Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6395
Views
0
Helpful
7
Replies

Windows 7 VPN client 5.0.07 0410 wrong default gateway

b_learoyd
Level 1
Level 1

‎01-21-2011 03:09 AM

This is terminating on an ASA c5510 sec+ running 8.3(2)  Client devices running XP with the same VPN client get an address from the ASA pool e.g. 10.10.50.1 with no default gateway. Users are able to connect without a problem.  Windows 7 (32bit) clients with this same VPN client get this address but get a default gateway 10.10.50.2 and are unable to connect for obvious reasons.

Things tried so far:

  • after re-imageing the client device (to re-gain virgin OS install) doing a DNE pre-install then deleteing ndis.sys and allowing W7 to do recovery
  • checking advance settings under network to ensure that the Virtual adapter is top of the stack
  • checked NIC driver (grasping at straws)
  • debugged ISA/IPSEC to check gateway is not being pushed by the ASA
  • tried route delete, route add to adjust the gateway on the client (desperation)
  • even though the NIC settings on the Virtual Adapter are set to DHCP when you look at the settings with the VPN connected these are changed (by something?) to define the rougue gateway as a static variable (confusion)

All of this has proved futile and I'm now out of ideas.

Who knows how to fix it ?  This can't be the first instance of this.

Thanks in Advance.

Barry

Labels:
0 Helpful
7 Replies 7

rahgovin
Level 4
Level 4

‎01-21-2011 08:17 AM

This is expected behaviour from Vista onwards as it does not allow the default gateway to be the same as the ip address assigned, hence the next ip address in the pool is given. But the behaviour is still the same. From what you have said, you are able to connect using Win XP but not Win7 right? Are you using any kind of Broadband card on Win 7 to connect?

0 Helpful

b_learoyd
Level 1
Level 1
In response to rahgovin

‎01-21-2011 09:01 AM

Hi Rahul,

no broadband card just the onboard NIC (laptop)

Correct - can connect when everything else is the same except that the OS is XP

Connection to the Internet is via an ADSL broadband router cat5 (not wLAN)

I have a ticket open with Cisco TAC - the race is on to find the answer before they do

Regards

Barry

0 Helpful

rahgovin
Level 4
Level 4
In response to b_learoyd

‎01-21-2011 09:31 AM

:-) I would check to see if you are encapsulating packets at all from the client side. This can be seen on the statistics. Also a capture on  the vpn adapater would help.

Do you have split tunneling configured? Are you able to hit the internet once connected?

0 Helpful

b_learoyd
Level 1
Level 1
In response to rahgovin

‎01-24-2011 04:11 AM

Hi Rahul,

yes - its passing encrypted traffic see attached.  No split tunnel.

Cisco TAC are floundering and can't point me at any documents that tell me how to fix this.

I'm remote from this problem so I have to ask my (very patient) customer to do stuff (e.g captures) on my behalf.

I don't have a W7 machine available at my location to replicate the problem.

Very sceptical that this is the first occurence of this problem and that troubleshooting needs to start from basics.

Rgds.

Barry

79234-tunnel-info.JPG
Preview file
98 KB
0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to b_learoyd

‎01-25-2011 08:17 AM

Hi Barry,

I am assuming that when not connected to VPN you don't any IP address or gateway on the VPN client adapter on the Win7 PC. Can you get the VPN client logs when connecting from the Win7 PC?

Is this the behavior with all Win7 PCs, that is, have you tried with different Win7 machines? Is it possible to get a config from the headend as well?

Cheers,

Prapanch

0 Helpful

b_learoyd
Level 1
Level 1
In response to praprama

‎01-25-2011 09:11 AM

Hi Prapanch

No offence . . . .  but you need to read the complete thread before posting re:IP address & gateway

I'm not posting head end config because the config works with XP

There are no W7 specific parameters with ASA 8.3(2)

Multiple W7 machines have been used to test this.

We are looking at extracting level 15 logs from the client end - I will post if they don''t give an obvious answer.

TAC still not able to resolve this.

Rgds

Barry

0 Helpful

mstacey_2
Level 1
Level 1
In response to b_learoyd

‎01-19-2012 11:22 AM

You are not alone. I have same issue

Windows 7 Pc. Cisco VPN into ASA 8.4 using the same .pcf file as is used on my winxp machine

Winxp connects and I can ping the ASA inside network

Win7 machine connects but you can not get to the ASA inside network?

0 Helpful
Top