f



Cisco VPN Client not working. Strange VPN Adapter behavior.

I am working with an ASA running 8.x and a Cisco VPN client running
4.6.03.0021. The client connects fine (passes phase 1 and phase2 and
traffic flows downstream of the ASA which I have sniffed. It appears
as though the traffic it not returned to the client as all sessions
timeout.

I have other clients using this same profile without issue. It
appears
that the clients having the problem all have the following in common:


Physical NIC
 IP Address. . . . . . . . . . . . . : 192.168.2.1
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . . . . :


Cisco Systems VPN Adapter
IP Address. . . . . . . . . . . .   : 172.16.1.25
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . : 172.16.1.25


You will notice that the Cisco VPN Adapter is given an IP Address and
Mask from the ASA via a configured address pool, but you will notice
that virtual adapter is using the same IP address for its interface
and gateway.


I have other Cisco VPN client running version 3.6.x and 5.x that do
not have this issue. I ruled out the common issues NAT-T, MTU, etc.


I was hoping some one could confirm or deny whether this IP
addressing
issue may be the culprit and whether this is a known issue for this
version of the client. My search of Cisco Bugtraq show no.




    Reply    Reply to author    Forward
0
ddnash (2)
1/3/2008 1:35:42 PM
comp.security.firewalls 10672 articles. 0 followers. dfinc1988 (97) is leader. Post Follow

2 Replies
425 Views

Similar Articles

[PageSpeed] 49

dnash wrote:
> I am working with an ASA running 8.x and a Cisco VPN client running
> 4.6.03.0021. The client connects fine (passes phase 1 and phase2 and
> traffic flows downstream of the ASA which I have sniffed. It appears
> as though the traffic it not returned to the client as all sessions
> timeout.
> 
> I have other clients using this same profile without issue. It
> appears
> that the clients having the problem all have the following in common:
> 
> 
> Physical NIC
>  IP Address. . . . . . . . . . . . . : 192.168.2.1
>  Subnet Mask . . . . . . . . . . . : 255.255.255.0
>  Default Gateway . . . . . . . . . :

just out of curiosity - how can there be an outbound connection on the virtual interface, if there is
no gateway on the physical interface?

M

0
mak (123)
1/3/2008 2:42:21 PM
On Jan 3, 8:35=A0am, dnash <ddn...@gmail.com> wrote:
> I am working with an ASA running 8.x and a Cisco VPN client running
> 4.6.03.0021. The client connects fine (passes phase 1 and phase2 and
> traffic flows downstream of the ASA which I have sniffed. It appears
> as though the traffic it not returned to the client as all sessions
> timeout.
>
> I have other clients using this same profile without issue. It
> appears
> that the clients having the problem all have the following in common:
>
> Physical NIC
> =A0IP Address. . . . . . . . . . . . . : 192.168.2.1
> =A0Subnet Mask . . . . . . . . . . . : 255.255.255.0
> =A0Default Gateway . . . . . . . . . :
>
> Cisco Systems VPN Adapter
> IP Address. . . . . . . . . . . . =A0 : 172.16.1.25
> Subnet Mask . . . . . . . . . . . : 255.255.255.240
> Default Gateway . . . . . . . . . : 172.16.1.25
>
> You will notice that the Cisco VPN Adapter is given an IP Address and
> Mask from the ASA via a configured address pool, but you will notice
> that virtual adapter is using the same IP address for its interface
> and gateway.
>
> I have other Cisco VPN client running version 3.6.x and 5.x that do
> not have this issue. I ruled out the common issues NAT-T, MTU, etc.
>
> I was hoping some one could confirm or deny whether this IP
> addressing
> issue may be the culprit and whether this is a known issue for this
> version of the client. My search of Cisco Bugtraq show no.
>
> =A0 =A0 Reply =A0 =A0Reply to author =A0 =A0Forward

Check and make sure deterministic network enhancer is checked.
0
sdj30 (10)
1/9/2008 9:13:55 PM
Reply:

Similar Artilces:

VPN Client is not working. Strange VPN Adapter behavior.
I am working with an ASA running 8.x and a Cisco VPN client running 4.6.03.0021. The client connects fine (passes phase 1 and phase2 and traffic flows downstream of the ASA which I have sniffed. It appears as though the traffic it not returned to the client as all sessions timeout. I have other clients using this same profile without issue. It appears that the clients having the problem all have the following in common: Physical NIC IP Address. . . . . . . . . . . . . : 192.168.2.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Cisco Systems VPN Ada...

Help with Cisco VPN client 4.0.1 (and 4.0.3)
I recently upgraded my client from version 3.6.0 to version 4.0.1 (then tried 4.0.3). I'm running Windows 2000. I uninstalled the client, rebooted, installed the new one, rebooted and tried to connect. Both the profiles I had on the 3.6.0 version worked, I could VPN with both of them. Since I've installed 4.0.1, and then 4.0.3 I cannot access either profile any longer. Here is part of the log (if someone could help me I would greatly appreciate it, I have no idea what's causing this problem): -------------- Cisco Systems VPN Client Version 4.0.3 (C) Copyright (C) 1998-2003 Cisco ...

Cisco VPN Client stopping RDP, Citrix working on other VPN
Hi Hope someone can help with this problem. I work for a support comapny and we have several VPN connections into different customers. These connections are configured on each of the support users PC's. All worked fine. We have a combination of Citrix, RDP, PCAnywhere and Netmeeting as our remote access clients. We use the standard Microsoft VPN where possible but have also got SonicWall and Netscreen Remote installed. On of our customers has switched from Netscreen Remote to Cisco VPN client ( 4.8.00.0440) and this works fine after uninstalling the Netscreen Remote. Howev...

Cisco VPN Client vs MS VPN Client
I have to install vpn clients on 6 laptops. They will connect to PIX 515. What is the difference, whether I use Cisco or MS vpn clients ? regards Jarek Carnowski ...

Cisco VPN client OK
Hi, I have my PIX set up allowing VPN clients in. A Cisco VPN client (v4.0.3D) can get in OK but a Checkpoint client (R56 Build 311) can't. The Checkpoint client never appears to hit the outside interface of the PIX as no debug info appears when he tries to connect. I hardly need to deinstall my Cisco client sw beofre firing up the Checkpoint - do I? TIA, Ned ...

Trying to access the PDM of a Cisco pix over a Remote Access VPN with Cisco VPN Client
I am trying to configure the cisco pix (501) to allow access to the PDM over a Cisco VPN Client IPSEC tunnel. I found a situation for accessing the PDM ove a site-site tunnel but am not able to configure it for remote access VPN http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_configuration_example09186a0080094497.shtml I setup VPN by the wizard and enable split tunnel and excempt complete LAN from nat, so not the outside interface ip. Tried with management-access none, inside and outside I am running Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(4)...

Secure VPN Gateway
This is a multi-part message in MIME format. --------------060408000501060608010104 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi all. I just want to make you aware of an exciting new piece of software that is available from www.ttc4it.co.nz I think you'll be interested in the software because it provides a very secure means of connecting to remote servers over unsecured networks like the Internet. It is like a VPN & Firewall system fused together to provide network port access to specific servers. The web management interface and the VPN client make this software; very secure, very easy to manage, and very easy to use. Special features have been built into it to defeat key logger software and man in the middle attacks. This is commercial software but there is a free trial version available that uses Vmware player to host the Secure VPN Gateway. Documentation and other details are freely available from www.ttc4it.co.nz Like all commercial software commercial support is provided. At Ttc4it you wont be wasting time dealing with help desks. Instead you are plugged in directly to the software developers. Better support means problems are fixed faster. Best wishes for the New Year. David Gempton Managing Director TTC LTD. --------------060408000501060608010104 Content-Type: text/x-vcard; charset=utf-8; name="davidg.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filenam...

VPN from Cisco to VPN
Does anyone know how to create a VPN (ANy type) from a Cisco 1601 to a Netscreen 100? Or where to get the information. I have emailed you a stepthrough Dave Sinclair NCSA NetScreen Certified Security Associate NCSI NetScreen Certified Security Instructor Equip Technology.com NetScreen Authrorised Training Centre in the UK ...

strange behavior from vpn client
Right now, I'm just looking for feedback from someone that might be able to provide me with some insight into a slight problem: When I connect to a vpn via my vpn client, my interface gets shut down and starts back up with the ip of the vpn gateway. Why would this happen? In the past, on Vista, I never had this problem. My ip would remain as the one assigned to me by my ISP. This is all quite puzzling. On Nov 9, 3:59=A0pm, aegis <ae...@mad.scientist.com> wrote: > Right now, I'm just looking for feedback from someone > that might be able to provide me with som...

VPN to ASA from Cisco VPN Client Getting Error
Hi, I am trying to set up remote access VPNs and am having trouble. I used: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_example09186a00806de37e.shtml as a guide as was recommended by someone in a previous post. When I connect from the Cisco VPN client I am getting an error: "Secure VPN Connection terminated locally by client. Reason 412: The remote peer is no longer responding." My network looks like this. Router-----ASA----LAN I can see the traffic getting through my router when I attempt to connect. The IP connecting to is my outside inter...

xp vpn client setup for cisco vpn server
Preamble... I'm a newbie, sorry if this is a repeat, blah blah blah Part 1: I would like to use the Windows XP VPN client to connect to a Cisco server. 1. Is this possible? 2. What are the settings? Part 2: I have a Cisco Client installed on a Dell Latitude D500 laptop. It will not connect over a wireless connection. Any thoughts? Any pointers on these questions are greatly appreciated. Doug Part 1 1 - yes 2 - if you mean as XP VPN Client a PPTP connection, you can configure the router as a PPTP server with latest firewall IOS or the firewall PIX with latest...

W2K vpn client to Cisco 3005 VPN concentrator
I've got a project to configure a Cisco 3005 vpn concentrator to allow connections from the w2k builtin vpn client. The concentrator currently has users connecting via the Cisco client using IPSec, and authenticating against an Active Directory server. The way I understand things is, PPTP is supported, but only without encryption when authentication against Active Directory. And the only other option is L2TP/IPSec, which is mutually exclusive with the IPsec-only that's currently in use. (Have I got this all correct?) So, the only option open here is PPTP without encryption, correct?...

Cisco VPN Client <-> XP VPN
Hello, I'm a little bit confused about the differences between Microsoft's build-in VPN Client (for XP) and Cisco's VPN client. I wanna set up a connection to a network using Cisco's client (which I'm using for other networks as well). For the new network detailed instructions for the XP client are given, but nothing for the Cisco client. I thought - please correct me, if I'm wrong - that XP and Cisco both use the L2TP technique, so I should be able to use any client for those connections. But Cisco's client needs much more information than the IP of the...

VPN router-cisco vpn client routing issue
Hello I have problem with VPN connection. My configuration is: client (XP with Cisco VPN CLient 4.0.5)--->:Internet-->router 2621 with 12.3 Everything with VPN connections looks very good. I can succesfully establish new connection, but after that I can reach by ping only cisco router. PC gets static default route through the router, router adds static route to the PC (RRI - revers route), but I can reach only router from PC (from router PC is accessible too). I am waiting for some clue..... regards, Michal Below is attached current configuration. Pings between router and PC are ...

asa 5505 + l2l vpn + cisco client vpn
Hi, I'm trying to replace PIX 506[working ok] with asa 5505. But just after swaping them some of the vpn links doesn't work. I can't ping sites. Cisco vpn client access doesn't work too. I was following few cisco manuals but I can't figure out what is missing in my config. Could you pls have a look at my config maybe sth obvious - I hope so. Many thanks. : Saved : Written by enable_15 at 01:48:02.989 UTC Tue Jan 13 2009 ! ASA Version 8.0(4) ! hostname pb domain-name zzzzzzz enable password zzzzzzzzzzzzzz encrypted passwd zzzzzzzzzzzz encrypted names ! interface Vlan1 nam...

ASA5510 with Cisco VPN client. No traffic over VPN tunnel
Hi all, In the hopes anyone sees my error in my config (I'm almost sure it's a config error on my part but i can't find it). I'm trying to get the Cisco VPN client to work with an ASA 5510. Tried the manual config way and the ASDM way through the wizard. The problem is not that i can't get any ipsec connection. That works. But when the VPN connection is established i can't get any trafic from my Client VPN IP segment (172.16.101.0/24 to the internal network (172.16.100.0/24). The logs in the ASDM keep giving me the same error (this is another error but the error ...

Cisco VPN client through a Hotbrick VPN 600/2
Hi If i setup a vpn using the Cisco client on a pc behind the Hobrick it's not possible to start a remote desktop session. If i setup a vpn using the Cisco client on a pc NOT behind the Hobrick it is possible to start a remote desktop session. If i setup a vpn using Microsoft Windows XP network connection on a pc behind the Hobrick it is possible to start a remote desktop session. What could be the problem? Why isn't it possible to run a remote desktop session on a Cisco vpn behind the Hotbrick firewall? Thank's Perry ...

VPN - Cisco IOS <-> VPN Client
Hello everybody, I have tried to set up a VPN connection from Cisco VPN Client to Cisco Router 2621 (64MB RAM/ 16MB Flash) - with enterprise IOS 12.2. When I map a crypto map to the interface ( crypto map CRYPTOMAP to serial 0/0.1 ) - the nat stopped working and I havn't got a remonte connection to my router and other services behind the router. When I got to the LAN I was able to connect to router via ssh. I don't know what is wrong. I have studied Cisco materials and some other configs without any ideas. Would You be so kind and help me with this configuration ? Than...

Cisco VPN client through PIX firewall
Hi, I have a question about using the vpn client (version 4.0.3A) from behind a cisco pix fw. I have several machines that need to access other site vpn's from within my network. I have setup one machine through the our pix using the static(inside,outside) (outside interface public ip) (some local ip say 192.168.1.100) config and then allowed ip access through ACL on the outisde interface: access-list outside permit ip host (public remote site ip) host (outside int. public ip). Everything works great with that one machine that i put on the local ip 192.168.1.100, however i have 2 other ma...

VPN through VPN
I apologize if this question has been asked before. I have searched and the results did not lend what I was looking for, I have connected to my office VPN, the office is connected to the colo vpn. Is it possible to connect to our colo vpn from my current connection at home? I would think it is... perhaps I need some fancy routing/firewall rules? Anyone willing to field this one? Background info: Home to Office is 3des ike preshared key Office to Colo is aes ike preshared key Home & Office are different types of hardware Office & Colo are the same type of hardware All VPN access is being performed by network devices and not software on a PC/Server. Thanks in advance for your assistance, -james Does this Help ? Spoke to Client VPN: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml In article <1146930840.782412.189990@v46g2000cwv.googlegroups.com>, <james.p.carter@gmail.com> wrote: >I apologize if this question has been asked before. I have searched and >the results did not lend what I was looking for, I have connected to my >office VPN, the office is connected to the colo vpn. Is it possible to >connect to our colo vpn from my current connection at home? I would >think it is... perhaps I need some fancy routing/firewall rules? Anyone >willing to field this one? It depends on the hardware and on the network topology, and on how it is all configured. For example, the Cisco P...

VPN in a VPN
hi man can build a different one VPN tunnel in a VPN tunnel via Cisco's. gru� joe In article <c7hthp$ljm$06$1@news.t-online.com>, joe <joe.sa@t-online.de> wrote: :man can build a different one VPN tunnel in a VPN tunnel via Cisco's. Not using a Cisco PIX. With IOS, you might be able to do it using a loopback interface. For both IOS and PIX, all crypto map policies applied to the same interface send out the IPSec packets directly to the peer, even if the peer is within an address range matched by the ACL for a different crypto map policy. I do not know what would h...

VPN over VPN?
Hi, i hope someone may help ... For internet i have to connect to our server at my place via VPN. --everything is fine -- And now my question: Is it possible to connect to an server in the internet via VPN too? Do i need some additional tools for that or is this impossible? Thanks in advance, Otto In article <3F17B586.4040102@domain.invalid>, Otto <user@domain.invalid> wrote: :For internet i have to connect to our server at my place via VPN. :--everything is fine -- :And now my question: :Is it possible to connect to an server in the internet via VPN too? :Do i need so...

Cant establish a VPN tunnel between PIX 501 and Cisco VPN Client
As mentioned the subject, the tunnel wont work, the user authentication via Radius grants the user access, but then the Client stops with the message: "Secure VPN connection terminated locally by the client. Reason 403: Unable to connect to the security gateway". I added the config of my setup, and the result of "debug crypto isakmp". Software Versions: PIX: 6.3.3 VPN Client: 4.0.3 (A) Maybe someone can help. -- Martin PIX - Config: ------------------------- : Saved : PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside securi...

Easy VPN Server and Cisco VPN Client 4.0.3
Hi: I am using an 827 configured as an Easy VPN Server (running 12.3). I am successfully able to establish a VPN client running on my laptop. I am also using split tunneling and while the tunnel is up, I am able to browse the internet and talk with my local LAN without any problems. The problem is that I cannot ping any client on the inside (192.168.1.x) when the VPN connection is established. The client gets an ip from the pool i have configured on 827 (192.168.1.240-247). On the 827, the reverse-route injection is also enabled. Once the tunnel is up, I can see the /32 route to the client...

Web resources about - Cisco VPN Client not working. Strange VPN Adapter behavior. - comp.security.firewalls

Behavior - Wikipedia, the free encyclopedia
Behavior or behaviour (see spelling differences ) is the range of actions and mannerisms made by individuals, organisms , systems , or artificial ...

Behavior Design - behaviordesign.com
Behavior designs interactive systems.

Behavior Gap - Exploring the relationship between people and their money. Behavior Gap
Watch it now. Watch the latest videos by Carl Richards on money, emotion, and meaningful conversations.

Dog Behavior Tips -Dog Owners One Stop Shop and Tips
Come and get some free dog behavior tips. Training your new or older dog can sometimes be somewhat of a task if you are new to doing it. Let ...

Modeled Behavior
A quick announcement: we’ve moved the blog to Forbes. You’ll be able to find us there at blogs.forbes.com/modeledbehavior , and soon modeledbehavior.com ...

Online Behavior - Marketing Measurement & Optimization
This website is a source of knowledge for website owners and analysts looking to understand how their online customers behave . But that's not ...

BJ Fogg's Behavior Model
... In addition, he devotes at least half his time to industry projects and innovations, all of which focus on using technology to change behaviors ...

Plant Behavior
The Society of Plant Signaling and Behavior serves the community of scientists interested in sensory plant biology, signaling, information processing ...

Ritualized behavior? Chimps all throw rocks at the same tree
... rocks. “It was unlike anything I had ever observed among wild chimpanzees,” said primatologist Ammie Kalan. Her team has discovered the behavior ...

'The Bachelor' just became the most hated man in ABC history and told 2 women he loves them — and there's ...
"Are you allowed to say that?" "I'm not." That question was the reaction one of the final two women on ABC's hit reality show, "The Bachelor," ...

Resources last updated: 3/12/2016 9:31:18 PM