Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
6
Replies

VPN connection established but can't communicated

bslim
Level 1
Level 1

‎09-23-2002 04:50 PM - edited ‎02-21-2020 12:04 PM

Most of our vpn users there is no problem.

but some users have problem.

they can establish a IPSec connection to VPN 3030 using Client 3.1

but they couldn't ping or session with our internal network.

but they can ping to internet sites.

they use private ip address and VPN client set IPsec through NAT

VPN client established statistics as follows:

Packets decrypted : 0

Packets encrypted : XXX

packet didn't decrypted.

is it a firewall problem in local ISP?

what should i do?

and when some user access the vpn 3030,

the log display QM FMS message in our VPN 3030

what does it means?

alex

Labels:
0 Helpful
6 Replies 6

ssoberlik
Level 4
Level 4

‎09-30-2002 06:32 AM

If you are only having problems with certain users, I would suggest looking through the vpn client's configuration. If that does not resolve the problem, you might want to open a TAC case.

0 Helpful

charles.manley
Level 1
Level 1

‎10-24-2002 08:26 AM

Have you gotten any resolution with this? We are having the exact same issue at a few different locations. When the users dial-up and connect they are fine so its not a client config issue

0 Helpful

slondon
Level 1
Level 1
In response to charles.manley

‎11-07-2002 07:20 AM

We seem to have a similar if not the same issue here. On a PIX 525, we have successful VPN authentication using IAS for AD authentication. This works fine. But off and on, our users can ping, browse, connect to email etc and other times cannot. Last week it was absolutely perfect all week. But now this week it has had borblems every day. Then some users are fine, and others are not. What gives? Where do we go from here?

0 Helpful

Nelson Rodrigues
Cisco Employee
Cisco Employee

‎11-07-2002 08:13 PM

Bong, can you supply the complete 3000 and client logs when this occurrs.

For the 300 please turn events AUTH level 9, and IKE/IKEDBG level 9.

Also can you try with the latest 3000/client software release 3.6.X ? Is your client behind a NAT box?

Nelson

0 Helpful

sal.esposito
Level 1
Level 1

‎11-08-2002 07:24 AM

We have a somewhat related issue.

User connect fine via IPSEC VPN to out 3030 concentrator through their Linksys wireless BEFW11s4 (rev 2.0) when Layer 1 physical connectivity is replaced with a cat 5 direct connection.

When they connect using wireless, the IPSEC tunnel comes up but are unable to pass any data. Packest decrypted = 0 as above

This is the same in all cases for all users at all locations.

The Cisco client in use is rev 3.6.2a and 3.5.1.

The wireless nic in use is a 3com 3crshpw_96.

The only logical thing we seem to be able to come up with may be physical layer or data-link layer issues such as frame size, encapsulation or fragmentation related issues at layer 2 but have no way to prove or disprove these theories.

Any ideas?

Sal

0 Helpful

rvdoever
Level 1
Level 1
In response to sal.esposito

‎11-18-2002 02:25 AM

Please try another wireless adapter, because there seem to be problems with this specific 3Com card (at least I have! :-). Switching over to another card solved the problem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents