We have a VPN Concentrator 3005. One of the users is trying to connect to our network through wireless at a hotel. He was able to login through Cisco VPN client. However, he could not open Microsoft Outlook. Can you help? Thanks.
This is actually not a Cisco issue per-se, but due to the fact that (i'm almost certain) the hotel is blocking the port that Exchange uses. Assuming that you guys use the MS OWA (Outlook web access), you need to go into Outlook ->Tools ->email accounts ->Next ->change ->More Settings ->Connection -> Enable and then click on Connect to my Exchange mailbox using HTTP.
You would then need to click the Exchange Proxy Settings button and add the URL for your OWA to that page, and then change your authentication type from NTLM to Basic. Also, make sure that both boxes are checked for fast and slow connections.
Save these settings, close OUtlook and then re-open it and that should do it.
You know, I just re-read your post and I may be wrong. I'm going to test this setup this evening and I'll post back.
Thanks for taking time to answer my question, Paul.
My Exchange server is behind the VPN Concentrator.
I was able to connect to the internet through wireless. However, when I was authenticated through VPN client, I no longer can access the internet nor my local LAN.
Ok. Does this only happen when using the wireless or do you always have issues with connecting to the VPN? Are you using split-tunneling? Also, when you say Local LAN, are you referring to the LAN behind the concentrator or the LAN wherever it is that you are physically located?
Thanks for your prompt response.
The issue only happens when I connect using wireless. The VPN client works fine when I connected through a wired cable.
I do not use Split-tunneling.
Local LAN refers to LAN behind the Concentrator.
Sorry - I had a long lunch break...
So, when you connect through the wireless do you actually connect to the concentrator? I can see the WiFi router blocking something like ESP, or not doing NAT-traversal, but if you actually connect I'm afraid I'm a bit stumped. I assume that this is only happening with the WiFi in this particular hotel?
Thanks for your prompt response again, Paul.
Yes, when I connect through wireless, I actually connect to the Concentrator. Is there a way to find out from my computer to see if the ESP or ports that are open or closed when I am connecting to the Concentrator? I was thinking about the commands that I can type from my computer.
hmmm.... not really. You can see what happens with the vpn connection negotiation by enabling logging on the client before connecting, but that's about it. If you have Ethereal on your pc, you can see everything that happens.
You don't have any access to the WiFi router, do you? Also, can you ping the concentrator once you've connected?
Thanks for your prompt response again. I do not have access to the WIFI router.
I cannot ping the Concentrator or anything on my LAN.
I am not sure if "netstat" or "nbtstat" commands would give me any open or closed ports information.
If you can think of anything else, please let me know.
Thanks for taking time to answer my questions.
If you can't ping the (inside) interface of your concentrator (assuming that is has icmp echo-reply enabled) then your IPSec tunnel isn't forming correctly. Did you check the VPN client log? Also, is there anyone on the other end that can get into the concentrator to verify your connection?
Thanks for your prompt response, again.
I have not tried the VPN client log. Everyone on the end can get into the Concentrator.
Seems like there is at least one thing that hasn't been asked yet. Does the user have any connectivity to the remote network or is it just Outlook that is not working?
I missed the part above where she could not ping.
Why would the wireless lan subnet matter? (non-sarcastic serious question)
Is nat-t enabled on the concenrator?
No sarcasm noted :-)
The wireless subnet doesn't matter. There is a problem with the IPSec tunnel being created through the WiFi router. The VPN works fine everywhere else. I was just curious what IP address she is getting from the concentrator...
Personally I think its a NAT-T issue on the WiFi router.
the wireless subnet matters if that network and her remote lan network that she's trying to connect to are the same.
I see it happen all the time with people's home networks (which are usually 192.168.1.x).
Thanks for your response. The IP address assigned to me via wireless is 189.xxx.xxx.xxx. The IP address assigned to me is the private address 156.xxx.xxx.xxx.