01-21-2011 03:09 AM
This is terminating on an ASA c5510 sec+ running 8.3(2) Client devices running XP with the same VPN client get an address from the ASA pool e.g. 10.10.50.1 with no default gateway. Users are able to connect without a problem. Windows 7 (32bit) clients with this same VPN client get this address but get a default gateway 10.10.50.2 and are unable to connect for obvious reasons.
Things tried so far:
All of this has proved futile and I'm now out of ideas.
Who knows how to fix it ? This can't be the first instance of this.
Thanks in Advance.
Barry
01-21-2011 08:17 AM
This is expected behaviour from Vista onwards as it does not allow the default gateway to be the same as the ip address assigned, hence the next ip address in the pool is given. But the behaviour is still the same. From what you have said, you are able to connect using Win XP but not Win7 right? Are you using any kind of Broadband card on Win 7 to connect?
01-21-2011 09:01 AM
Hi Rahul,
no broadband card just the onboard NIC (laptop)
Correct - can connect when everything else is the same except that the OS is XP
Connection to the Internet is via an ADSL broadband router cat5 (not wLAN)
I have a ticket open with Cisco TAC - the race is on to find the answer before they do
Regards
Barry
01-21-2011 09:31 AM
:-) I would check to see if you are encapsulating packets at all from the client side. This can be seen on the statistics. Also a capture on the vpn adapater would help.
Do you have split tunneling configured? Are you able to hit the internet once connected?
01-24-2011 04:11 AM
Hi Rahul,
yes - its passing encrypted traffic see attached. No split tunnel.
Cisco TAC are floundering and can't point me at any documents that tell me how to fix this.
I'm remote from this problem so I have to ask my (very patient) customer to do stuff (e.g captures) on my behalf.
I don't have a W7 machine available at my location to replicate the problem.
Very sceptical that this is the first occurence of this problem and that troubleshooting needs to start from basics.
Rgds.
Barry
01-25-2011 08:17 AM
Hi Barry,
I am assuming that when not connected to VPN you don't any IP address or gateway on the VPN client adapter on the Win7 PC. Can you get the VPN client logs when connecting from the Win7 PC?
Is this the behavior with all Win7 PCs, that is, have you tried with different Win7 machines? Is it possible to get a config from the headend as well?
Cheers,
Prapanch
01-25-2011 09:11 AM
Hi Prapanch
No offence . . . . but you need to read the complete thread before posting re:IP address & gateway
I'm not posting head end config because the config works with XP
There are no W7 specific parameters with ASA 8.3(2)
Multiple W7 machines have been used to test this.
We are looking at extracting level 15 logs from the client end - I will post if they don''t give an obvious answer.
TAC still not able to resolve this.
Rgds
Barry
01-19-2012 11:22 AM
You are not alone. I have same issue
Windows 7 Pc. Cisco VPN into ASA 8.4 using the same .pcf file as is used on my winxp machine
Winxp connects and I can ping the ASA inside network
Win7 machine connects but you can not get to the ASA inside network?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide