Cisco VPN Client connects, but doesn't....

nativevlan · ‎12-20-2011

Have an issue where the workstation connects to the remote router using Cisco VPN Client successfully, but cannot receive traffic, but can...... I can see the connection with sh cry isa sa, and can see the packets encrypt/decrypt via sh cry ipse sa, as well as see the encrypt/decrypt in the VPN Client status, these numbers match up with the number of pings that are sent across the tunne. I can also see the ougoing and incoming packets with wireshark on the Cisco adapter on the workstation that is connected over the tunnel, icmp to:x.x.x.37 from:x.x.x.100, icmp from:x.x.x.100 to:x.x.x.37. Even with wireshark seeing the traffic, the requests time out. Any ideas?

raga.fusionet · ‎12-20-2011

Matthew,

If you are seeing packets encrypted/decrypted on both sites, but not getting an actual response, it sounds like tough one.

Have you tried disabling the client's firewall?

Also, you to discard a possible problem with the VPN virtual adapter have you tried to uninstall/reinstall the VPN Client?

Sorry, the suggetions I'm giving you are very basic but it definetely sounds kind of a weird problem...

Let me know how it goes.

Raga

nativevlan · ‎12-20-2011

Well, we technically are getting the response, but it sounds like it's just not sending it to the host after the VPN software decrypts the packet. Yes, windows firewall is disabled, and I have also disabled McAfee to no avail. As far as the installation of the software, this is a fresh image that I deployed a few days ago to correct the same issue.....new hardware, fesh image, fresh install of Cisco VPN. I think I'm going to reboot the router tonight (I need to upgrade from 25c to 25f anyways) and then see what happens. Thanks for the suggestions.

raga.fusionet · ‎12-20-2011

To be honest, I dont think the problem is on the router side, but in these kind of cases it is always worth upgrading and rebooting .

Let us know how it goes.

nativevlan · ‎12-20-2011

I don't think that the issue is there either...but I'm out of ideas, short of opening an TAC.

raga.fusionet · ‎12-20-2011

Is this the only workstation that fails? How about other people?

nativevlan · ‎12-20-2011

Unfortunately it's the only workstation in this remote site. All of the other remote site connections are working fine, of course they are connecting to other routers, asa, or 3Ks. The configs look pretty much the same (excluding IP addresses of course) as the other sites that have client vpn connecitons.

raga.fusionet · ‎12-20-2011

I see, well, I still think it's a client issue and not a config problem. Let us know what you can find out.

Thanks.

nativevlan · ‎12-21-2011

No dice. I'm going to wait until Friday and then open a TAC case.

raga.fusionet · ‎12-21-2011

Well, keep us posted about their findings

Full71Monte · ‎12-21-2011

Hi,

You're not using wireless 4g modems by any chance are you? We had the same issue and had to reset our modems to work in 3g only. Seems in 4g you get a private ip and not a public one and the vpn will connect but that was all. Couldn't ping internal systems.

nativevlan · ‎12-21-2011

Nope, all of this is over ethernet. It goes from our |router|---BP network---|Our PC|, router terminates the VPN connection. I have had the privilege of setting up site-to-site vpns over 3g though Don .

Full71Monte · ‎12-21-2011

Just a thought. Have you enabled echo request in your pc's firewall? Did Quickvpn add the ports in the firewall? More issues I dealt with.

Don

nativevlan · ‎12-21-2011

I aced the Windows Firewall and turned off McAfee, the local nic and the ip address respond to icmp when I ping locally, but not across the VPN....it USED to work though, and "nothing" was changed. I'm just going to open a TAC case next week, the guy who set all of this up is not here any more and none of us really have any xp with client vpns or the cosci vpn client, just simple site-to-site.