We have recently had a couple users that use the VPN to connect to the corporate network. Most of the users have Windows XP with SP2.
The problem that I'm seeing is when they connect to the VPN they will get the username and password prompt and be able to login, however they can't ping anything on the corporate network or anything in their private home network. I have them check their network IP addresses and get their IP address information. Then I go into the VPN concentrator and I can see the user, but I can't ping them.
We are not seeing the issue with everyone, just a couple of users. Things that I have tried to try to fix the problems is:
- replace .pcf file
- Reinstall different version of VPN, all the way up to 4.8.
- update network card drivers.
To remedy the problem I have usually had to get the laptop reimaged and that fixes the issue, after installing the same software back on it. So my thinking is I have a Windows issue of some sort. I'd like to find a different solution then having to reimage. The user gets mad that they have to lose their laptop for 3+ hrs to have it reimaged.
The only thing that I can think that has changed recently is CSA has been deployed to all our users. However, I'm not seeing the issue with all users, so that tells me t hat CSA shouldn't be impacting anything.
Any suggestions would be great, at this point I'm open to any suggestions.
1. MTU issues, created by a combo of older VPN client plus a Microsoft patch involving MTU behaviour and a DSL/PPPoE connection, but this should not affect the ping, only TCP connections (maximum MSS allowed). Try using the SetMTU utility of the Cisco VPN Client to lower the MTU to 1300 or below.
2. If you are using a 3000 series concentrator , make sure that at the Group configuration, on the "IPSEC" tab you have "Mode configuration" enabled.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...