMware-converter-en-6.2.0-8466193 on Windows 7 physical machine with option locally selected. (not at server/client option)

All of my ESXi servers are connected to the vCenter Server, so I had to use vCenter Server's IP address to send this physical machine to the virtual world.

The issue i found was with the dns resolution to the vCenter Server's hostname. Since I am not using the same dns server on the Windows 7 client machine. So I updated the host entries manually for the vCenter Server's hosname to it IP address.

After adding dns eteries to the hostfile of windows 7, I am not getting this "a file I/O error has occurred while accessing vmware converter" and the migration has started.
Post a Comment
Read more

GNS3 Docker Error while creating node: Docker has returned an error: Cannot connect to host docker:80

Error while creating node: Docker has returned an error: Cannot connect to host docker:80 ssl:False [No such file or directory]

After adding docker template for Alpine Linux in gns3, you get above mentioned message when you want to use alpine linux in GNS3.

To get rid of this message you have to install Docker by following below link
curl -fsSL https://get.docker.com/ | sh

If you do not have curl installed then instal curl first with below command.apt-get install curl
After installing Docker you need to add your user name in the docker group with the following command. $ sudo usermod -aG docker your_username

Verify if the docker service is started with following command$ service docker status
If docker is not started then start with following command $ sudo service docker start
Logout from GNS3 Virtual Machines and log back. Start gns3 and use alpine linux.
Post a Comment
Read more

What is Cisco Supervisor Engine?

Supervisor Engine is a module that is installed in the Cisco Chassis-based Catalyst Switches or Routers. Supervisor engine contains nearly all the same components of a fixed Cisco Switches or Routers. These Supervisor engines come in a variety of different types with different functionalities and are installed in the Switches/Router Chassis as per requirements of the network types.

Benefits of Supervisor Engines
By installing Latest Supervisor Engines in your existing investments (Switches and Routers) you can scale system performance and integrate next-generation services into your Networks.
Within a single multilayer switch chassis, two supervisor modules with integrated route processors can be used to provide hardware redundancy. If an entire supervisor module fails, the other module can pick up the pieces and continue operating the switch.
The supervisor engine contains the following integrated daughter cards that perform forwarding and routing and provide the protocols supported …
Post a Comment
Read more