Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
3
Replies

VPN Client Defines Non-existent Standard-Gateway

jjblaette
Level 1
Level 1

‎11-19-2013 06:50 AM

Hello!

We have configured a IPSec-tunnel that has on one side the Cisco router 876 and on the other side the Cisco VPN Client. The tunnel is established without problems and the server on the Cisco router 876-side can be reached without problems, when Cisco VPN Client is used on a client with 32 bit.

But, if the Cisco VPN Client with 64 bit on a Windows 7 client is used, the server on the Cisco router 876-side cannot be reached although the tunnel is established correctly. The difference that I could notice is that with 32 bit the standard gateway of the client has the same IP-address as the client interface of the Windows (XP) 32 bit-system. With 64 bit (Windows 7) however the IP address is different than the IP of the client interface and usually does not exist. So we suspect that the server cannot be reached because a non-existent standard-gateway is configured.

Question now is with 64 bit how to define the correct standard-gateway on the client system.

Any help is very much appreciated!

Jakob

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-20-2013 12:09 AM

Jakob,

The default GW behavior is specific to vista and on (if I properly understand what you're saying).

I'll quote an internal reference:

Due to changes in the way Vista behaves with routing, the default gateway method of the VPN Client routing needed to be changed.

Prior to 4.8.02.0010, the default gateway of a tunnel all connection pointed directly at the VPN assigned IP address.
  Vista didn't like this so it was changed to point at a fake IP address on the VPN assigned subnet.  This does not affect traffic to this address if it happens to overlap with an actual device on that subnet.
0 Helpful

jjblaette
Level 1
Level 1
In response to Marcin Latosiewicz

‎11-20-2013 01:01 AM

Hello, Marcin,

thank you for your kind answer. This helps to understand why the default gateway is different with Windows XP and Windows 7.

Nevertheless the problem remains that with XP the server at the remote site is reachable while with Windows 7 the server is not reachable.

Any idea why this is the case? Thanks in advance!

Jakob

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to jjblaette

‎11-20-2013 09:16 AM

Looks like it's time to troubleshoot connectivity. Except the info about Windows versions we have no information to go with.

May I suggest opening a TAC case? ;-)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents