cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7367
Views
0
Helpful
4
Replies

Cisco VPN all packets are discarded or bypassed - UDP to 62515 is not sent

pkouzmitcheu
Level 1
Level 1

I have Windows 7 and Cisco VPN Client 5.0.07.0290

I'm not able to work with company VPN from home. I can connect to VPN,  but after being connected nothing works and in VPN statistics I see that  all packets are discarded or bypassed.

In the logs of problematic PC VPN I noticed that it sends DPD_REQUEST and receives DPD_ACK in loop,  and nothing beyond that happens. Looks VPN client for some reason is  not satisfied with DPD_ACK and sends DPD_REQUEST again, but I don't see  any errors in the log.

I have another PC at home, and it works fine with the same VPN , through the same internet access.

I recorded communication with VPN server from both "good" and "bad" PCs. Basically VPN handshake (if I can call it that way) contains 15 ISAKMP  packets sent to and from VPN server (not including nat-keepalive  packets). Normal handshake finishes with DPD_REQUEST following DPD_ACK  message both ISAKMP packets - 130 byte. In case of bad  handshake  DPD_REQUEST and DPD_ACK are sent in loop.

I notice 2 differences in communication with VPN server, which may give a clue what is wrong:

1. On Good PC, VPN handshake starts with UDP packet 58 bytes, sent to  VPN port 62515. Similar UDP packet 54 bytes is sent by the end of  handshake, before DPD_REQUEST . On Bad PC these 2 UDP packets are not sent for some reason.

2. Order and sizes of ISAKMP packets are the same on both PCs except  one. The Packet contains Transaction (Config mode) encrypted data, the  packet size on good is 234 on bad 226 bytes.

I think the point 1 may be the reason, though I'm not sure.

Please, help me to understand why 2 UDP packets are not sent from  failing machine? I checked firewall, looks it is not its fail.

4 Replies 4

Varinder Singh
Cisco Employee
Cisco Employee

Are you using 64 bit or 32 bit version of windows 7? What kind of internet connection are you using ?

Regards,

Varinder



P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

Regards, Varinder P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

I'm using 64 bits version. I'm connected through fiber optic - Verizon FiOS. Besides of Verizon modem/router I have my own wifi router. I tried VPN client while beign connected through wifi and though cable connected directly to modem. None of its worked from "bad" PC.

Note: I don't think the issue is related to connection - I installed VPN clien to 2 other computers, and they were able to connect to my work VPN without any issues. I think the issue is somewhere either in my system - e.g. network or virtual adapter, or, something happened with VPN client - maybe some wrong values in registry, which stay there even I reinstall the clien.

pkouzmitcheu
Level 1
Level 1

The problem is fixed and it was silly simple. I uninstalled Zone Alarm  firewall, and now it works. I didn't suspect the firewall as I trusted  it too much: I checked it configuration multiple times, and I tried disabling it  multiple times (snooze firewall for 5 minutes), I also remove its services from windows start.

But that wasn't enough, the enough was to uninstall it  completely in my case. Not sure why UDP to 62515 was blocked.

Thanks for the hint! In my case it was Kaspersky. Just disabling /stopping did not help. Had to uninstall it and reboot PC and it started working!!