Running 2 different VPN solutions simultaneously

kris55s · ‎04-13-2007

Due to a change in user authentication, we have stood up a Microsoft VPN solution that is running in conjunction with our Cisco VPN Concentrator. The Cisco and Microsoft public and private interfaces are attached to the same Cisco 2950 switch. Since standing up the Microsoft solution for testing only, some users that connect to our Cisco Solution have been experiencing issues. They can log in and have a connection but their clients do not respond to any packets or keepalives sent to them from the Concentrator. Not all user's are being affected. Some user's have experienced no issues. I am at a loss. We have looked at the clients device, been through everything, watch logs on the concentrator. The concentrator always shows in the logs that the user requested the disconnect, or that the keepalive confidence interval (5 min.) had been met with no response from the client. Management thinks it's the concentrator. As the admin of the concentrator, which has had no configuration changes in a long time, I disagree. If it was, ALL user's would be having issues.

Could it be a conflict in the IPSec tunnels or an arp cache issue in the switch, between the Microsoft VPN and the Cisco VPN concentrator?

dbellaze · ‎04-14-2007

Do you have NAT-T enabled? I think that its enabled for TCP by default, but not for UDP. Make sure that it's enabled for UDP. If it its not this could possibly be your issue. If it is than you may have to set up a span port on your 2950 to sniff the traffic being sent to your devices.

Daniel