cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5548
Views
0
Helpful
19
Replies

QuickVPN Windows 7 64 bit RVS4000 don't ping

cefalany
Level 1
Level 1

Using the latest Cisco QuickVPN, my Windows 7, 64 bit laptop processes the QuickVPN connection to the point where the laptop attempts to ping the router and verify the connection.  Those pings fail.

Windows firewall is ON and IPSEC is started on the laptop.  I have tried Kaspersky's firewall both enabled and disabled with no change.

I see from searching the Internet and this site that there are a number of frustrated people who have had this same, or a similar, problem.  Someone must have figured it out by now.  Please share.  I will be most grateful.

19 Replies 19

nimusell
Level 1
Level 1

Hi Curtis,

Thank you for participating in the Small Business support community. My name is Nico Muselle from Cisco Sofia SBSC.

There are a lot of things that could go wrong setting up the connection using QuickVPN, and honestly, it does not always work flawlessly because it depends on many factors, including your PC and what's installed on it, the router that is your default gateway, etc ..

However, here are some things that you might try :

  • set the compatibility mode for QuickVPN to Windows Vista SP2 and run it as an administrator
  • uninstall (not just disable) Kaspersky
  • make sure that the PC you are connecting from is in a different subnet then the subnet behind the RVS4000
  • Windows Firewall and IPSec service have to be running.

Now try connecting to the RVS4000, hopefully this does the trick. I have it working in the same way on my laptop (W7 64-bit), but as said before, there are other factors that could have some influence on succesfully establishing the connection.

Hope this helps !

Best regards,

Nico Muselle

Sr. Network Engineer - CCNA - CCNA Security

I have a 32 bit Windows XP laptop running Kaspersky with no QuickVPN difficulties.  At this time, I am not willing to use a laptop out in the wild without some firewall and antivirus protection.  I hae tried all else you suggested.  If I must unload Kaspersky, what would you recommend for a firewall and antivirus that is compatible with QuickVPN?

Hello Curtis,

QuickVPN will work in safe mode on Windows 7, and like Nico stated you need QVPN to be running in Visa SP2 mode, and the Windows Firewall needs to be on. The IPSec services need to be running under services.msc.

We have had to modify our Windows Firewalls to allow ICMP through the firewall both inbound and outbound, because Windows 7 is inherently more secure it blocks ICMP by default from subnet's other than its own.

This being said any other services or protocols needed from the remote subnet will need to be opened on the client. This isn't based on QVPN software but the configurations of the third party firewall software. QVPN software uses 443, 60443 for the SSL, and UDP 500 for the IPSec. It also sends a ICMP ping through the tunnel to verify connectivity after the tunnel has established. If the ping fails to report back to the QVPN client you will get the error "Remote Gateway Not Responding".

I hope this helps you configure what ever firewall you choose to use on top of the Windows built in firewall.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

Thanks for the suggestions.  I tried them all with no improvement including removing Kaspersky.  Note that Kaspersky does not interefere with QuickVPN on the Win XP 32 bit laptop.

The fact that my 32 bit XP laptop and 32 bit Win 7 PC seem to work OK under the exact same conditions while the 64 bit Win 7 laptop fails, causes me to really wonder about the Win 7 64 bit OS.  Out of the box, the 32 bit OSs seem to work while the 64 bit OS does not.

That said, I did spend some time to make certain pings (ICMP) propagate in and out of the Windows 7 64 bit laptop.  Perhaps I should continue to look at the interface using wireshark or something similar.

Question, whick machine intiates the pings for for testing the connection, the QuickVPN or the RVS4000 firewall?

Additional suggestions would be appreciated.  ( Use Linux seems to be a popular, but not viable, suggestions ;-)

Curtis,

Please make sure that you have the latest version of QuickVPN, 1.4.2.1. Earlier versions were known to have issues with Windows 7 64-bit. Also, make sure that the router has the latest firmware.

In answer to your question, the QuickVPN software pings the router. The router usually responds but the PC blocks the ping reply because of some antivirus or firewall software. This leads to the "Remote VPN router is not responding..." error.

All software and firmware are current.

I took a look with Wireshark.  The VPN negotiation between the Win32 system and the RVS4000, and the Win7 system and the RVS4000 are different.

Has the 64 bit Win7 QVPN ever worked for anyone?  If not, I am going to quit wasting my time.  Suggestions for alternatives would still be appreciated.

Thanks

Curtis,

I have seen many customer connect with Qvpn to our Routers - have you tried running windows7 in Safe mode with networking and testing Qvpn? This usually shuts down certain other programs that could possibility interfering with Qvpn software.

Thanks,

Jasbryan

Router firmware and QVPN software is up to date.

32 bit Win XP laptops work fine with QVPN and router.  We just can't purchase those laptops anymore.  We need to migrate to 64 bit Win 7 laptops.

We have tried safe mode with network on 64 bit Win 7 without success.

I  don't understand 'testing.'  Please clarify.

Thanks

Curtis

Attached are two logs from our RVS4000 VPN firewall router.  In both cases, the client laptop is on LAN 192.168.1.0 with a gateway public WAN address of 166.147.114.20.  Likewise, the RVS4000 has LAN address 10.1.12.1, netmask = 255.255.255.0, and a public WAN address of 96.254.72.61.

Both laptops are running the same version of QVPN.

Both are using the same client certificate.

The log for the Win XP laptop shows a successful connection as evidenced by the ping from 192.168.1.3 ---> 10.1.12.12

The log for the Win 7 laptop shows an unsuccessful connection.  Among other things, the NAT entry for 166.147.114.20 is apparently never built.

Can anyone help with analyzing the negotiation and figuring out where it is going wrong?

Does anyone else see a similar failure in their logs?

Thanks

Curtis,

You never mentioned what version of software you were using? Also did you attempt running the windows 7 machine in safe-mode with networking? What were the results of that tests?

Jasbryan

RVS4000 firmware = 1.3.3.5

QVPN = 1.4.2.1

All four instances of QVPN in windows firewall are enabled.

The log was captured using normal Windows mode.  QVPN was run as administrator.

I have tried safe mode with networking with no different result.  Would you like a copy of a log from that configuration?

Thanks

CISCO SAYS THAT QUICKVPN IS NOT FULLY COMPATIBLE WITH WINDOWS 7, 64 BIT.

I opened a case with Cisco support today.  Cisco closed it by saying the following.

It is a known issue that QVPN is not fully compatible with Windows 7, 64 bit version.

Cisco is working toward a solution and a new release of QVPN.

Support is sending a list of suggestions that sometimes work and will let me know when a compatible version of QVPN is released or a release date is available.

I wish to thank everyone for their assistance and support and look forward to hearing from Cisco.

Hello Curtis,

QVPN is compatibile with Windows 7 64bit.

Normal problem seen with Windows 7/ Vista are firewall restricting the ICMP packet needed to ping the inside IP of the router during verification of the tunnel.

Hope this Helps,

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

What changed?

I don't see an upgrade in QVPN since August 2011.  Did the RVS4000 firmware recently upgrade?

Note: In our December 64 bit Windows testing, our diagnostic logs and wireshark show that the the RVS4000 failed to build a NAT table to translate IP addresses between the LANs.  Without NAT translation, no routing could place between the two LANs and neither ping nor our applications worked. 32 bit Windows worked fine.

That said, what combination of Hardware and Software do you recommend for a small business where the VPN client software DOES work for 64 bit Windows clients?

Thanks

Curtis

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: