Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN not allowing traffic to pass thru.

We have recently had a couple users that use the VPN to connect to the corporate network. Most of the users have Windows XP with SP2.

The problem that I'm seeing is when they connect to the VPN they will get the username and password prompt and be able to login, however they can't ping anything on the corporate network or anything in their private home network. I have them check their network IP addresses and get their IP address information. Then I go into the VPN concentrator and I can see the user, but I can't ping them.

We are not seeing the issue with everyone, just a couple of users. Things that I have tried to try to fix the problems is:

- replace .pcf file

- Reinstall different version of VPN, all the way up to 4.8.

- update network card drivers.

To remedy the problem I have usually had to get the laptop reimaged and that fixes the issue, after installing the same software back on it. So my thinking is I have a Windows issue of some sort. I'd like to find a different solution then having to reimage. The user gets mad that they have to lose their laptop for 3+ hrs to have it reimaged.

The only thing that I can think that has changed recently is CSA has been deployed to all our users. However, I'm not seeing the issue with all users, so that tells me t hat CSA shouldn't be impacting anything.

Any suggestions would be great, at this point I'm open to any suggestions.

1 REPLY

Re: VPN not allowing traffic to pass thru.

Hi There,

I see two possible issues with that:

1. MTU issues, created by a combo of older VPN client plus a Microsoft patch involving MTU behaviour and a DSL/PPPoE connection, but this should not affect the ping, only TCP connections (maximum MSS allowed). Try using the SetMTU utility of the Cisco VPN Client to lower the MTU to 1300 or below.

2. If you are using a 3000 series concentrator , make sure that at the Group configuration, on the "IPSEC" tab you have "Mode configuration" enabled.

Rate if this helped.

Daniel

104
Views
0
Helpful
1
Replies
CreatePlease to create content