09-19-2010 10:43 AM
Hi there,
I am currently running Windows 7 Professional 64 bit and Cisco VPN client 5.0.07.0240. I am able to connect to my corporate network and work ok however connecting is a very long process!
Connecting in terms of time is broken down as follows:
Opening VPN client program: 70 seconds.
Click connect and wait for user credentials dialogue box: 30 seconds.
Enter credentials and click ok then "Authenticating user": 90 seconds.
"Negotiating Security Policies": 60 seconds.
User Credentials box re-appears, re-enter credentials as dialogue box is empty and click ok: 90 seconds.
"Authenticating User" and then connection establised: 120 seconds.
I have a colleague running 64 bit Windows 7 (ultimate edition) who is using the same version and doesn't have these issues!
Any ideas anyone?!?
Cheers,
Gary
Solved! Go to Solution.
09-23-2010 01:46 PM
Gary, thanks for the update. So disabling the firewall and restarting the vpn service did not help . Could you please try and install the version 5.0.07.0290 ?
Before you do that I would like to know if you are importing the .pcf files for the VPN Client. If yes, please try and recreate a .pcf file on the PC and then try and use that file to connect. Also I see that the existing .pcf file you are using is a read-only file. Could you change that and give write permissions to the file and try connecting. If thess two steps do not help then lets install the version 5.0.07.0290.
Thanks,
Namit
09-19-2010 09:51 PM
do win xp or vista users to the same vpn headend face the issue
and the friend you were alking about does he connect to the same headend
please enable logs on the client and see if it is the traffic that is slow while connecting or something to do with PC
also try disabling any firewall, anti virus you have and try connecting
09-20-2010 12:29 AM
09-20-2010 02:23 AM
looking at the logs it looks like there are times in between when nothing happens, i saw once before the xauth was
launced (user credentials). there was a lag of 10 sec and nothing happened
and again there was a idling for a duration of 30 sec again right after phase 1 came up
look slike there is something on the client which is delaying this
lets try this if possible can you ask your friend to send the logs too at the highest level and lets compare them with your logs at highest level
did u try disabling firewall/anti virus and try
09-20-2010 12:58 PM
Hello again.
To be honest, I did forget to disable both AV and Windows Firewall this morning. Attached are the latest set of logs with both of these services stopped.
I have asked my colleague to setup logging for when he logs in tomorrow morning so I should be able to post those logs tomorrow morning.
Thanks.
Gary
09-20-2010 01:10 PM
I just remembered something regarding other OS's. I had a 32bit XP machine that previously ran version 4.8.01.0300 (connecting to the same headend), this machine had the same issues when I uninstalled and upgraded to version 5.0.05.0290 a few months ago...
09-20-2010 05:16 PM
i see the same delays, lets wait for your friend to get back with debugs
also is it possible that you collect debugs on asa when you connect
09-20-2010 05:27 PM
I had issues with vista / windows 7 both 32 bit and 64 bit. I am myself using a windows 64 bit with older version of cisco client and it works like a champ. But the other day a user came up with windows 7 32 bit with the new version of cisco client and it would not load at all, I tried updating the citrix DNE update for windows 7 but it dint help either.
With no hope or help after uninstalling/installing ( using microsoft uninstall etc ) no help. Then tried this open source client "shrewsoft" , and it worked just fine.
so , check out that client and see if it helps you.
Thanks
Manish
09-21-2010 02:16 AM
09-21-2010 09:25 AM
here are the deviations i found
Reloaded the Certificates in all Certificate Stores successfully.
4 20:44:46.404 09/20/10 Sev=Info/4 CM/0x63100002
Begin connection process
you lost 20 + sec , but on the other end the connections starts directly from "begin connection process"
28 20:45:17.074 09/20/10 Sev=Info/4 CM/0x63100015
Launch xAuth application
29 20:45:27.188 09/20/10 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
36 20:45:57.733 09/20/10 Sev=Info/4 CM/0x63100017
xAuth application returned
again it takes around30 sec for the xauth application to be launched
41 20:45:58.092 09/20/10 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
42 20:46:28.512 09/20/10 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
57 20:47:29.384 09/20/10 Sev=Info/4 CM/0x63100019
Mode Config data received
58 20:47:59.804 09/20/10 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 10.249.128.10, GW IP = 213.249.231.100, Remote IP = 0.0.0.0
after this for some reason it dicards the request (probably because it timesout) and starts the entire process again and the same delay again
were you prompted to authenticate twice during this negotiation or just once
i dunno for sure what is going on, lets see if someone can help, i will try to search some stuff and get back to you
09-21-2010 07:53 PM
Hi Gary,
You and your friend both using the same type of internet connection ? I just want to find out if you are using wireless connection.
Regards,
Namit
09-22-2010 02:11 AM
Hi Namit,
I can confirm that both my colleague and I use wireless. I have tested wired (and wi-fi disabled) with the same results.
It is very odd that the VPN client takes just over 1 minute to launch and even more bizarrely my DVD drive gets queried just before launch.
Regards,
Gary
09-23-2010 08:33 AM
Gary,
After the connection is established, does the traffic present any problems ? Is the traffic flow normal or do you latency there as well ? Also could you please paste the contents of the following files from the PC running into issues
1) the client connection profile file with the extension .pcf under the path C:\Program Files\Cisco Systems\VPN Client\Profiles
2) vpnclient.ini file under the path C:\Program Files\Cisco Systems\VPN Client
Regards,
Namit
09-23-2010 08:58 AM
Traffic flow appears normal (have not monitored/checked) but I am able to get on with work as usual and connect to all relevant corporate systems with seemingly normal performance/response.
Contents of vpnclient.ini:
[main]
ClientLanguage=
EnableLog=1
[GUI]
DefaultConnectionEntry=myconnection
WindowWidth=629
WindowHeight=330
WindowX=497
WindowY=257
VisibleTab=0
ConnectionAttribute=0
AdvancedView=1
LogWindowWidth=0
LogWindowHeight=0
LogWindowX=0
LogWindowY=0
[LOG.IKE]
LogLevel=3
[LOG.CM]
LogLevel=3
[LOG.PPP]
LogLevel=3
[LOG.DIALER]
LogLevel=1
[LOG.CVPND]
LogLevel=3
[LOG.XAUTH]
LogLevel=3
[LOG.CERT]
LogLevel=3
[LOG.IPSEC]
LogLevel=3
[LOG.CLI]
LogLevel=3
[LOG.FIREWALL]
LogLevel=3
[LOG.GUI]
LogLevel=3
PCF file:
[main]
!Description=myconnection
!Host=xxx.xxx.xxx.xxx
!AuthType=1
!GroupName=myconnection
!GroupPwd=
!enc_GroupPwd=xxxxxxxxxxxxxxxxxxxxxxxxx
EnableISPConnect=0
ISPConnectType=0
ISPConnect=UCST RAS direct on Q
ISPPhonebook=C:\WINDOWS\system32\Ras\Ucstras.pbk
ISPCommand=
Username=
!SaveUserPassword=0
!UserPassword=
!enc_UserPassword=
!NTDomain=
!EnableBackup=1
!BackupServer=xxx.xxx.xxx.xxx
!EnableMSLogon=1
!MSLogonType=0
!EnableNat=1
!TunnelingMode=0
!TcpTunnelingPort=10000
!CertStore=0
!CertName=
!CertPath=
!CertSubjectName=
!CertSerialHash=00000000000000000000000000000000
!SendCertChain=0
!PeerTimeout=90
!EnableLocalLAN=0
Regards,
Gary
09-23-2010 09:26 AM
Gary,
Thanks for the details. The files look standard config. You have mentioned that your colleague runs the same version of the VPN Client on Windows 7 Ultimate and it works normally for him. On your system for Windows 7 Professional was it a clean OS installation or upgrade from some OS like other Windows 7 or Windows Vista ?
Please try the following steps
1) disable the firewall on your system running Win 7 Pro , if any
2) Please try restarting the service of the VPN client. (cvpnd.exe).
3) Is it possible to uninstall and reinstall the VPN Client ? How do you determine that the DVD drive is queried before the VPN Client starts, does the drive light come up ?
Regards,
Namit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide