cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1390
Views
45
Helpful
28
Replies

Trouble Passing through to the Server

wjacobs77
Level 1
Level 1

Hi,

I just installed a VPN client version 5.0.07.0290 on my new Windows 7 Professional Laptop.  Our server is a Windows Small Business Server 2003 with a PIx 501 firewall.  I got a connection but could not get into the server.  I set the VPN client the same way as I did with a previous version of the Cisco VPN client that was on a Windows XP Pro laptop.

Any suggestions??

28 Replies 28

Wes,

If your computer is currently behind a PAT device, you need to check that the client has NAT-T enabled.

Check this by going to the VPN client and under the transport tab, nat-transparency enabled.

Also, some ISPs might block ESP.

Try to PING the inside IP of the PIX.

Also, the server has a default gateway pointing to the PIX?

Federico.

Hi Frederico,

I set it as UDP.  My home location uses a wireless access to our ISP and it worked under the previous version.  See attachment.

Thanks for the response.

Wes

I checked the Transport tab and I do have it enabled.  I am

a novice.

Wes,


Nothing else has changed like IP addresses?
Do you have access to the PIX 501?

Anyway, if it worked from your home previously, it should work now with this version.
You say the tunnel establishes, but cannot reach the server.


Check the following:
When the VPN client is connected, right click on the yellow closed lock and choose statistics.
Check that the transport says Active on UDP port 4500
Check that the packets are being encrypted/decrypted
Do you see the server's network under the ''route details'' tab?

Federico.

Frederico,

Here is what I saw:

Transport is Active on UDP port 4500

Encrypted = 270

Decrypted = 4

Discarded = 23

Nothing shows under Route Details.

Thanks.

Wes,

Packets are sent and received through the tunnel (that's good).

Please check again under route details under the Secured Routes portion, you should have at least 1 network or a bunch of zeros.

Federico.

Federico,

There are a bunch of zeros.

Wes

Wes,

You don't have access to the PIX-501?

From the client, what we can do is check the logs (make sure the logs are enabled and the severity up to 3-High on all categories and send the text file when attempting the connection).

Since the tunnel establishes and the problem is just passing traffic through the tunnel, the normal reasons for this are:

ESP being blocked

NAT-T not enabled --> we have verified this is not the case

Changes in IPs

Do you know what is the IP address of the PIX-501 to see if you can PING it from your VPN client?

Federico.

Federico,

I do not know what the IP Address is to the Pix unit.  The IP address to the server I do know.

Is there a way that I can find out without being at the Pix location??

Wes

Should be the same IP as the server's default gateway.

Federico.

Federico,

So I used the same one as the previous client that worked and it is correct.  That's odd.

Wes

The thing is that if nothing has really changed (besides the version of the VPN client software), you should be able connect to the server.

We know that the VPN client is sending the packets through the tunnel (and its receiving some).

But we're not sure if the communication is reaching the server.

Honestly, I believe something must have changed, but without having access to the PIX we don't know.

We can look at the logs from the client...

Federico.

Federico,

Sorry about the potential frustration, but you are a great help.  I attached the log using notepad to this post.

Wes

I just pinged the IP address that is being used by the client and it worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: