Cisco VPN Client not working. Strange VPN Adapter behavior. [Archive] - SpeedGuide.net Broadband Community
PDA

View Full Version : Cisco VPN Client not working. Strange VPN Adapter behavior.

dnash
01-03-08, 08:35 AM
I am working with an ASA running 8.x and a Cisco VPN client running
4.6.03.0021. The client connects fine (passes phase 1 and phase2 and
traffic flows downstream of the ASA which I have sniffed. It appears
as though the traffic it not returned to the client as all sessions
timeout.

I have other clients using this same profile without issue. It
appears
that the clients having the problem all have the following in common:


Physical NIC
IP Address. . . . . . . . . . . . . : 192.168.2.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :


Cisco Systems VPN Adapter
IP Address. . . . . . . . . . . . : 172.16.1.25
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . : 172.16.1.25


You will notice that the Cisco VPN Adapter is given an IP Address and
Mask from the ASA via a configured address pool, but you will notice
that virtual adapter is using the same IP address for its interface
and gateway.


I have other Cisco VPN client running version 3.6.x and 5.x that do
not have this issue. I ruled out the common issues NAT-T, MTU, etc.


I was hoping some one could confirm or deny whether this IP
addressing
issue may be the culprit and whether this is a known issue for this
version of the client. My search of Cisco Bugtraq show no.




Reply Reply to author Forward
mak
01-03-08, 09:42 AM
dnash wrote:
> I am working with an ASA running 8.x and a Cisco VPN client running
> 4.6.03.0021. The client connects fine (passes phase 1 and phase2 and
> traffic flows downstream of the ASA which I have sniffed. It appears
> as though the traffic it not returned to the client as all sessions
> timeout.
>
> I have other clients using this same profile without issue. It
> appears
> that the clients having the problem all have the following in common:
>
>
> Physical NIC
> IP Address. . . . . . . . . . . . . : 192.168.2.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :

just out of curiosity - how can there be an outbound connection on the virtual interface, if there is
no gateway on the physical interface?

M
Newbie72
01-09-08, 04:13 PM
On Jan 3, 8:35*am, dnash <ddn...@gmail.com> wrote:
> I am working with an ASA running 8.x and a Cisco VPN client running
> 4.6.03.0021. The client connects fine (passes phase 1 and phase2 and
> traffic flows downstream of the ASA which I have sniffed. It appears
> as though the traffic it not returned to the client as all sessions
> timeout.
>
> I have other clients using this same profile without issue. It
> appears
> that the clients having the problem all have the following in common:
>
> Physical NIC
> *IP Address. . . . . . . . . . . . . : 192.168.2.1
> *Subnet Mask . . . . . . . . . . . : 255.255.255.0
> *Default Gateway . . . . . . . . . :
>
> Cisco Systems VPN Adapter
> IP Address. . . . . . . . . . . . * : 172.16.1.25
> Subnet Mask . . . . . . . . . . . : 255.255.255.240
> Default Gateway . . . . . . . . . : 172.16.1.25
>
> You will notice that the Cisco VPN Adapter is given an IP Address and
> Mask from the ASA via a configured address pool, but you will notice
> that virtual adapter is using the same IP address for its interface
> and gateway.
>
> I have other Cisco VPN client running version 3.6.x and 5.x that do
> not have this issue. I ruled out the common issues NAT-T, MTU, etc.
>
> I was hoping some one could confirm or deny whether this IP
> addressing
> issue may be the culprit and whether this is a known issue for this
> version of the client. My search of Cisco Bugtraq show no.
>
> * * Reply * *Reply to author * *Forward

Check and make sure deterministic network enhancer is checked.