Unable to get VPN3000 3.5.2 or later to work with XP SP1

tony.foster · ‎02-13-2003

I have been unable to setup XP (SP1) to work with VPN 3.5.2 on a CISCO PIX 501 Firewall. The problem is that the VPN will connect, the same as it does on W2K, but although ping against IP works, ping against network names is not.

The OS is not resolving hostnames into IP addresses.

Our connection provider is saying it is an operating system issue, relating to configuration of XP but it has been configured exactly the same on a clean install of XP as 2000 was. Under instruction of the firewall/link provider, we have tried setting WINS entries manually at various levels but this does not improve matters.

Connection Firewall is disabled in XP.

This is a very similar problem to the experience when you use certain ISP's dial up account (that block VPN traffic) to access the internet before running VPN with W2K OS - in that you aren't able to ping hostnames. Try a different ISP and - voila - it works.

However this has been tested on XP with internet accounts that have found to work with Windows 2000 which eliminated the blocking element.

Any ideas on what is wrong with XP please?

Have tried with client 3.6.3 with same results so far.

I am just loading XP SP1a to see if it makes any difference.

Thanks

Tony Foster

mostiguy · ‎02-15-2003

FWIW, I am having no problems with 3.5 release on xpsp1 against a vpn concentrator.

Matt

tony.foster · ‎02-17-2003

I really have wasted some time on this.

However last week, Friday PM in fact, having loaded the latest 3.6.3B and then adjusted some settings (I decided to try the NETBIOS over IP and cleared the manual WINS entry) it suddenly starting pinging hostnames so seems to work. I don't have much confidence in it yet though, so I'll have to try again and ensure its still working today.

Thanks for your input.

kholford · ‎02-21-2003

I sympathize because I've been frustrated with XP on my laptop that TCP/IP filtering has caused me numerous problems with VPN, routers, etc... Debating on going back to 2000, but don't want to admit defeat.

dwallwork · ‎02-22-2003

We too experienced some XP client issues with DNS lookups on XP and the Cisco VPN 3000 concentrator. In the end we had to alter our XP client settings under the DNS tab for the Append DNS Suffixes section. My XP clients now work fine. If you want to confirm specific settings you may contact me directly by email and I will recite them for you. Good luck.

tony.foster · ‎02-24-2003

Its working for me now, but only with the client running while connected to a DUN entry which is for the provider of the backbone - who happens to be the people who supply us the DNS entries!

Also the "NETBIOS over TCP" must be enabled for some reason.

We have our own WINS server however and that is installed on an NT server in the organisation but no DNS servers.

Knowing that it works given the steps above is fine, AND luckily only 1 user on XP at the moment - AND seeing as XP with VPN 3000 was causing one other problem (SQL Server disconnections for no reason which disappeared when the VPN client was removed) - and a workaround of dialling straight in over RAS has been applied - then this isnt at high severity at the moment (fortunately). Just as well since the XP user is a director.

I have a feeling the SQL problem could be one specific to that laptop though, haven't seen it so far on a test XP machine so perhaps BDE settings etc so the main issue has been this one. Its useful to progress since the future is XP even though most of us don't want it yet and are surviving happily on 2000!

Best Regards,

Tony Foster