VPN 3015 Client can "see" but not "touch" network services - need guidance

dpardue · ‎09-04-2002

I have a 3015 in place, running version 3.6 and the 3.6 client on a Win2k machine. I am able to successfully connect and authenticate to the Windows Domain, and once connected can ping everything on my private network (even other private subnets and over WAN links.)

The problem is that I cannot actually access any services - I am getting all the appropriate IP settings from the DHCP server on the private network, but nslookup fails, I can't access any internal web servers and am unable to telnet or ssh to anything. It is acting like all ports have been shut off. I have tried this with the Integrated firewall on and off, but it makes no difference.

The filters and rules are still in the default state, but look like I should be allowed full access (the Private (Default) lists Any (In) and Any (Out) as its filters.) Also, I would have expected ICMP would have been blocked if everything was also restricted, so why can I ping and not http, etc...?

I am sure I am missing something fairly obvious - does anyone have some insight as to what I have overlooked?

cjacinto · ‎09-04-2002

How are you connecting, dialup or broadband (if so cable or PPPoE?).

Could you pls try to adjust the mtu to say 1400 with the setmtu utility that gets installed with the client. Normally these kind of issues are MTU related.

dpardue · ‎09-05-2002

I have tested this over both dial-up and cable modem. Increasing the MTU to 1400 did not help. Should I go higher?

cjacinto · ‎09-05-2002

Actually you should try lower mtu (maybe go lower than 1400). Also are you behind any nat device or is the concentrator behind a nat device in which case, might try to also enable ipsec over udp or ipsec over tcp (you enable it on both conc and client). See:http://www.cisco.com/warp/customer/471/nat_trans.html

http://www.cisco.com/warp/customer/471/vpn3k_ipsec_tcp.html