dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
535
oceanik
join:2005-03-19
m4t2n2

oceanik to rolande

Member

to rolande

Re: Cisco Reason 422

I have several colleagues who connect to the company's network via the same VPN client

As for me I could connect once (first time I tried), and after being disconnected I have this "reason 422" message

I was also ablo to connect with a laptop using a wireless connection (= different computers, different clients, different providers) for a few minutes
I lost the wireless connection (the signal is very low in my building) and since then I also have the same message

and I'm not on the same network as my company

rolande
Certifiable
MVM,
join:2002-05-24
Dallas, TX
ARRIS BGW210-700
Cisco Meraki MR42

rolande

MVM,

Every computer and OS works differently with a VPN client. Also there are many different types of network setups that can impact the connectivity. Unless your colleagues can connect from the same network you are testing from, then you have to rule out any comparisons there. You have to take each scenario individually.

So you say you connected before. Does this mean you were connected at length and were actually able to use the VPN at one time from this same machine on the same network? Or did it appear that you successfully connected and then you got this error and were kicked off and now you just get the error and it never appears to work?

Have you been able to get the same machine that is failing to work from any other network?

Using the Cisco VPN Client GUI Error Lookup Tool I found this...
Reason 422: Lost contact with the security gateway. Check your network connection.
-------------------------------------------
Description or Action:
The machine's IP address changed or the machine is no longer connected to the Internet.
Note: The VPN Client is required to disconnect the VPN tunnel for security reasons, if the machines IP Address has changed.
It seems that something is changing your routing table after you connect. This is considered the sign of a trojan or backdoor. So, the VPN client is configured to detect this change and immediately shut the client down so that the remote network is not compromised by someone unauthorized. You will need to open a command prompt and do a 'route print' before you try the VPN client. Save that output to a text file. Then try the VPN client. Do a 'route print' right after you try to connect and see what is different. Then when you get the disconnect, do 'route print' again. Hopefully you can isolate what route is coming and going that is breaking the VPN client.
oceanik
join:2005-03-19
m4t2n2

oceanik

Member

The "before" and "after" route prints are identical

I also desinstalled the VPN client, cleaned the registry and reinstall and still encounter the same message
I also tried with a profile that I know "works" w/o anymore succes

When I say I was connewcted before, it was fine till I got disconnected for external reasons (on my desktop because I had some trouble using remote access and windows froze and on my laptop because I lost the wireless connection)
Only after that I have the "reason 422"

I'm also still connected to the internet, before and after I try the VPN

and one of my colleague was able to connect to my office machine using the same client from his home PC with my profile

As for the IP change, I'm using DSL with Bell Sympatico (canadian provider)
My IP till the modem router is always 192.168.2.2 but I guess that, after the router it changes each time I connect

Is it an issue ?

BTW, thanks for your help

rolande
Certifiable
MVM,
join:2002-05-24
Dallas, TX
ARRIS BGW210-700
Cisco Meraki MR42

rolande

MVM,

It sounds like you are convinced that a software problem was caused when your machine froze. That is possible. It is also possible that your machine froze because of a VPN routing conflict.

If you connected to the remote VPN server you are trying, what address pool would your IP address be assigned out of? Do you know or can you find out?

I am assuming that your local NIC is using a 192.168.2.x address on your private network. If you try to establish the VPN tunnel and it assigns you an IP address in the same network range, then your tunnel will imediately shut down because you will have 2 conflicting routes in your routing table. It becomes a chicken and the egg problem. If the end points of the tunnel somehow get routed through the tunnel, then everything will blow up. It is a commonly known issue with any type of network tunneling.
oceanik
join:2005-03-19
m4t2n2

oceanik

Member

Here is the log (well, the interesting part)

[.......]

63 20:31:06.140 03/21/05 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter

64 20:31:06.156 03/21/05 Sev=Info/4 CM/0x6310001A
One secure connection established

65 20:31:06.187 03/21/05 Sev=Info/4 CM/0x63100038
Address watch added for 192.168.2.2. Current address(es): 127.0.0.1.

66 20:31:06.187 03/21/05 Sev=Info/4 CM/0x63100038
Address watch added for 192.168.2.6. Current address(es): 127.0.0.1.

67 20:31:06.250 03/21/05 Sev=Info/4 IPSEC/0x63700014
Deleted all keys

68 20:31:06.250 03/21/05 Sev=Info/4 IPSEC/0x63700010
Created a new key structure

69 20:31:06.250 03/21/05 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x12f1114b into key list

70 20:31:06.265 03/21/05 Sev=Info/4 IPSEC/0x63700010
Created a new key structure

71 20:31:06.265 03/21/05 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x0003753f into key list

72 20:31:06.265 03/21/05 Sev=Info/4 IPSEC/0x6370002E
Assigned VA private interface addr 192.168.2.6

73 20:31:09.343 03/21/05 Sev=Info/6 IKE/0x63000054
Sent a keepalive on the IPSec SA

74 20:31:11.343 03/21/05 Sev=Warning/3 CM/0xA310002C
Adapter address changed from 192.168.2.2. Current address(es): 127.0.0.1.

75 20:31:11.343 03/21/05 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

76 20:31:11.343 03/21/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 67.69.**.**

77 20:31:11.343 03/21/05 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = 4B11F112 INBOUND SPI = 3F750300)

78 20:31:11.343 03/21/05 Sev=Info/4 IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=0B1F529F

79 20:31:11.343 03/21/05 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=3925D19EBABC0931 R_Cookie=F42573366A261339) reason = DEL_REASON_ADDRESS_CHANGE

80 20:31:11.343 03/21/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 67.69.**.**

81 20:31:11.343 03/21/05 Sev=Info/4 IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=3925D19EBABC0931 R_Cookie=F42573366A261339) reason = DEL_REASON_ADDRESS_CHANGE

82 20:31:11.343 03/21/05 Sev=Info/4 CM/0x63100013
Phase 1 SA deleted cause by DEL_REASON_ADDRESS_CHANGE. 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system


83 20:31:11.343 03/21/05 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv

84 20:31:11.359 03/21/05 Sev=Info/6 CM/0x63100031
Tunnel to headend device 67.69.**.** disconnected: duration: 0 days 0:0:5

rolande
Certifiable
MVM,
join:2002-05-24
Dallas, TX
ARRIS BGW210-700
Cisco Meraki MR42

rolande

MVM,

I am guessing here but it looks like your NIC IP is 192.168.2.2 and the address you are getting assigned through the VPN tunnel is 192.168.2.6. That is your problem. They are on the same network range and that will never work.

Try changing your private network address range to a different range to verify. To be safe, you can use 172.16.1.x/24. So just swap all your current IP's with those first 3 octets and you can retain the same address in the 4th octet. Once you have reconfigured your addresses and you can get on the Internet again, try connecting with your VPN client and see what happens.
tdwatts
Premium Member
join:2002-03-05
Mobile, AL

tdwatts to oceanik

Premium Member

to oceanik
Did you ever resolve this issue?

I have been having almost the exact same problem and still have not found a solution.
tdwatts

tdwatts

Premium Member

After spending a full day and a half on this exact problem on a Win98 machine that had to be restored from backup I found my problem.

The DNS configuration for the Win98 machine had a Host 'localhost'. Changing this fixed the problem.

Lost2005
@163.185.x.x

Lost2005

Anon

I'm using a Windows 2003 machine and I'm getting this same error message. My server changed IP addresses....is there anything I have to do to allow the VPN connection?