Windows 7 VPN client 5.0.07 0410 wrong default gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2011 03:09 AM
This is terminating on an ASA c5510 sec+ running 8.3(2) Client devices running XP with the same VPN client get an address from the ASA pool e.g. 10.10.50.1 with no default gateway. Users are able to connect without a problem. Windows 7 (32bit) clients with this same VPN client get this address but get a default gateway 10.10.50.2 and are unable to connect for obvious reasons.
Things tried so far:
- after re-imageing the client device (to re-gain virgin OS install) doing a DNE pre-install then deleteing ndis.sys and allowing W7 to do recovery
- checking advance settings under network to ensure that the Virtual adapter is top of the stack
- checked NIC driver (grasping at straws)
- debugged ISA/IPSEC to check gateway is not being pushed by the ASA
- tried route delete, route add to adjust the gateway on the client (desperation)
- even though the NIC settings on the Virtual Adapter are set to DHCP when you look at the settings with the VPN connected these are changed (by something?) to define the rougue gateway as a static variable (confusion)
All of this has proved futile and I'm now out of ideas.
Who knows how to fix it ? This can't be the first instance of this.
Thanks in Advance.
Barry
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2011 08:17 AM
This is expected behaviour from Vista onwards as it does not allow the default gateway to be the same as the ip address assigned, hence the next ip address in the pool is given. But the behaviour is still the same. From what you have said, you are able to connect using Win XP but not Win7 right? Are you using any kind of Broadband card on Win 7 to connect?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2011 09:01 AM
Hi Rahul,
no broadband card just the onboard NIC (laptop)
Correct - can connect when everything else is the same except that the OS is XP
Connection to the Internet is via an ADSL broadband router cat5 (not wLAN)
I have a ticket open with Cisco TAC - the race is on to find the answer before they do
Regards
Barry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2011 09:31 AM
:-) I would check to see if you are encapsulating packets at all from the client side. This can be seen on the statistics. Also a capture on the vpn adapater would help.
Do you have split tunneling configured? Are you able to hit the internet once connected?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2011 04:11 AM
Hi Rahul,
yes - its passing encrypted traffic see attached. No split tunnel.
Cisco TAC are floundering and can't point me at any documents that tell me how to fix this.
I'm remote from this problem so I have to ask my (very patient) customer to do stuff (e.g captures) on my behalf.
I don't have a W7 machine available at my location to replicate the problem.
Very sceptical that this is the first occurence of this problem and that troubleshooting needs to start from basics.
Rgds.
Barry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2011 08:17 AM
Hi Barry,
I am assuming that when not connected to VPN you don't any IP address or gateway on the VPN client adapter on the Win7 PC. Can you get the VPN client logs when connecting from the Win7 PC?
Is this the behavior with all Win7 PCs, that is, have you tried with different Win7 machines? Is it possible to get a config from the headend as well?
Cheers,
Prapanch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2011 09:11 AM
Hi Prapanch
No offence . . . . but you need to read the complete thread before posting re:IP address & gateway
I'm not posting head end config because the config works with XP
There are no W7 specific parameters with ASA 8.3(2)
Multiple W7 machines have been used to test this.
We are looking at extracting level 15 logs from the client end - I will post if they don''t give an obvious answer.
TAC still not able to resolve this.
Rgds
Barry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2012 11:22 AM
You are not alone. I have same issue
Windows 7 Pc. Cisco VPN into ASA 8.4 using the same .pcf file as is used on my winxp machine
Winxp connects and I can ping the ASA inside network
Win7 machine connects but you can not get to the ASA inside network?
