Have an issue where the workstation connects to the remote router using Cisco VPN Client successfully, but cannot receive traffic, but can...... I can see the connection with sh cry isa sa, and can see the packets encrypt/decrypt via sh cry ipse sa, as well as see the encrypt/decrypt in the VPN Client status, these numbers match up with the number of pings that are sent across the tunne. I can also see the ougoing and incoming packets with wireshark on the Cisco adapter on the workstation that is connected over the tunnel, icmp to:x.x.x.37 from:x.x.x.100, icmp from:x.x.x.100 to:x.x.x.37. Even with wireshark seeing the traffic, the requests time out. Any ideas?
If you are seeing packets encrypted/decrypted on both sites, but not getting an actual response, it sounds like tough one.
Have you tried disabling the client's firewall?
Also, you to discard a possible problem with the VPN virtual adapter have you tried to uninstall/reinstall the VPN Client?
Sorry, the suggetions I'm giving you are very basic but it definetely sounds kind of a weird problem...
Let me know how it goes.
Well, we technically are getting the response, but it sounds like it's just not sending it to the host after the VPN software decrypts the packet. Yes, windows firewall is disabled, and I have also disabled McAfee to no avail. As far as the installation of the software, this is a fresh image that I deployed a few days ago to correct the same issue.....new hardware, fesh image, fresh install of Cisco VPN. I think I'm going to reboot the router tonight (I need to upgrade from 25c to 25f anyways) and then see what happens. Thanks for the suggestions.
Unfortunately it's the only workstation in this remote site. All of the other remote site connections are working fine, of course they are connecting to other routers, asa, or 3Ks. The configs look pretty much the same (excluding IP addresses of course) as the other sites that have client vpn connecitons.
You're not using wireless 4g modems by any chance are you? We had the same issue and had to reset our modems to work in 3g only. Seems in 4g you get a private ip and not a public one and the vpn will connect but that was all. Couldn't ping internal systems.
Nope, all of this is over ethernet. It goes from our |router|---BP network---|Our PC|, router terminates the VPN connection. I have had the privilege of setting up site-to-site vpns over 3g though Don .
I aced the Windows Firewall and turned off McAfee, the local nic and the ip address respond to icmp when I ping locally, but not across the VPN....it USED to work though, and "nothing" was changed. I'm just going to open a TAC case next week, the guy who set all of this up is not here any more and none of us really have any xp with client vpns or the cosci vpn client, just simple site-to-site.