Re: VPN Client routing problems

N3t W0rK3r · ‎10-04-2005

I am trying to set up a Remote Access VPN for the first time using a 2611XM IOS router and the Cisco VPN software client v4.7 on a WinXPsp2 laptop.

I have the conifguration working to the point where I can bring up the tunnel, but I am not able to reach any hosts on the lan on the other end.

I have noticed the following errors in the Log display on my client, each time I try to connect:

Cisco Systems VPN Client Version 4.7.00.0533

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

Config file directory: C:\Program Files\Cisco Systems\VPN Client

1 17:14:05.708 10/04/05 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route: code 87

Destination 192.168.1.255

Netmask 255.255.255.255

Gateway 172.16.1.2

Interface 172.16.1.2

2 17:14:05.708 10/04/05 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100102, Gateway: ac100102.

I think that if I can resolve the root cause of these errors then my vpn connection will work as expected.

Any suggestions you may have will be greatly appreciated.

Regards,

John

jackko · ‎10-04-2005

the error msg indicates that vpn client was not able to add route. without updating the pc routing table, the remote vpn will not work.

i guess the issue maybe related to window firewall or administrative right.

i haven't use v4.7, maybe try a different version.

N3t W0rK3r · ‎10-05-2005

Since posting my original note, I discovered that a bug has been verified that may apply to my situtation. The Bug id is CSCdz88896 and it talks about a Win2k/XP client that can bring up the tunnel but not pass traffic when the client's host IP closely resembles the IP of the device it is trying to create a VPN with.

I then proceeded to change my local subnet definition on my dsl router from a 192.168.x.x address to a 10.x.x.x address and then retried the VPN connection. This time, I connected successfully and the previous log errors were not reported. HOWEVER, for some reason I still cannot pass traffic through the tunnel.

John

jackko · ‎10-05-2005

so we are getting somewhere positively.

you mentioned this time the vpn client connected, however, you still can't access any resources. this issue maybe related to the router config, would you please post the router config?

ochadcalvert · ‎10-05-2005

I am having a very simular problem. After the tunnel connects, I can ping a terminal server that I want to access but cannot get remote desktop to connect. I can smd back to the routers dmz address. I am also using xp sp2. My ts is in a dmz and if I connect the laptop to the dmz it will connect to the ts. Could sp2 be blocking something the vpn client needs?

Thanks in advance.

David Calvert

ISM

Oklahoma City Housing Authority

jackko · ‎10-05-2005

ochadcalvert,

you mentioned you can ping the terminal server, have you try to telnet to the server with port 3389?

i had an issue before but can never resolved it. i can telnet to the server with port 3389 but the terminal session client just wouldn't work. it only affects couple pc, not all. eventually those pc have been re-build and since then it works fine.