Most of our vpn users there is no problem.
but some users have problem.
they can establish a IPSec connection to VPN 3030 using Client 3.1
but they couldn't ping or session with our internal network.
but they can ping to internet sites.
they use private ip address and VPN client set IPsec through NAT
VPN client established statistics as follows:
Packets decrypted : 0
Packets encrypted : XXX
packet didn't decrypted.
is it a firewall problem in local ISP?
what should i do?
and when some user access the vpn 3030,
the log display QM FMS message in our VPN 3030
what does it means?
If you are only having problems with certain users, I would suggest looking through the vpn client's configuration. If that does not resolve the problem, you might want to open a TAC case.
Have you gotten any resolution with this? We are having the exact same issue at a few different locations. When the users dial-up and connect they are fine so its not a client config issue
We seem to have a similar if not the same issue here. On a PIX 525, we have successful VPN authentication using IAS for AD authentication. This works fine. But off and on, our users can ping, browse, connect to email etc and other times cannot. Last week it was absolutely perfect all week. But now this week it has had borblems every day. Then some users are fine, and others are not. What gives? Where do we go from here?
Bong, can you supply the complete 3000 and client logs when this occurrs.
For the 300 please turn events AUTH level 9, and IKE/IKEDBG level 9.
Also can you try with the latest 3000/client software release 3.6.X ? Is your client behind a NAT box?
We have a somewhat related issue.
User connect fine via IPSEC VPN to out 3030 concentrator through their Linksys wireless BEFW11s4 (rev 2.0) when Layer 1 physical connectivity is replaced with a cat 5 direct connection.
When they connect using wireless, the IPSEC tunnel comes up but are unable to pass any data. Packest decrypted = 0 as above
This is the same in all cases for all users at all locations.
The Cisco client in use is rev 3.6.2a and 3.5.1.
The wireless nic in use is a 3com 3crshpw_96.
The only logical thing we seem to be able to come up with may be physical layer or data-link layer issues such as frame size, encapsulation or fragmentation related issues at layer 2 but have no way to prove or disprove these theories.
Please try another wireless adapter, because there seem to be problems with this specific 3Com card (at least I have! :-). Switching over to another card solved the problem.