Problem connecting to ISA IPSEC with Cisco VPN Client Windows 7

alberto.sagredo.castro · ‎12-23-2011

On logs, some lines removed to avoid personal data..

When routes are pushing into my windows machine, it get an error and no be able to connect to my remote network or internat NATed.

Cisco Staff, complete log would be available for you

Is there any special config to handle?

47 05:35:05.273 12/24/11 Sev=Info/5 CVPND/0x63400013

Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.35 25

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

192.168.1.0 255.255.255.0 192.168.1.35 192.168.1.35 281

192.168.1.35 255.255.255.255 192.168.1.35 192.168.1.35 281

192.168.1.255 255.255.255.255 192.168.1.35 192.168.1.35 281

224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

224.0.0.0 240.0.0.0 192.168.1.35 192.168.1.35 281

255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

255.255.255.255 255.255.255.255 192.168.1.35 192.168.1.35 281

48 05:35:05.943 12/24/11 Sev=Info/4 CM/0x63100034

The Virtual Adapter was enabled:

IP=10.0.1.20/255.0.0.0

DNS=0.0.0.0,0.0.0.0

WINS=0.0.0.0,0.0.0.0

Domain=

Split DNS Names=

49 05:35:06.013 12/24/11 Sev=Info/5 CVPND/0x63400013

Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.35 25

0.0.0.0 0.0.0.0 10.0.0.1 0.0.0.0 26

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

192.168.1.0 255.255.255.0 192.168.1.35 192.168.1.35 281

192.168.1.35 255.255.255.255 192.168.1.35 192.168.1.35 281

192.168.1.255 255.255.255.255 192.168.1.35 192.168.1.35 281

224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

224.0.0.0 240.0.0.0 192.168.1.35 192.168.1.35 281

224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 281

255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

255.255.255.255 255.255.255.255 192.168.1.35 192.168.1.35 281

255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 281

50 05:35:09.038 12/24/11 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 192.168.1.255

Netmask 255.255.255.255

Gateway 10.0.0.1

Interface 10.0.1.20

51 05:35:09.038 12/24/11 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: a000114, Gateway: a000001.

52 05:35:09.038 12/24/11 Sev=Info/4 CM/0x63100038

Successfully saved route changes to file.

53 05:35:09.038 12/24/11 Sev=Info/5 CVPND/0x63400013

Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.35 25

0.0.0.0 0.0.0.0 10.0.0.1 10.0.1.20 26

10.0.0.0 255.0.0.0 10.0.1.20 10.0.1.20 281

10.0.1.20 255.255.255.255 10.0.1.20 10.0.1.20 281

10.226.237.33 255.255.255.255 192.168.1.1 192.168.1.35 100

10.255.255.255 255.255.255.255 10.0.1.20 10.0.1.20 281

83.42.164.185 255.255.255.255 192.168.1.1 192.168.1.35 100

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

192.168.1.0 255.255.255.0 192.168.1.35 192.168.1.35 281

192.168.1.0 255.255.255.0 10.0.0.1 10.0.1.20 281

192.168.1.35 255.255.255.255 192.168.1.35 192.168.1.35 281

192.168.1.35 255.255.255.255 10.0.0.1 10.0.1.20 281

192.168.1.255 255.255.255.255 192.168.1.35 192.168.1.35 281

224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

224.0.0.0 240.0.0.0 192.168.1.35 192.168.1.35 281

224.0.0.0 240.0.0.0 10.0.1.20 10.0.1.20 281

255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

255.255.255.255 255.255.255.255 192.168.1.35 192.168.1.35 281

255.255.255.255 255.255.255.255 10.0.1.20 10.0.1.20 281

54 05:35:09.038 12/24/11 Sev=Info/6 CM/0x63100036

The routing table was updated for the Virtual Adapter

55 05:35:09.068 12/24/11 Sev=Info/4 CM/0x6310001A

One secure connection established

56 05:35:09.123 12/24/11 Sev=Info/4 CM/0x6310003B

Address watch added for 192.168.1.35. Current hostname: Alberto-PC, Current address(es): 10.0.1.20, 192.168.1.35.

57 05:35:09.123 12/24/11 Sev=Info/4 CM/0x6310003B

Address watch added for 10.0.1.20. Current hostname: Alberto-PC, Current address(es): 10.0.1.20, 192.168.1.35.

58 05:35:09.123 12/24/11 Sev=Info/5 CM/0x63100001

Did not find the Smartcard to watch for removal

alberto.sagredo.castro · ‎12-23-2011

Also when trying to connect with Any Connect Client, i get this error

Only pool configure is 10.0.3.0

my 10.0.1.x is home lan 10.0.0.x is router lan, and 10.0.2.x is wan2 lan

Thanks

alberto.sagredo.castro · ‎12-23-2011

Well Problem located With Cisco VPN CLient

I see ISA is not pushing DNS Servers to my CISCO VPN Adaptor.. (the reason above)...

If i modify DNS servers manually on CIsco VPN Interface, i have internet access thru VPN correctly

Anyone with this trouble?

I see i put DNS servers on my IPSEC Remote Access, but it does not take it, so thats the reason.

If i create another IPSEC Remote Accese al is fine. So it seems there is something wrong with that role?

Any way to get traces or logs to help you to locate this issue?

Brandon Turpin · ‎01-05-2012

Hi Alberto,

I just ran some tests here with the Cisco VPN Client on Windows 7 and am not seeing what you were seeing. Are you saying that you entered the DNS Servers in the Remote Access - Mode Configuration Settings tab, but it's not being pushed to your client? It sounds like you configured another Remote Access group and then it started working?

What firmware version are you running on the ISA570? What VPN Client version are you using? Are you running Win 7 64-bit or 32-bit?

We may need to take a look at your configuration to see what's going on along with the full client logs surrounding this.

Thanks,

Brandon