My company is in the early stages of rolling out Win7 enterprise (64bit) with the CIsco 64bit VPN client (184.108.40.206.0290) for remote access back to our head office concentrators. We are seeing some strange occurences....
1. In a few instances the remote access client fails to establish a tunnel - this seems to be an issue with the users service provider router (provider in all instances has been BT, the users had bought thier own routers different models one was a linksys) a router swap out so far has resolved this for thoes effected.
2. Once connected via the cisco client for a number of users the DNS name resolution fails, often completely but sometimes only partially. we dont allow split tunneling, all DNS requests are handled by our internal servers. e.g user1 at home connects OK and name resolution works fine , user 1 goes on a business trip in the US where he connects from a Hotel room and gets this DNS problem .
User 2 connects from home using the Cisco client and regularly has DNS issues. if user 2 loads a packet sniffer (wireshark) while its running the problem goes away. If the user uses the Shrew VPN client again the problem goes away.
Has anyone seen any issues like this and if so have you found a resolution? ,
Does anyone know if Cisco are going to release a new version of the 64bit client ?
I don't think running a packet sniffer like wireshark in any way affects the functioning of the ipsec vpn client software. The packet sniffer just captures packets by sniffing the inbound and outboud traffic transparently, it would not affect a software like Ipsec client. I can only think of a coincidence here.
Regarding the intermittent DNS issues, i would suggest we take logs from the vpn client, and debugs from the headend vpn server (ASA or router or simliar), analyze them and check for abnormalities. Please paste the debugs and logs here so that i can analyze them.
Thanks for your reply, I know it sounds unlikely but Wireshark definately affects the functioning of the VPN, it may be something to do with the WinPcap drivers which are used with wireshark. I've run lots of logs and found that when we get a complete connection failure the client end router seems to miss handle the session from the VPN client as an initial attempt is seen on the head end a response comes from the head end on port UDP500 and thats it nothing else. Logs for the DNS issues show nothing unusual. As for checking for the correct resolver the client is only using the internal DNS.
I was hoping someone else may have seen this issue, there are a few posts along the same lines but none with any resolution.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :