Inbound Traffic Blocked

Unanswered Question
May 22nd, 2008

I am running VPN Client Version 5.0.00.0340. I have internal and external nics on the server. Once I have the tunnel established (inside internal nic) I seem to be dropping the inbound packets between the external and internal nics. Any suggestions?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
axiomfinancials Sat, 05/24/2008 - 04:12

My apologies. I am aware that the local LAN will be disabled when the tunnel is established.I am able to send outbound trafic down the VPN tunnel but I am not receiving any traffic back from the remote host.It appears that the packets are being lost between the external nic and the internal nic. The two nics use different IP ranges. Something in the routing tables perhaps?

Well no - not really. The VPN client will establish the connection to the remote end using the local routing table it has. From that point onwards - that is the terminating IP address of the vpn session. From the machine itself mit should be assigned an IP address from the remote VPN server - this IP address will be used the recevie and send encrypted traffic from the central end.

If you have an internal NIC in the server you also have the VPN client on....do you want to send traffic from your LAN thu the VPN client to the remote end? If so - the external & internal NIC's must be on the same IP subnet. As the remote VPN client cannot be used as a pass thru devices from 2 different subnets....unless you perform NAT on the device with the VPN client.....if you are doing that - you may as well just by a firewall or router!

HTH.

axiomfinancials Mon, 05/26/2008 - 23:25

Just to make sure we are on the same track here. The vpn client runs on a pc with one nic. It connects to a SBS 2003 server. The server has 2 nics and "internal" and a "external". The internal ip is 10.57.200.2/255.255.255.0 Gateway 10.57.201.5

and the external is 10.57.201.5/255.255.255.0 gateway is 10.57.201.1

The external nic connects directly to the Netgear ADSL on 10.57.201.1/255.255.255.0

If I connect the pc directly to the adsl the vpn client works 100% but when it runs through the server it connects but only allows 1 way traffic. This I see in the stats on the vpn client is shows bytes recieved is 0.

Chris,

I am glad you have expanded in the original problem, you did not indicate that the device running the VPN client was sitting behing a server?

What does this server do? it sounds like it's blocking some traffic - does not appear to be a VPN client issue.

You need to have a closer look at this server in the path.

axiomfinancials Tue, 05/27/2008 - 05:03

Here is a reply from Microsoft. Any thought on it?

Based on my research, this is a known issue of the Cisco VPN client behind the RRAS. I suggest we try the following steps to see if we can resolve this issue:

1. Turn on NAT-T on VPN server Have the network administrator of the VPN server (PIX) verify that the command "ISAKMP Nat Traversal" has been run on the VPN server (PIX) device with the default settings.

2. Disable timeout The timeout is too low may relate to this issue. Please have the network administrator of the VPN server (PIX) to turn off the timeout settings.

Actions

This Discussion