01-05-2010 07:10 AM
Hi All,
We have a Cisco VPN to a client system. We are able to connect to the VPN of the client system successfully. However we are not able to access any IP from the remote Network. We tried to ping the default gateway and this also times out. I am able to ping only my IP.
Our network IP range is in 192.168.2.xx
The client IP range is in 192.168.4.xx
After the VPN connection If I look into IP Config
1) I get a correct 192.168.4.xx IP address range
2) The default gateway is also correct 192.168.4.x
I am not able to Ping any other IP from the remote network except my own IP.
I have attached the CISCO VPN log. I have masked the PUBLIC IP and the Domain name.
In the Cisco properties, we have set
1) Enable Transparent Tunneling
2) IPSEC over UDP (NAT / PAT)
3) Allow Local Network to TRUE
We see that the error AddRoute failed to add a route: code 87 coming in the LOG file.
Could you please help us with this problem.
Thanks and Regards
Chandrasekhar
------ CISCO VPN LOG -------------------
Cisco Systems VPN Client Version 4.8.02.0010
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
Config file directory: C:\Program Files\Cisco Systems\VPN Client
1 19:51:47.977 01/05/10 Sev=Info/4 CM/0x63100002
Begin connection process
2 19:51:47.993 01/05/10 Sev=Info/4 CM/0x63100004
Establish secure connection
3 19:51:47.993 01/05/10 Sev=Info/4 CM/0x63100024
Attempt connection with server "PUBLIC IP ADDRESS"
4 19:51:48.102 01/05/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
5 19:51:48.149 01/05/10 Sev=Info/4 CM/0x63100015
Launch xAuth application
6 19:51:48.321 01/05/10 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
7 19:51:48.321 01/05/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
8 19:52:00.977 01/05/10 Sev=Info/4 CM/0x63100017
xAuth application returned
9 19:52:01.024 01/05/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
10 19:52:01.133 01/05/10 Sev=Info/4 CM/0x63100019
Mode Config data received
11 19:52:02.023 01/05/10 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.4.168/255.255.255.0
DNS=192.168.4.250,192.168.4.252
WINS=0.0.0.0,0.0.0.0
Domain=<DOMAIN NAME>
Split DNS Names=
12 19:52:02.039 01/05/10 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route: code 87
Destination 192.168.2.255
Netmask 255.255.255.255
Gateway 192.168.4.1
Interface 192.168.4.168
13 19:52:02.039 01/05/10 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a802ff, Netmask: ffffffff, Interface: c0a804a8, Gateway: c0a80401.
14 19:52:02.054 01/05/10 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
15 19:52:02.054 01/05/10 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
16 19:52:02.117 01/05/10 Sev=Info/4 CM/0x6310001A
One secure connection established
17 19:52:02.226 01/05/10 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.2.178. Current hostname: mm0007, Current address(es): 192.168.4.168, 192.168.2.178.
18 19:52:02.226 01/05/10 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.4.168. Current hostname: mm0007, Current address(es): 192.168.4.168, 192.168.2.178.
19 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
20 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
21 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x777eb224 into key list
22 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
23 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x2f0ab19d into key list
24 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.4.168
25 19:52:02.226 01/05/10 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 192.168.2.178. SG: "PUBLIC IP ADDRESS"
26 19:52:02.226 01/05/10 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 1.
------ CISCO VPN LOG -------------------
01-05-2010 07:24 AM
After you connect, go to Status -> Statistics in the vpn client. Check to see if transparent tunneling is actually active. If not, this is most likely a nat-traversal issue on the firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide