Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
5
Replies

Cisco vpn client 4.8 connects but cannot send or receive

r.lagasse
Level 1
Level 1

‎01-18-2007 07:49 AM - edited ‎02-21-2020 02:49 PM

I am using a cisco 2811 running the easy vpn server. I have two

clients located in different states with different isp's who can

connect but cannot send or recieve. One client in florida was able to

access everything for months after system was set up then suddenly it

just stoped working. No changes were made to software or hardware on

2811. When i attempt to test the connection myself it always works.

The other client in DC was able to connect before going to DC. They

both have diffent isp's both are high speed connections. Anyone have

an idea.

Thanks,

Labels:
0 Helpful
5 Replies 5

carenas123
Level 5
Level 5

‎01-24-2007 07:17 AM

Try this:

1. Connect with the client then do a "show crypto ispec sa" on the router. Find the SA

assigned to you ( it will show the ip address that you were assigned to from the pool ).

In there you will see "encrypts" and "decrypts" .

Assuming you see decrypts but no encrypts, the problem is either going to be with NAT or

with the network not knowing where to route traffic destined for the network you specified

in the vpn Pool.

2. Check and make sure NAT 0 is setup to bypass traffic between the LAN network and the

VPN client pool network.

3. Verify the local Lan knows to send traffic destined for the VPN pool to the Router.

4. check port no udp 500 is allowed or not

0 Helpful

m.sir
Level 7
Level 7

‎01-24-2007 07:22 AM

Could you verify if DC user has opened UDP ports 500 and 4500 for his Internet connection???

Blocked port UDP 4500 brings problems when NAT is used

M.

0 Helpful

r.lagasse
Level 1
Level 1

‎01-31-2007 11:38 AM

Figured it out thanks for the help but turns out was an incompatability with the dell wireless network adapter that was causing the problem not with the vpn client or config. THanks again for the feedback and help.

0 Helpful

bbcstone
Level 1
Level 1

‎02-06-2007 08:24 PM

Check the MTU size on the client. I have seen the same problem using the VPN 3030. Changing the Client MTU 1300 has fix the problems for use.

0 Helpful

t.clark
Level 1
Level 1
In response to bbcstone

‎02-07-2007 01:43 PM

I saw the same behavior with connectivity to ASA 5540 with Cisco client 4.8. I could login with client but could not connect to anything. 'show crypto ipsec sa' showed my security association with packets decrypted, but none encrypted. A static route for the ip address pool was present on the inside. When I changed my MTU setting to 1300 for my 'local area connection' through the client MTU application (program files > cisco vpn client > Set MTU) I was able to connect to stuff on the inside of the ASA. Very strange as earlier in the day from this same PC and using same LAN connection I had been able to login and access stuff on the inside just fine. I intend to do more research into this, but does anyone have any comment on this? I'm very puzzled.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents