Solved: Remote Access VPN Fails after upgrade to 8.04

brad_olson · ‎08-27-2008

Hello:

Sorry if this has been posted, but I couldn't find it anywhere.

After upgrading my 2 of my 5510s to 8.04, my Remote Access VPN is not working. I can log in via Radius no problem. Once logged in, I cannot do anything on the network. When I try to telnet to any device, I get a blank screen with no response. Like it is finding the device but it isn't responding. Email, intranet, nothing works. Seems to be timing out. I tried updating to the latest Windows Client version, still no go.

Has anyone else experienced this at all? Any help appreciated.

TIA,

Brad

zhenningx · ‎08-28-2008

I have seen the same issue after upgrading to 8.0.4. And it is caused by the "IP Compression" option enabled under the group policy. After disable it, it works. Cisco just filled this bug recently:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsu26649

Zhenning

View solution in original post

Farrukh Haroon · ‎08-27-2008

Have you tried it for multiple clients?

How is the phase 2 / IPSEC on the ASA 'show crypto ipsec sa? encaps/decaps? Same for the VPN client?

Have you enabled NAT-T?

Regards

Farrukh

brad_olson · ‎08-28-2008

Farrukh:

Thanks for your posting also. I was going to look at those if the compression setting didn't sole it. Thanks for the recommendation!

Brad

zhenningx · ‎08-28-2008

I have seen the same issue after upgrading to 8.0.4. And it is caused by the "IP Compression" option enabled under the group policy. After disable it, it works. Cisco just filled this bug recently:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsu26649

Zhenning

brad_olson · ‎08-28-2008

Zhenning:

This seems to have done the trick. Thank you very much!

Brad

Farrukh Haroon · ‎08-28-2008

Great info there zhenning, good to know :)

Regards

Farrukh

Erik Carlseen · ‎09-14-2008

Thanks for the tip! How the [censored] did this bug get into a release?

zhenningx · ‎09-19-2008

Just an update for this one. The bug ID is CSCsu26649 and it is supposed to be fixed in 8.0.4.6 which has a CCO ETA of September 22nd.

Zhenning

brad_olson · ‎09-19-2008

Zhenning:

Thanks for the information update! BTW, where do you get this data? Do you get emailed about it or do just follow it on your own? Thanks!

Brad

zhenningx · ‎09-19-2008

I got the info from my TAC case.

Farrukh Haroon · ‎09-19-2008

You can get updates from the bug toolkit:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsu26649

Just simply put the bug ID in the Cisco Search page and it will take you there.

Symptom:

Cisco vpn clients are unable to view webpages when connected to ASA5510.

Page appears to be loading on browser but does not complete.

Conditions:

Cisco IPsec vpn client connecting to ASA5510 running 8.0.4.

"ip-comp enable" is configured under operative group-policy.

Workaround:

Disable compression "ip-comp disable" under the group policy.

Downgrade ASA to 8.0.3.

1st Found-In

8.0(4)

Fixed-In

8.0(4.5)

8.1(1.104

Regards

Farrukh