Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Inbound Traffic Blocked

I am running VPN Client Version 5.0.00.0340. I have internal and external nics on the server. Once I have the tunnel established (inside internal nic) I seem to be dropping the inbound packets between the external and internal nics. Any suggestions?

9 REPLIES

Re: Inbound Traffic Blocked

Chris,

You a are trying to use the client to link your LAN thru the VPN client to the remote end? You can only do this with "split-tunneling"

HTH.

New Member

Re: Inbound Traffic Blocked

No. Purely need to receive packets from the remote host.

Re: Inbound Traffic Blocked

Sorry I am confused - when you are connected to the remote VPN using the client, you cannot talk to your local LAN? or have I got it wrong?

New Member

Re: Inbound Traffic Blocked

My apologies. I am aware that the local LAN will be disabled when the tunnel is established.I am able to send outbound trafic down the VPN tunnel but I am not receiving any traffic back from the remote host.It appears that the packets are being lost between the external nic and the internal nic. The two nics use different IP ranges. Something in the routing tables perhaps?

Re: Inbound Traffic Blocked

Well no - not really. The VPN client will establish the connection to the remote end using the local routing table it has. From that point onwards - that is the terminating IP address of the vpn session. From the machine itself mit should be assigned an IP address from the remote VPN server - this IP address will be used the recevie and send encrypted traffic from the central end.

If you have an internal NIC in the server you also have the VPN client on....do you want to send traffic from your LAN thu the VPN client to the remote end? If so - the external & internal NIC's must be on the same IP subnet. As the remote VPN client cannot be used as a pass thru devices from 2 different subnets....unless you perform NAT on the device with the VPN client.....if you are doing that - you may as well just by a firewall or router!

HTH.

New Member

Re: Inbound Traffic Blocked

Just to make sure we are on the same track here. The vpn client runs on a pc with one nic. It connects to a SBS 2003 server. The server has 2 nics and "internal" and a "external". The internal ip is 10.57.200.2/255.255.255.0 Gateway 10.57.201.5

and the external is 10.57.201.5/255.255.255.0 gateway is 10.57.201.1

The external nic connects directly to the Netgear ADSL on 10.57.201.1/255.255.255.0

If I connect the pc directly to the adsl the vpn client works 100% but when it runs through the server it connects but only allows 1 way traffic. This I see in the stats on the vpn client is shows bytes recieved is 0.

Re: Inbound Traffic Blocked

Chris,

I am glad you have expanded in the original problem, you did not indicate that the device running the VPN client was sitting behing a server?

What does this server do? it sounds like it's blocking some traffic - does not appear to be a VPN client issue.

You need to have a closer look at this server in the path.

New Member

Re: Inbound Traffic Blocked

Here is a reply from Microsoft. Any thought on it?

Based on my research, this is a known issue of the Cisco VPN client behind the RRAS. I suggest we try the following steps to see if we can resolve this issue:

1. Turn on NAT-T on VPN server Have the network administrator of the VPN server (PIX) verify that the command "ISAKMP Nat Traversal" has been run on the VPN server (PIX) device with the default settings.

2. Disable timeout The timeout is too low may relate to this issue. Please have the network administrator of the VPN server (PIX) to turn off the timeout settings.

Re: Inbound Traffic Blocked

OK - NAT-T is worth a go, what deivce is actually between the client and the internet? some kind of firewall?

363
Views
0
Helpful
9
Replies