Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7607
Views
0
Helpful
17
Replies

VPN client connected but no traffic

isoalbert
Level 1
Level 1

‎09-04-2014 10:36 AM

I'm currently using Cisco System VPN Client Version 5.0.07.0440 on Windows 8 x64.

I'm able to connect to my work network but I cannot access to the servers and I also cannot reach hosts using the PING. Maybe it's a routing problem of my personal pc? As you can see in the attached image that the traffic (Bytes in and Bytes out) is always 0.

 

route print -4
===========================================================================
Interface List
 76...b8 76 3f 3b 2b 97 ......Microsoft Wi-Fi Direct Virtual Adapter #4
 75...a4 5d 36 6b 54 c6 ......Realtek PCIe FE Family Controller
 74...b8 76 3f 3b 2b 97 ......Realtek RTL8188EE 802.11bgn Wi-Fi Adapter
100...00 05 9a 3c 78 00 ......Cisco Systems VPN Adapter for 64-bit Windows
 42...54 f2 db 84 c9 2b ......Check Point Virtual Network Adapter For SSL Network Extender
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.11.1   192.168.11.114     30
     89.96.132.54  255.255.255.255     192.168.11.1   192.168.11.114    105
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.11.0    255.255.255.0         On-link    192.168.11.114    286
     192.168.11.1  255.255.255.255         On-link    192.168.11.114    105
   192.168.11.114  255.255.255.255         On-link    192.168.11.114    286
   192.168.11.255  255.255.255.255         On-link    192.168.11.114    286
     192.168.79.0    255.255.255.0     192.168.90.1    192.168.90.52    100
     192.168.90.0    255.255.255.0         On-link     192.168.90.52    281
    192.168.90.52  255.255.255.255         On-link     192.168.90.52    281
   192.168.90.255  255.255.255.255         On-link     192.168.90.52    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.11.114    286
        224.0.0.0        240.0.0.0         On-link     192.168.90.52    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.11.114    286
  255.255.255.255  255.255.255.255         On-link     192.168.90.52    281
===========================================================================
Persistent Routes:
  None

 

 

 

ipconfig

Windows IP Configuration


Wireless LAN adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : local
   Link-local IPv6 Address . . . . . : fe80::ad0c:6241:f8d4:ef01%74
   IPv4 Address. . . . . . . . . . . : 192.168.11.114
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.11.1

Ethernet adapter Cisco VPN:

   Connection-specific DNS Suffix  . : ***.it
   Link-local IPv6 Address . . . . . : fe80::c916:b9aa:9fd6:ea5a%100
   IPv4 Address. . . . . . . . . . . : 192.168.90.53
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.***.it:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ***.it

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:89c:773:ad96:5848
   Link-local IPv6 Address . . . . . : fe80::89c:773:ad96:5848%24
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

 

Labels:
Preview file
9 KB
0 Helpful
17 Replies 17

michael o'nan
Level 4
Level 4

‎09-04-2014 10:56 AM

Does anything show in the route details tab of your IPSec VPN client?

0 Helpful

isoalbert
Level 1
Level 1
In response to michael o'nan

‎09-04-2014 12:23 PM

screenshot attached. In the previous screenshot seems that all packets have been discarded or bypassed. Please tell me if other informations are needed, and how to get.

 

Ping still fails:

ping 192.168.79.1

Pinging 192.168.79.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.79.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Preview file
6 KB
0 Helpful

Sudhir Gupta
Level 1
Level 1
In response to isoalbert

‎09-04-2014 11:38 PM

HI can u share the network topology, 

it seems vpn or acl issues.

 

SKumar

0 Helpful

Walter Astori
Level 1
Level 1
In response to Sudhir Gupta

‎09-08-2014 01:56 AM

Do you connect in Internet with the USB key of TIM, VODAFONE or FASTWEB ?

0 Helpful

isoalbert
Level 1
Level 1
In response to Walter Astori

‎09-08-2014 02:05 AM

No USB key. I tryed using tethering of my Vodafone cell, and also with Telecom Italia at home. But with the BAD pc is not working, with the GOOD pc is working.

0 Helpful

Walter Astori
Level 1
Level 1
In response to isoalbert

‎09-08-2014 03:38 AM

Try to enable the log of the Cisco VPN Client.

On the screeshot about the config of your client i see that the network 192.168.79.0 has got the gateway 192.168.90.1. But in the screenshot about your ipconfig i see that IP of network card VPN Client is 192.168.90.53 but the Default gateway is missing. Why ?

0 Helpful

isoalbert
Level 1
Level 1
In response to Walter Astori

‎09-08-2014 11:38 PM

I don't know why. Please give mi some hints to try to fix. I attached a full log: route, ipconfig, Cisco Log, screenshot of VPN Client.

 

If something useful is missing tell me.

Preview file
20 KB
Preview file
9 KB
Preview file
9 KB
Preview file
6 KB
0 Helpful

Walter Astori
Level 1
Level 1
In response to isoalbert

‎09-09-2014 01:38 AM

I look your route and i can see that for the network 192.168.79.0 the gateway is 192.168.90.1. I think that for 192.168.79.0 the gateway is 192.168.90.57. Can you show me the config of your asa about the VPN Remote Access ?

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to isoalbert

‎09-05-2014 12:34 AM

Hi,

 

I see a different log in route print and ip config....

192.168.79.0    255.255.255.0     192.168.90.1    192.168.90.52    100

This above route print output says you have access to 192.168.79.0/24 through gateway 192.168.90.1 with interface ip as 192.168.90.52

Your ipconfig says

   IPv4 Address. . . . . . . . . . . : 192.168.90.53

 

Its quite confusing.....

 

Regards

Karthik

 

0 Helpful

Sudhir Gupta
Level 1
Level 1
In response to nkarthikeyan

‎09-05-2014 12:39 AM

Share me 

sh cry is sa

sh cry ip sa

 

0 Helpful

isoalbert
Level 1
Level 1
In response to Sudhir Gupta

‎09-05-2014 03:43 AM

I'm running Windows 8, it always worked and there was no changes on the firewall configuration, I removed all the Firewalls and Antivirus.

Should I run these commands on the Cisco ASA?

I tryed with another PC, in the same network. I configured the same setting on Cisco VPN Client. Here I attach the two files of route, ipconfig and ping related to te BAD pc and to the GOOD pc.

Preview file
9 KB
Preview file
7 KB
0 Helpful

Sudhir Gupta
Level 1
Level 1
In response to isoalbert

‎09-05-2014 03:57 AM

Yes Run these command on asa

0 Helpful

isoalbert
Level 1
Level 1
In response to Sudhir Gupta

‎09-05-2014 09:09 AM

user "albertom" is me with the BAD computer,

user "help" is me with the GOOD computer.

Preview file
9 KB
0 Helpful

Sudhir Gupta
Level 1
Level 1
In response to isoalbert

‎09-06-2014 02:06 AM

Hi, For albertom traffic is not getting encrypted, and for help i can see traffic is getting encrypted,

also u need to allow that traffic  for that servers . 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents