Skip to main content

PIX VPN Client Error – Fragmented msg rcvd with no associated SA

You may get following error (shown in blue) in your VPN Client LOG, while connecting through Cisco VPN Client to PIX Firewall, which is configured to allow VPN Connections for Remote Access.
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 11:42:49.467 07/30/13 Sev=Warning/2 IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)
2 11:42:49.467 07/30/13 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0x00000000)
3 11:42:54.863 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
4 11:42:54.864 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
5 11:42:59.943 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
6 11:42:59.944 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
7 11:43:05.022 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
8 11:43:05.023 07/30/13 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
Solution
Cisco had dropped support for DES with the 4.0(2) VPN client’s release. So the VPN Client doesn’t support combination of  cipher/hash (in this case, DES/SHA1)
But the VPN Client continues to support DES/MD5. However, support for DES/SHA is no longer available, and Release 3.7 and later VPN Clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN Client must either connect to a different group or the system administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration.
Labels:

Comments

Post a Comment

Popular posts from this blog

a file I/O error has occurred while accessing vmware converter

While converting physical Windows 7 machine to Virtual machine of infrastructure type, I got this error. The error seems it is unable to read/write source or destination datastore.

I have installed VMware-converter-en-6.2.0-8466193 on Windows 7 physical machine with option locally selected. (not at server/client option)

All of my ESXi servers are connected to the vCenter Server, so I had to use vCenter Server's IP address to send this physical machine to the virtual world.

The issue i found was with the dns resolution to the vCenter Server's hostname. Since I am not using the same dns server on the Windows 7 client machine. So I updated the host entries manually for the vCenter Server's hosname to it IP address.

After adding dns eteries to the hostfile of windows 7, I am not getting this "a file I/O error has occurred while accessing vmware converter" and the migration has started.
Post a Comment
Read more

Connection control operation failed for disk 'ide1:0'

I was getting this error while removing Operating System ISO image mounted on the Virtual Machine.

What worked for me, is
1. Uncheck the "Connected and Connect at power on" from Device Status.
2. Then Change the Device type from "Datastore ISO File to Client Device" Radio Button
3. and press OK to save the changes.

Note:- I was able to remove the mounted ISO only by directly logging to the ESXi at https://esxi-ip-address/ui

where it asks

"The guest operating system has locked the CD-ROM door and is probably using the CD-ROM, which can prevent the guest from recognizing media changes. If possible, eject the CD-ROM from inside the guest before disconnecting. Disconnect anyway and override the lock?"

You need to select yes to eject the CD-ROM and then remove the ISO file successfully.
Post a Comment
Read more

GNS3 Docker Error while creating node: Docker has returned an error: Cannot connect to host docker:80

Error while creating node: Docker has returned an error: Cannot connect to host docker:80 ssl:False [No such file or directory]

After adding docker template for Alpine Linux in gns3, you get above mentioned message when you want to use alpine linux in GNS3.

To get rid of this message you have to install Docker by following below link
curl -fsSL https://get.docker.com/ | sh

If you do not have curl installed then instal curl first with below command.apt-get install curl
After installing Docker you need to add your user name in the docker group with the following command. $ sudo usermod -aG docker your_username

Verify if the docker service is started with following command$ service docker status
If docker is not started then start with following command $ sudo service docker start
Logout from GNS3 Virtual Machines and log back. Start gns3 and use alpine linux.
Post a Comment
Read more