Hi... I believe I'm in the right forum here, but please tell me if not!
We're a smallish business (software house), and use a Cisco 877W router for our main internet connection. We have plenty of customers who we support remotely with a variety of methods - VNC/PCAnywhere/RDP/etc. One of our larger customers requires us to log into their corporate network using the Cisco VPN client. The problem we have is that it sometimes doesn't work - it gets as far as asking for a login - I can see 'Launch xAuth application' and 'xAuth Application Returned' in the logs - and then tries
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xxx.xxx.xxx.xxx
but this then doesn't get a reply (when it's not working). No amount of restarting the router or playing about with access lists will get it working, but if I physically swap the router out for a different one (I've tried a Netgear DG834) then it always works fine. It seems that the 877W is either blocking that last outbound request, or is blocking the inbound response to it, but I can't see anything in the logs indicating an access-list is blocking it.
I could happily accept that it's a configuration issue, but it seems totally random - it will work fine for some weeks, but then will stop working for a few days. To give an example, it stopped working last Friday, and I spent all day yesterday (wednesday) trying different things with the configuration and nothing worked. This morning it's suddenly working again, but the router uptime is over 1 day, 12 hours, so it's not been reset in that time, and the config is definitely the same this morning as it was when it last didn't work yesterday afternoon.
It will generally work for longer than it won't - we'll have 3 weeks of it working fine followed by 4 or 5 days of it not working, but there doesn't seem to be a set pattern.
It would appear the problem is definitely our router because replacing it with a different make/model cures it. We also have a second ADSL line from the same ISP for testing (totally isolated from the main network), which has only 1 PC on it and a small "Zyxel" Modem/Router, and that never has this problem either.
IOS version 12.4(4)T3
DSL interface FW Version = 2.542
Cisco VPN Client Version = 5.0.05.0290 (but have the same problem with ver 5.0.00.0340)
We have VPN information in the config for a different customer's various sites, which work fine and have done for years, and we've used the VPN client for a different customer for some time without this problem as well.
I'm happy to post configs and the like, but I'd have to sanitize it to remove other customer info and the like of course.
Thanks for reading the Essay, and any ideas?