Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6538
Views
0
Helpful
6
Replies

Cisco VPN connection problem

zak_taylor
Level 1
Level 1

‎12-02-2010 12:38 PM

Hello,

I am a contractor for a customer of mine who has a Cisco ASA box with an IPsec VPN set up too allow me remote access.  I can connect and do my work through the VPN at home without any problems, but from my office I can login to the vpn just fine (at least it appears to be fine), however when I try to remote in to the machine that I always use from home I can't get in.  I can't ping it either.  I can't do anything.

How should I begin to troubleshoot this?  All of the settings appear to be the same between home and my office.  Both Windows 7 64 bit (but different editions) and both using the same Cisco VPN client 5.0.07.0290.

Any help is appreciated.

Thanks.

Labels:
0 Helpful
6 Replies 6

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-02-2010 01:15 PM

Hi,

Can you connect from your office to a different site via a VPN connection and access the resources through the tunnel?

The reason I ask is because it might be possible that from your office, ESP is being blocked.

Federico.

0 Helpful

zak_taylor
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-02-2010 01:40 PM

I have successfully used a Juniper VPN from the office and had no problems.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to zak_taylor

‎12-02-2010 01:45 PM

When connecting remotely from a VPN client there are several ways to connect.

For example, using IPsec/UDP, NAT-T, IPsec/TCP.

If the ASA allows IPsec/TCP you can try that in case that regular UDP 500 is being blocked.

When connecting normally from the office you can right click on the VPN client and check under statistics to see if packets are being sent from the client (encrypted), also check if packets are being received (decrypted).

Federico.

0 Helpful

zak_taylor
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-02-2010 02:55 PM

I had already tried IPsec/TCP and it did not work either.

When I look at the VPN client statistics I see a lot of bytes sent, but none received.  I also see many encrypted packets, but none decrypted and many "discarded" or "bypassed".

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to zak_taylor

‎12-02-2010 02:58 PM

With the ASAs now you can create an ACL applied to the outside interface and filter traffic directed to-the-box.

Just to check could this be the case?

The ACL could be allowing VPN traffic from certain IPs only?

Do you have access to the ASA's configuration?

Federico.

0 Helpful

zak_taylor
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-02-2010 03:14 PM

No, I don't have access to the ASA's configuration, but I don't think that's the problem because I've worked with the tech that setup the vpn and he knows I'm trying to connect.  Plus, I don't have a static IP at home so I would expect to have connection issues from home as well if IP filtering were enabled.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents