10-12-2011 01:58 PM
When I use QuickVPN under XP, I connect to my RVS4000 without problems. When I switch to new computer running Windows 7 and V4.2.1 QuickVPN I can get all the way to Verifying Network. Then I get the message that: "The remote gateway is not responding. Do you want to wait?" - repeatedly. The icon in the tool bar remains with a red slash and I am unable to ping devices on the lan side of the router. However, when I check the VPN Summary on the router, I see that it thinks I'm connected. When I check the VPN log I see that I am not:
Oct 12 10:27:53 - Configuration changed!
Oct 12 10:28:33 - Configuration changed!
Oct 12 10:28:34 - [VPN Log]: added connection description "ValR_rw_rw"
Oct 12 10:28:34 - [VPN Log]: listening for IKE messages
Oct 12 10:28:34 - [VPN Log]: adding interface ipsec0/ppp0 69.161.30.166:500
Oct 12 10:28:34 - [VPN Log]: adding interface ipsec0/ppp0 69.161.30.166:4500
Oct 12 10:28:34 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [RFC 3947]
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [FRAGMENTATION]
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Oct 12 10:28:46 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: responding to Main Mode from unknown peer 65.74.6.130
Oct 12 10:28:46 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 12 10:28:46 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: Main mode peer ID is ID_IPV4_ADDR: '172.22.30.11'
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: deleting connection "ValR_rw_rw" instance with peer 65.74.6.130 {isakmp=#0/ipsec=#0}
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: I did not send a certificate because I do not have one.
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: responding to Quick Mode {msgid:01000000}
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 12 10:28:49 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: route-client output: 0
Oct 12 10:28:49 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 12 10:28:49 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xd7f3050c <0xe98d074f xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Oct 12 10:33:48 - [VPN Log]: | NAT-T: new mapping 65.74.6.130:23434/44824)
Oct 12 10:33:48 - [VPN Log]: | pfkey_lib_debug:pfkey_msg_parse: satype 0 conversion to proto failed for msg_type 2 (update).
Oct 12 10:33:48 - [VPN Log]: | pfkey_lib_debug:pfkey_msg_build: Trouble parsing newly built pfkey message, error=-22.
Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: pfkey_msg_build of Add SA esp.e98d074f@69.161.30.166 failed, code -22
Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: received Delete SA(0xd7f3050c) payload: deleting IPSEC State #2
Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: terminating SAs using this connection
Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw" #2: deleting state (STATE_QUICK_R2)
Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw" #1: deleting state (STATE_MAIN_R3)
Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130: deleting connection "ValR_rw_rw" instance with peer 65.74.6.130 {isakmp=#0/ipsec=#0}
Oct 12 10:33:49 - [VPN Log]: "ValR_rw_rw": unroute-client output: 0
Oct 12 10:33:49 - [VPN Log]: packet from 65.74.6.130:44824: received and ignored informational message
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [RFC 3947]
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [FRAGMENTATION]
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Oct 12 11:45:11 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: responding to Main Mode from unknown peer 65.74.6.130
Oct 12 11:45:11 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 12 11:45:11 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [RFC 3947]
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [FRAGMENTATION]
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: responding to Main Mode from unknown peer 65.74.6.130
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: Main mode peer ID is ID_IPV4_ADDR: '172.22.30.11'
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #3: I did not send a certificate because I do not have one.
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: responding to Quick Mode {msgid:01000000}
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 12 11:45:15 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: route-client output: 0
Oct 12 11:45:15 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 12 11:45:15 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: STATE_QUICK_R2: IPsec SA established {ESP=>0xe15a35e6 <0xe98d0750 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Oct 12 11:46:23 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: max number of retransmissions (2) reached STATE_MAIN_R1
Oct 12 11:46:23 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130: deleting connection "ValR_rw_rw" instance with peer 65.74.6.130 {isakmp=#0/ipsec=#0}
I've disabled MS Security Essentials and made sure the Firewall is on. IPSec Policy Agent and IKE and AuthIP IPSec Keying Modules services are both started. I've created a rule to allow QuickVPN throught the firwall in and out and a rule to let traffic on 443 and 60443 UDP and TCP through the Firewall. Still no luck. Perhaps someone with more experience reading the logs can help me understand what is happening.
Thanks,
-ValR
10-12-2011 02:41 PM
Hi Val,
Thank you for posting. Go to Program Files-> Cisco Small Business-> QuickVPN (Or equivalent) and look for log.txt. See if some of the last lines show "Failed to ping remote VPN router!" When you talk about creating a rule, do you mean on the router that you are connecting from? Most routers have "VPN Passthrough" and all you need to do is enable IPSec passthrough. If you insist on opening ports, open 500 and 4500 as well.
Please reply and tell us what the client log shows. If it is "Failed to ping remote VPN router!", that means that the PC is blocking the ping replies from the router. This is usually caused by third party firewall or antivirus software. Disable or remove any such software.
10-12-2011 03:32 PM
Thanks for the link. I didn't know there was a log file for QuickVPN. Here is what the unsuccessful log in file looks like from the W7 machine:
2011/10/12 14:03:41 [STATUS]OS Version: Windows 7
2011/10/12 14:03:41 [STATUS]Windows Firewall Domain Profile Settings: ON
2011/10/12 14:03:41 [STATUS]Windows Firewall Private Profile Settings: ON
2011/10/12 14:03:41 [STATUS]Windows Firewall Private Profile Settings: ON
2011/10/12 14:03:41 [STATUS]One network interface detected with IP address 172.22.30.11
2011/10/12 14:03:41 [STATUS]Connecting...
2011/10/12 14:03:41 [DEBUG]Input VPN Server Address = 69.161.30.166
2011/10/12 14:03:41 [STATUS]Connecting to remote gateway with IP address: 69.161.30.166
2011/10/12 14:03:42 [WARNING]Server's certificate doesn't exist on your local computer.
2011/10/12 14:03:48 [STATUS]Remote gateway was reached by https ...
2011/10/12 14:03:48 [STATUS]Provisioning...
2011/10/12 14:03:57 [STATUS]Success to connect.
2011/10/12 14:03:57 [STATUS]Tunnel is configured. Ping test is about to start.
2011/10/12 14:03:57 [STATUS]Verifying Network...
2011/10/12 14:04:03 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:06 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:09 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:12 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:15 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:21 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2011/10/12 14:04:31 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:34 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:37 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:40 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:43 [WARNING]Failed to ping remote VPN Router!
2011/10/12 14:04:45 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2011/10/12 14:04:48 [STATUS]Disconnecting...
2011/10/12 14:04:55 [STATUS]Success to disconnect.
Here is what the successful log from the XP machine on the same subnet looks like:
2011/10/12 13:53:56 [STATUS]OS Version: Windows XP
2011/10/12 13:53:56 [STATUS]Windows Firewall is ON
2011/10/12 13:53:56 [STATUS]One network interface detected with IP address 172.22.30.134
2011/10/12 13:53:56 [STATUS]Connecting...
2011/10/12 13:53:56 [DEBUG]Input VPN Server Address = 69.161.30.166
2011/10/12 13:53:56 [STATUS]Connecting to remote gateway with IP address: 69.161.30.166
2011/10/12 13:54:06 [WARNING]Remote gateway wasn't reached...
2011/10/12 13:54:06 [WARNING]Failed to connect.
2011/10/12 13:54:07 [WARNING]Server's certificate doesn't exist on your local computer.
2011/10/12 13:54:16 [STATUS]Remote gateway was reached by https ...
2011/10/12 13:54:16 [STATUS]Provisioning...
2011/10/12 13:54:22 [STATUS]Success to connect.
2011/10/12 13:54:22 [STATUS]Tunnel is configured. Ping test is about to start.
2011/10/12 13:54:22 [STATUS]Verifying Network...
2011/10/12 13:54:26 [WARNING]Failed to ping remote VPN Router!
2011/10/12 13:54:27 [WARNING]Failed to ping remote VPN Router!
2011/10/12 13:54:31 [WARNING]Failed to ping remote VPN Router!
2011/10/12 13:54:41 [STATUS]Disconnecting...
2011/10/12 13:54:46 [STATUS]Success to disconnect.
At 13:54:31 I was logged on and pinged a device on the other side of the vpn router.
So, while both seem to be having trouble getting a ping from the remote VPN router, the W7 machine seems to be having more trouble, and perhaps, as you say, there is a setting blocking the com.
Here is what a direct ping from cmd to the remote vpn router from the W7 machine looks like:
Pinging 69.161.30.166 with 32 bytes of data:
Reply from 69.161.30.166: bytes=32 time=111ms TTL=51
Reply from 69.161.30.166: bytes=32 time=116ms TTL=51
Reply from 69.161.30.166: bytes=32 time=159ms TTL=51
Reply from 69.161.30.166: bytes=32 time=121ms TTL=51
Ping statistics for 69.161.30.166:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 111ms, Maximum = 159ms, Average = 126ms
The W7 computer is new and other than Windows Security Essentials, on which I turned off the real time monitoring, I don't believe I have any other security software. OTOH, the XP computer, with Windows Security Essentials running, connects.
Thanks,
-Val
10-12-2011 04:56 PM
Hi Val,
do you have just one network interface active on your W7 machine or more? This happens when there is more than one network interface (gateway) available.
Regards,
Abudef000
10-12-2011 06:03 PM
Thanks abudef000.
I think I have only one active interface. Here is my ipconfig /all output: (Ignore XX)
Windows IP Configuration
Host Name . . . . . . . . . . . . : CATMSLT5
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : LAN9500 USB 2.0 to Ethernet 10/100 Adapter
Physical Address. . . . . . . . . : 00-0B-97-57-XX-XX
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1914:de4f:90aa:56ca%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.22.30.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.22.30.1
DHCPv6 IAID . . . . . . . . . . . : 436210583
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8B-32-32-70-58-12-25-XX-XX
DNS Servers . . . . . . . . . . . : 209.165.131.12
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wan
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 18-3D-A2-4C-XX-XX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : DMS
Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 70-58-12-25-XX-XX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.wan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{314DB6FB-59C1-4613-897F-532B3010B662}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14ff:3bf7:53e9:e1f4(Preferred)
Link-local IPv6 Address . . . . . : fe80::14ff:3bf7:53e9:e1f4%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.DMS:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
-Val
10-13-2011 09:55 PM
Hi Val,
Thanks for the updates. I should have mentioned that "[WARNING]Failed to ping remote VPN Router!" is normal in the logs with a successful connection. If you see it 5 times followed by: "[WARNING]Ping was blocked, which can be caused by an unexpected disconnect." that usually means that the PC is blocking the ping response from the router. I am not sure in this case what could be causing the issue. I have seen a few rare cases where the Windows Firewall needed to be configured to allow ICMP. You might also try right clicking the QuickVPN icon and "Run as Administrator"
12-26-2011 01:16 PM
I have a similar configuration with similar results. XP works and Win 7 does not. I even have a similar set of logs.
Did you find a solution, if so, please share it, thanks.
12-27-2011 02:31 PM
Hi Curtis,
Unfortunately the computer that I was having a problem with was rolled back to XP (for other compatibility reasons) before I could test installation under Windows 7. I have a Windows 7 x64 machine on which QVPN does work and I'll see if there is anything in the setup that I can pass on. I probably installed it as administrator. I may have run the install file with XP compatibility. At present all I can do is look in the properties and see if I am running it in XP compatibility mode and/or as administrator.
In Windows 7 Professional, there is an XP Virtual machine. When asking techs from around the country to login to my system and help me troubleshoot it, I have found that if they have this capability, they can make QVPN work but it is a PIA.
I'll try to remember to check out my personal machine and see if I can reverse engineer my install proceedure. LOL
-Val
12-28-2011 06:28 AM
Val - Thanks for the offer of assistance. Anything you can do would be appreciated. Don't knock yourself out though.
I started investigating with Wireshark and looking at the logs from the router. I could see that the necessary NAT entry wasn't being built at the router. I opened a support issue with Cisco and they closed it by telling me that QuickVPN / RVS4000 was not entirely compatible with Windows 7, 64 bit and that they are continuing to work on it. But, they do not have a new release date yet...
Curtis
12-28-2011 11:08 AM
Curtis,
QuickVPN works fine with Windows 7 64-bit. I use it myself and I have worked with hundreds of customers that use it as well. That being said, it can be a little more difficult to make it work properly. Usually the culprit is some third party firewall or antivirus software, including Microsoft Security Essentials. Did the support engineer give you a case number? I would like to see what troubleshooting was done in your case and maybe I can assist. Also, have you tried to connect in Safe Mode?
12-28-2011 12:16 PM
Can't shed much light on this issue. My home computer running W7x64 is running QVPN just fine under W7 over my LAN and cable ISP. I may have installed it as an administrator, but I'm not running it in XP mode or as Administrator.
I have noticed that I've had trouble, even under XP, when using very large network LANx/WANs, such as the network I use at my job working for the State.
-Val
12-29-2011 05:41 AM
mpyhala -
You can find my discussion with keywords quickvpn, rvs4000, and ping.
Case # should be posted there.
Thanks
Curtis
12-29-2011 05:45 AM
Val -
If the VPN firewall is having trouble building NAT table entries, it could be having other NAT problems as well. Your large LAN problem could easily be that the VPN router is running out of space for 'magic numbers' in its tables. That would be another problem for the development people to fix.
Curtis
12-29-2011 11:27 AM
Curtis,
I read the case notes. Unfortunately it does not appear that any troubleshooting was done. Did you try to connect with Windows 7 booted into Safe Mode? That is a good indication of whether the OS is functioning properly. If you can connect in Safe Mode you should be able to find a way to connect when you boot normally.
12-31-2011 07:29 AM
mpyhala -
Yes, I have tried several times to run Win 7 in the 'safe with networking' mode. The results were the same.
From what I have observed, the most informative logs are the router logs, not the client logs. The router has to build the appropriate logical structures before it can receive or respond to a 'ping.'
Perhaps the client is sending the wrong negotiation information. I don't know. I haven't looked inside the packets with Wireshark to see what might be wrong with them. I will be glad to acquire the pcap file from a failed session and forward it to you if you want to look at it.
Have a good New Year.
Curtis
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide