Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

VPN 3000 - Connected, but cannot see any LAN resources

bmunroe
Level 1
Level 1

‎08-14-2002 03:20 PM - edited ‎02-21-2020 12:00 PM

The user is attempting to connect from an outside client's LAN using an Internet connection. The user is running Windows 2000 and is able to successfully establish a connection to the VPN 3000 (please see log below), but he is unable to access any resources on the LAN (cannot ping any hosts etc.). The VPN box sits on the Internet with a public IP address on its outside interface.

Many other uses utilize the VPN 3000 on a regular basis without any problems.

Any recommendations or ideas regarding the cause of this behavior would be greatly appreciated.

Thanks!

BMUNROE@EMPIRE-CAT.COM

Note:

* The users actual ID was replaced with "joeuser"

** The company group name was changed to "ourvpn"

12035 07/30/2002 09:13:19.320 SEV=4 IKE/52 RPT=201 198.176.208.75

Group [ourvpn] User [joeuser]

User (joeuser) authenticated.

12036 07/30/2002 09:13:20.520 SEV=4 AUTH/21 RPT=223

User joeuser connected

12037 07/30/2002 09:13:20.520 SEV=4 IKE/119 RPT=212 198.176.208.75

Group [ourvpn] User [joeuser]

PHASE 1 COMPLETED

12038 07/30/2002 09:13:20.520 SEV=5 IKE/25 RPT=684 198.176.208.75

Group [ourvpn] User [joeuser]

Received remote Proxy Host data in ID Payload:

Address 192.10.12.91, Protocol 0, Port 0

12041 07/30/2002 09:13:20.520 SEV=5 IKE/24 RPT=258 198.176.208.75

Group [ourvpn] User [joeuser]

Received local Proxy Host data in ID Payload:

Address 206.19.244.201, Protocol 0, Port 0

12044 07/30/2002 09:13:20.520 SEV=5 IKE/66 RPT=684 198.176.208.75

Group [ourvpn] User [joeuser]

IKE Remote Peer configured for SA: ESP-3DES-MD5

12045 07/30/2002 09:13:20.520 SEV=5 IKE/75 RPT=684 198.176.208.75

Group [ourvpn] User [joeuser]

Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds

12047 07/30/2002 09:13:20.600 SEV=4 IKE/49 RPT=683 198.176.208.75

Group [ourvpn] User [joeuser]

Security negotiation complete for User (joeuser)

Responder, Inbound SPI = 0x5650f288, Outbound SPI = 0xd57c88d3

12050 07/30/2002 09:13:20.610 SEV=4 IKE/120 RPT=683 198.176.208.75

Group [ourvpn] User [joeuser]

PHASE 2 COMPLETED (msgid=0ffc0ed3)

12051 07/30/2002 09:13:22.760 SEV=5 IKE/25 RPT=685 198.176.208.75

Group [ourvpn] User [joeuser]

Received remote Proxy Host data in ID Payload:

Address 192.10.12.91, Protocol 0, Port 0

12054 07/30/2002 09:13:22.760 SEV=5 IKE/34 RPT=427 198.176.208.75

Group [ourvpn] User [joeuser]

Received local IP Proxy Subnet data in ID Payload:

Address 192.10.0.0, Mask 255.255.0.0, Protocol 0, Port 0

12057 07/30/2002 09:13:22.760 SEV=5 IKE/66 RPT=685 198.176.208.75

Group [ourvpn] User [joeuser]

IKE Remote Peer configured for SA: ESP-3DES-MD5

12058 07/30/2002 09:13:22.760 SEV=5 IKE/75 RPT=685 198.176.208.75

Group [ourvpn] User [joeuser]

Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds

12060 07/30/2002 09:13:22.850 SEV=4 IKE/49 RPT=684 198.176.208.75

Group [ourvpn] User [joeuser]

Security negotiation complete for User (joeuser)

Responder, Inbound SPI = 0x244d57f1, Outbound SPI = 0x50d360a2

12063 07/30/2002 09:13:22.860 SEV=4 IKE/120 RPT=684 198.176.208.75

Group [ourvpn] User [joeuser]

PHASE 2 COMPLETED (msgid=564eb75a)

Labels:
0 Helpful
1 Reply 1

awaheed
Cisco Employee
Cisco Employee

‎08-15-2002 09:58 AM

Hi,

You probably need to check if they are saying "Tunnel Everything" in the Group configuration, try defining a Split tunnel with "Allow Local LAN Access".

Try that and let us now how it goes,

Regards,

Aamir

-=-

0 Helpful
Customers Also Viewed These Support Documents