I have a Cisco 3005 VPN Concentrator running V3.5 software on the Concentrator, and a Windows 98 computer running the 3.01 client. It was working fine until I recently started experiencing this:
1)Ping the gateway from a client on the public side >> It responds
2)Establish a tunnel to the private side, it works fine
3) Disconnect the session
4) The VPN unit is no longer pingable from THAT IP address
5) I can also no longer establish any sessions to the VPN concentrator from that IP
6) I PING the windows 98 computer's public IP address FROM the 3005 Concentrator's managment interface and suddenly it becomes responsive again from that client (is pingable the other way)
7) I can then establish another session however I go back to step 3
This is over an @home cable modem connection with NAT (I have the IPSEC over NAT option enabled, port 10000)
It occurs to me that the problem is one of three things, either a routing issue at the VPN concentrator, or some sort of filtering issue with my ISP, or some sort of NAT issue. The strange thing is that it was working fine and this just started with no configuration changes that I know of. The same thing happens from multiple remote clients (it's not isolated to one client box)
Possibly a problem with the Windows IP stack. I would uninstall the client and reboot, remove all the Windows networking components and reboot. Reinstall the network stack, reboot, reinstall the client and reboot. I use AT&T Broadband cable modem to connect with NAT to my companys concentrator and have never experienced any problems even after the changeover from @home.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...