Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1489
Views
0
Helpful
4
Replies

VPN Client issues

Marcelo Martins de Castro
Level 1
Level 1

‎01-02-2012 06:18 AM

Since last week we are having problems with remote users working with VPN client on Windows XP.

The connection is stablished but no data traffic occurs. 

As we didn't do any change in vpn remote settings I did a test from Linux machine running VPNC client and it works well.

It sounds so weird because it happens only on Windows client platform.

We have CISCO ASA 5510 and PIX 515 running 8.0(4).

Anybody have some idea about this issue?

regards,

Marcelo Martins de Castro

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-02-2012 08:15 AM

I would check a client for Windows Firewall settings. I've seen issues in the past where Windows update changed firewall behavior so as to exclude access to certain applications and services that had previously been allowed. This could also happen via a Windows Group Policy being pushed to the clients from their domain controller.

0 Helpful

Marcelo Martins de Castro
Level 1
Level 1
In response to Marvin Rhoads

‎01-02-2012 09:23 AM

Hi Marvin,

The Windows Firewall is not enable in corporate Windows settings.

In some tests I did I disabled the IDS host too and it didn't change the behavior.

It has a strange behaviour because VPN log doesn't show regular events as before.  It only shows some events related to the isakmp negotiation protocol. 

It looks like that the traffic is not sent to virtual vpn interface.

I've tried to access some applications and these tries was not showed as a event in the log.

I used the log information before to help to solve other issues but this time no information is displayed.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Marcelo Martins de Castro

‎01-02-2012 09:32 AM

Hmmm, sounds very odd indeed. I take it the SA for your client connection shows ACTIVE when you connect from the Windows client.

Do you see any errors at all if you try debugging the connection on the Pix or ASA? See tips here:

http://www.cisco.com/image/gif/paws/5409/ipsec-debug-00.pdf

Still, the fact that the problem is restricted to Windows clients is troublesome. Do you have a "clean" Windows client you can test with - i.e., locally administered, no firewall, IDS, or AD group policies etc. on it?

0 Helpful

Marcelo Martins de Castro
Level 1
Level 1
In response to Marvin Rhoads

‎01-10-2012 02:25 AM

Hi Marvin,

I'm sorry for delay.

Unfortunatelly I could not find the source from this issue, but I solved it after upgrade from 8.0(4) to 8.0(5).

thanks for all

0 Helpful
Customers Also Viewed These Support Documents