I have a cisco ASA 5520 7.0(2) and have setup the VPN client to use an IAS radius server. I followed the cisco manual for setting this up and I have kept it simple, I can see no obvious problems with the configuration however I am having difficulty getting clients connected.
I am using two test devices at the moment which are both using the same external broadband connection.
Device 1 is an Apple IPOD using the builtin Cisco VPN Client
Device 2 is a HP laptop using the Windows Cisco VPN Client 5.0.03
Device 1 can connect to the VPN first time everytime, all resources on the protected network are accessible and all activity is shown on the IAS servers logs. This device works perfectly fine from all internet connections.
Device 2 can connect to the firewall and establish a VPN connection, however 9 times out of 10 it does not receive a dhcp lease and no traffic can be received, traffic appears to only flow in one direction.
On the occasions that Device 2 does get a working VPN connection i.e traffic flows in both directions, I can access all network resources on the protected LAN, BUT nothing appears in the IAS server logs showing that any authentication has taken place.
I have replaced Device 2 with a number of different makes and models of laptops and VPN client software and all exhibit the same problem as Device 2.
What I dont understand is how device 2 is managing to gain access and authenticating when the authentication server shows no trace, and why 9 times out of 10 after authentication traffic is only one way. Yet Device1 works first time everytime using all the same settings.
I am totally baffled so any help is appreciated,
As you are behind the same broadband connection, do you have both Device 1 and Device 2 connected at the same time?
If you disconnect Device 1 from the VPN, can Device 2 connect all the time and working correctly? ie: if you only have Device 1 connected to VPN from behind your broadband connection, is it still exhibiting the same issue you experienced before?
Thanks for your reply.
During testing I would say that only one device is connected at a time and yes they are currently behind the same broadband connection.
Please ignore where it says that nothing shows in the IAS logs for the problematic connections in my original post, I can confirm the logs show every connection, I was looking at the modified time on the log file and not paying enough attention to the file contents.
I will try connecting both devices at the same time and see what happens.
Device 2 is currently running 32bit Windows 7 Ultimate, other devices I have tried have been a combination of Windows XP, Vista and 7.
The one constant up until now has been that Device 1 (ipod cisco vpn client) would connect first time every time without issue. However since the constant testing over the last couple of hours the ipod is now starting to fail, the last 5 or so connections have authenticated ok but no connectivity.
On the contrary to this Device 2 which normally has problems is now connecting ok and able to access network resources without issue, its now looking very random.
You mentioned that you are runningn vpn client 5.0.3. I would suggest upgrading it to the latest version 5.0.6, and see if you still experience the random issue.
I have tried 3 different versions of the cisco VPN client so far and im sure 5.0.6 was one of those as it came on a CD with a new router.
I have asked my cisco reseller to provide a CD with the latest client software just to be 100% sure I have tried the most current version.
I am also about to try the VPN on a newly built windows 7 laptop so will see how that goes, but at the moment I would suggest the problems seems to affect the recent clients as well as the older ones.
I have now tried using the latest cisco VPN client 75.0.07.0290.
The first few attempts on a Windows 7 laptop worked fine (initially)
I tried the same VPN client on a colleagues laptop which is identical to the one I used and using the same external internet connection. The connection could be established but traffic was being sent by the laptop but no traffic was being received i.e the original problem.
I tried using my logon details on my colleagues laptop but that still did not work. I tried again on my laptop and it worked first time.
I have another ASA with Client VPN setup at a DR site, it is the same make/model and exhibits the same problem, the only difference is this second ASA uses the local database for user authentication rather than a radius server.
72 hours after I did the above tests I have tried again to access both VPNs and both have connected but traffic is only in one direction i.e no traffic being sent from the firwewall to the client device.