cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14760
Views
5
Helpful
19
Replies

QuickVPN in Windows 7 not connecting to RVS4000

ValRader0
Level 1
Level 1

When I use QuickVPN under XP, I connect to my RVS4000 without problems.  When I switch to new computer running Windows 7 and V4.2.1 QuickVPN I can get all the way to Verifying Network.   Then I get the message that: "The remote gateway is not responding.  Do you want to wait?"  - repeatedly.  The icon in the tool bar remains with a red slash and I am unable to ping devices on the lan side of the router.  However, when I check the VPN Summary on the router, I see that it thinks I'm connected.  When I check the VPN log I see that I am not:

Oct 12 10:27:53 - Configuration changed!

Oct 12 10:28:33 - Configuration changed!

Oct 12 10:28:34 - [VPN Log]: added connection description "ValR_rw_rw"

Oct 12 10:28:34 - [VPN Log]: listening for IKE messages

Oct 12 10:28:34 - [VPN Log]: adding interface ipsec0/ppp0 69.161.30.166:500

Oct 12 10:28:34 - [VPN Log]: adding interface ipsec0/ppp0 69.161.30.166:4500

Oct 12 10:28:34 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [RFC 3947]

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [FRAGMENTATION]

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring Vendor ID payload [Vid-Initial-Contact]

Oct 12 10:28:46 - [VPN Log]: packet from 65.74.6.130:23434: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]

Oct 12 10:28:46 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: responding to Main Mode from unknown peer 65.74.6.130

Oct 12 10:28:46 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Oct 12 10:28:46 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: STATE_MAIN_R1: sent MR1, expecting MI2

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: STATE_MAIN_R2: sent MR2, expecting MI3

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[1] 65.74.6.130 #1: Main mode peer ID is ID_IPV4_ADDR: '172.22.30.11'

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: deleting connection "ValR_rw_rw" instance with peer 65.74.6.130 {isakmp=#0/ipsec=#0}

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: I did not send a certificate because I do not have one.

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: responding to Quick Mode {msgid:01000000}

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Oct 12 10:28:47 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Oct 12 10:28:49 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: route-client output: 0

Oct 12 10:28:49 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Oct 12 10:28:49 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xd7f3050c <0xe98d074f xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}

Oct 12 10:33:48 - [VPN Log]: | NAT-T: new mapping 65.74.6.130:23434/44824)

Oct 12 10:33:48 - [VPN Log]: | pfkey_lib_debug:pfkey_msg_parse: satype 0 conversion to proto failed for msg_type 2 (update).

Oct 12 10:33:48 - [VPN Log]: | pfkey_lib_debug:pfkey_msg_build: Trouble parsing newly built pfkey message, error=-22.

Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #2: pfkey_msg_build of Add SA esp.e98d074f@69.161.30.166 failed, code -22

Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: received Delete SA(0xd7f3050c) payload: deleting IPSEC State #2

Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130 #1: terminating SAs using this connection

Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw" #2: deleting state (STATE_QUICK_R2)

Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw" #1: deleting state (STATE_MAIN_R3)

Oct 12 10:33:48 - [VPN Log]: "ValR_rw_rw"[2] 65.74.6.130: deleting connection "ValR_rw_rw" instance with peer 65.74.6.130 {isakmp=#0/ipsec=#0}

Oct 12 10:33:49 - [VPN Log]: "ValR_rw_rw": unroute-client output: 0

Oct 12 10:33:49 - [VPN Log]: packet from 65.74.6.130:44824: received and ignored informational message

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [RFC 3947]

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [FRAGMENTATION]

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [Vid-Initial-Contact]

Oct 12 11:45:11 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]

Oct 12 11:45:11 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: responding to Main Mode from unknown peer 65.74.6.130

Oct 12 11:45:11 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Oct 12 11:45:11 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: STATE_MAIN_R1: sent MR1, expecting MI2

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [RFC 3947]

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [FRAGMENTATION]

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring Vendor ID payload [Vid-Initial-Contact]

Oct 12 11:45:13 - [VPN Log]: packet from 65.74.6.130:8426: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: responding to Main Mode from unknown peer 65.74.6.130

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: STATE_MAIN_R1: sent MR1, expecting MI2

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: STATE_MAIN_R2: sent MR2, expecting MI3

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #3: Main mode peer ID is ID_IPV4_ADDR: '172.22.30.11'

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #3: I did not send a certificate because I do not have one.

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: responding to Quick Mode {msgid:01000000}

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Oct 12 11:45:13 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Oct 12 11:45:15 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: route-client output: 0

Oct 12 11:45:15 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Oct 12 11:45:15 - [VPN Log]: "ValR_rw_rw"[4] 65.74.6.130 #5: STATE_QUICK_R2: IPsec SA established {ESP=>0xe15a35e6 <0xe98d0750 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}

Oct 12 11:46:23 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130 #4: max number of retransmissions (2) reached STATE_MAIN_R1

Oct 12 11:46:23 - [VPN Log]: "ValR_rw_rw"[3] 65.74.6.130: deleting connection "ValR_rw_rw" instance with peer 65.74.6.130 {isakmp=#0/ipsec=#0}

I've disabled MS Security Essentials and made sure the Firewall is on.  IPSec  Policy Agent and IKE and AuthIP IPSec Keying Modules services are both started.  I've created a rule to allow QuickVPN throught the firwall in and out and a rule to let traffic on 443 and 60443 UDP and TCP through the Firewall.  Still no luck.  Perhaps someone with more experience reading the logs can help me understand what is happening. 

Thanks,

-ValR

19 Replies 19

mpyhala
Level 7
Level 7

Hi Val,

Thank you for posting. Go to Program Files-> Cisco Small Business-> QuickVPN (Or equivalent) and look for log.txt. See if some of the last lines show "Failed to ping remote VPN router!" When you talk about creating a rule, do you mean on the router that you are connecting from? Most routers have "VPN Passthrough" and all you need to do is enable IPSec passthrough. If you insist on opening ports, open 500 and 4500 as well.

Please reply and tell us what the client log shows. If it is "Failed to ping remote VPN router!", that means that the PC is blocking the ping replies from the router. This is usually caused by third party firewall or antivirus software. Disable or remove any such software.

Thanks for the link.  I didn't know there was a log file for QuickVPN.  Here is what the unsuccessful log in file looks like  from the W7 machine:

2011/10/12 14:03:41 [STATUS]OS Version: Windows 7

2011/10/12 14:03:41 [STATUS]Windows Firewall Domain Profile Settings: ON

2011/10/12 14:03:41 [STATUS]Windows Firewall Private Profile Settings: ON

2011/10/12 14:03:41 [STATUS]Windows Firewall Private Profile Settings: ON

2011/10/12 14:03:41 [STATUS]One network interface detected with IP address 172.22.30.11

2011/10/12 14:03:41 [STATUS]Connecting...

2011/10/12 14:03:41 [DEBUG]Input VPN Server Address = 69.161.30.166

2011/10/12 14:03:41 [STATUS]Connecting to remote gateway with IP address: 69.161.30.166

2011/10/12 14:03:42 [WARNING]Server's certificate doesn't exist on your local computer.

2011/10/12 14:03:48 [STATUS]Remote gateway was reached by https ...

2011/10/12 14:03:48 [STATUS]Provisioning...

2011/10/12 14:03:57 [STATUS]Success to connect.

2011/10/12 14:03:57 [STATUS]Tunnel is configured. Ping test is about to start.

2011/10/12 14:03:57 [STATUS]Verifying Network...

2011/10/12 14:04:03 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:06 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:09 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:12 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:15 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:21 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

2011/10/12 14:04:31 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:34 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:37 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:40 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:43 [WARNING]Failed to ping remote VPN Router!

2011/10/12 14:04:45 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

2011/10/12 14:04:48 [STATUS]Disconnecting...

2011/10/12 14:04:55 [STATUS]Success to disconnect.

Here is what the successful log from the XP machine on the same subnet looks like:

2011/10/12 13:53:56 [STATUS]OS Version: Windows XP
2011/10/12 13:53:56 [STATUS]Windows Firewall is ON
2011/10/12 13:53:56 [STATUS]One network interface detected with IP address 172.22.30.134
2011/10/12 13:53:56 [STATUS]Connecting...
2011/10/12 13:53:56 [DEBUG]Input VPN Server Address = 69.161.30.166
2011/10/12 13:53:56 [STATUS]Connecting to remote gateway with IP address: 69.161.30.166
2011/10/12 13:54:06 [WARNING]Remote gateway wasn't reached...
2011/10/12 13:54:06 [WARNING]Failed to connect.
2011/10/12 13:54:07 [WARNING]Server's certificate doesn't exist on your local computer.
2011/10/12 13:54:16 [STATUS]Remote gateway was reached by https ...
2011/10/12 13:54:16 [STATUS]Provisioning...
2011/10/12 13:54:22 [STATUS]Success to connect.
2011/10/12 13:54:22 [STATUS]Tunnel is configured. Ping test is about to start.
2011/10/12 13:54:22 [STATUS]Verifying Network...
2011/10/12 13:54:26 [WARNING]Failed to ping remote VPN Router!
2011/10/12 13:54:27 [WARNING]Failed to ping remote VPN Router!
2011/10/12 13:54:31 [WARNING]Failed to ping remote VPN Router!
2011/10/12 13:54:41 [STATUS]Disconnecting...
2011/10/12 13:54:46 [STATUS]Success to disconnect.

At 13:54:31 I was logged on and pinged a device on the other side of the vpn router.

So, while both seem to be having trouble getting a ping from the remote VPN router, the W7 machine seems to be having more trouble, and perhaps, as you say, there is a setting blocking the com.

Here is what a direct ping from cmd to the remote vpn router from the W7 machine looks like:

Pinging 69.161.30.166 with 32 bytes of data:
Reply from 69.161.30.166: bytes=32 time=111ms TTL=51
Reply from 69.161.30.166: bytes=32 time=116ms TTL=51
Reply from 69.161.30.166: bytes=32 time=159ms TTL=51
Reply from 69.161.30.166: bytes=32 time=121ms TTL=51

Ping statistics for 69.161.30.166:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 111ms, Maximum = 159ms, Average = 126ms

The W7 computer is new and other than Windows Security Essentials, on which I turned off the real time monitoring, I don't believe I have any other security software.  OTOH, the XP computer, with Windows Security Essentials running, connects.

Thanks,

-Val

Hi Val,

do you have just one network interface active on your W7 machine or more? This happens when there is more than one network interface (gateway) available.

Regards,

Abudef000

Thanks abudef000.

I think I have only one active interface.  Here is my ipconfig /all output: (Ignore XX)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : CATMSLT5
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : LAN9500 USB 2.0 to Ethernet 10/100 Adapter
   Physical Address. . . . . . . . . : 00-0B-97-57-XX-XX
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1914:de4f:90aa:56ca%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.22.30.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.22.30.1
   DHCPv6 IAID . . . . . . . . . . . : 436210583
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8B-32-32-70-58-12-25-XX-XX
   DNS Servers . . . . . . . . . . . : 209.165.131.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wan
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN
   Physical Address. . . . . . . . . : 18-3D-A2-4C-XX-XX
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : DMS
   Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 70-58-12-25-XX-XX
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{314DB6FB-59C1-4613-897F-532B3010B662}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14ff:3bf7:53e9:e1f4(Preferred)
   Link-local IPv6 Address . . . . . : fe80::14ff:3bf7:53e9:e1f4%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.DMS:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


-Val

Hi Val,

Thanks for the updates. I should have mentioned that "[WARNING]Failed to ping remote VPN Router!" is normal in the logs with a successful connection. If you see it 5 times followed by: "[WARNING]Ping was blocked, which can be caused by an unexpected disconnect." that usually means that the PC is blocking the ping response from the router. I am not sure in this case what could be causing the issue. I have seen a few rare cases where the Windows Firewall needed to be configured to allow ICMP. You might also try right clicking the QuickVPN icon and "Run as Administrator"

I have a similar configuration with similar results.  XP works and Win 7 does not.  I even have a similar set of logs.

Did you find a solution, if so, please share it, thanks.

Hi Curtis,

Unfortunately the computer that I was having a problem with was rolled back to XP (for other compatibility reasons) before I could test installation under Windows 7.  I have a Windows 7 x64 machine on which QVPN does work and I'll see if there is anything in the setup that I can pass on.  I probably installed it as administrator.  I may have run the install file with XP compatibility.   At present all I can do is look in the properties and see if I am running it in XP compatibility mode and/or as administrator.

In Windows 7 Professional, there is an XP Virtual machine.  When asking techs from around the country to login to my system and help me troubleshoot it, I have found that if they have this capability, they can make QVPN work but it is a PIA.

I'll try to remember to check out my personal machine and see if I can reverse engineer my install proceedure.  LOL

-Val

Val - Thanks for the offer of assistance.  Anything you can do would be appreciated.  Don't knock yourself out though.

I started investigating with Wireshark and looking at the logs from the router.  I could see that the necessary NAT entry wasn't being built at the router.  I opened a support issue with Cisco and they closed it by telling me that QuickVPN / RVS4000 was not entirely compatible with Windows 7, 64 bit and that they are continuing to work on it.  But, they do not have a new release date yet...

Curtis

Curtis,

QuickVPN works fine with Windows 7 64-bit. I use it myself and I have worked with hundreds of customers that use it as well. That being said, it can be a little more difficult to make it work properly. Usually the culprit is some third party firewall or antivirus software, including Microsoft Security Essentials. Did the support engineer give you a case number? I would like to see what troubleshooting was done in your case and maybe I can assist. Also, have you tried to connect in Safe Mode?

Can't shed much light on this issue.  My home computer running W7x64 is running QVPN just fine under W7 over my LAN and cable ISP.  I may have installed it as an administrator, but I'm not running it in XP mode or as Administrator.

I have noticed that I've had trouble, even under XP, when using very large network LANx/WANs, such as the network I use at my job working for the State. 

-Val

mpyhala -

You can find my discussion with keywords quickvpn, rvs4000, and ping.

Case # should be posted there.

Thanks

Curtis

Val -

If the VPN firewall is having trouble building NAT table entries, it could be having other NAT problems as well.  Your large LAN problem could easily be that the VPN router is running out of space for 'magic numbers' in its tables.  That would be another problem for the development people to fix.

Curtis

Curtis,

I read the case notes. Unfortunately it does not appear that any troubleshooting was done. Did you try to connect with Windows 7 booted into Safe Mode? That is a good indication of whether the OS is functioning properly. If you can connect in Safe Mode you should be able to find a way to connect when you boot normally.

mpyhala -

Yes, I have tried several times to run Win 7 in the 'safe with networking' mode.  The results were the same.

From what I have observed, the most informative logs are the router logs, not the client logs.  The router has to build the appropriate logical structures before it can receive or respond to a 'ping.'

Perhaps the client is sending the wrong negotiation information.  I don't know.  I haven't looked inside the packets with Wireshark to see what might be wrong with them.  I will be glad to acquire the pcap file from a failed session and forward it to you if you want to look at it.

Have a good New Year.

Curtis