Showing results for 
Search instead for 
Did you mean: 

Cisco VPN Client connects, but doesn't....


Have an issue where the workstation connects to the remote router using Cisco VPN Client successfully, but cannot receive traffic, but can...... I can see the connection with sh cry isa sa, and can see the packets encrypt/decrypt via sh cry ipse sa, as well as see the encrypt/decrypt in the VPN Client status, these numbers match up with the number of pings that are sent across the tunne.  I can also see the ougoing and incoming packets with wireshark on the Cisco adapter on the workstation that is connected over the tunnel, icmp to:x.x.x.37 from:x.x.x.100, icmp from:x.x.x.100 to:x.x.x.37. Even with wireshark seeing the traffic, the requests time out. Any ideas?

13 Replies 13



If you are seeing packets encrypted/decrypted on both sites, but not getting an actual response, it sounds like tough one.

Have you tried disabling the client's firewall?

Also, you to discard a possible problem with the VPN virtual adapter have you tried to uninstall/reinstall the VPN Client?

Sorry, the suggetions I'm giving you are very basic but it definetely sounds kind of a weird problem...

Let me know how it goes.


Well, we technically are getting the response, but it sounds like it's just not sending it to the host after the VPN software decrypts the packet. Yes,  windows firewall is disabled, and I have also disabled McAfee to no avail. As far as the installation of the software, this is a fresh image that I deployed a few days ago to correct the same hardware, fesh image, fresh install of Cisco VPN. I think I'm going to reboot the router tonight (I need to upgrade from 25c to 25f anyways) and then see what happens. Thanks for the suggestions.

To be honest, I dont think the problem is on the router side, but in these kind of cases it is always worth upgrading and rebooting .

Let us know how it goes.

I don't think that the issue is there either...but I'm out of ideas, short of opening an TAC.

Is this the only workstation that fails? How about other people?

Unfortunately it's the only workstation in this remote site. All of the other remote site connections are working fine, of course they are connecting to other routers, asa, or 3Ks. The configs look pretty much the same (excluding IP addresses of course) as the other sites that have client vpn connecitons.

I see, well, I still think it's a client issue and not a config problem. Let us know what you can find out.


No dice. I'm going to wait until Friday and then open a TAC case.

Well, keep us posted about their findings 



You're not using wireless 4g modems by any chance are you? We had the same issue and had to reset our modems to work in 3g only. Seems in 4g you get a private ip and not a public one and the vpn will connect but that was all. Couldn't ping internal systems.

Nope, all of this is over ethernet. It goes from our |router|---BP network---|Our PC|, router terminates the VPN connection. I have had the privilege of setting up site-to-site vpns over 3g though Don .

Just a thought. Have you enabled echo request in your pc's firewall? Did Quickvpn add the ports in the firewall? More issues I dealt with.


I aced the Windows Firewall and turned off McAfee, the local nic and the ip address respond to icmp when I ping locally, but not across the USED to work though, and "nothing" was changed. I'm just going to open a TAC case next week, the guy who set all of this up is not here any more and none of us really have any xp with client vpns or the cosci vpn client, just simple site-to-site.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: