Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WIN7 64bit Enterprise & Cisco 64bit VPN Client issues

Hi All,

My company is in the early stages of rolling out Win7 enterprise (64bit) with the CIsco 64bit VPN client (5.0.0.7.0290) for remote access back to our head office concentrators. We are seeing some strange occurences....

1. In a few instances the remote access client fails to establish a tunnel - this seems to be an issue with the users service provider router (provider in all instances has been BT,  the users had bought thier own routers different models one was a linksys) a router swap out so far has resolved this for thoes effected.

2. Once connected via the cisco client for a number of users the DNS name resolution fails, often completely but sometimes only partially. we dont allow split tunneling,  all DNS requests are handled by our internal servers. e.g  user1 at home connects OK and name resolution works fine , user 1 goes on a business trip in the US where he connects from a Hotel room and gets this DNS problem .

User 2 connects from home using the Cisco client and regularly has DNS issues.  if user 2 loads a packet sniffer (wireshark) while its running the problem goes away. If the user uses the Shrew VPN client again the problem goes away.

Has anyone seen any issues like this and if so have you found a resolution? ,

Does anyone know if Cisco are going to release a new version of the 64bit client ?

Your help is much appreciated

Thanks

David

Everyone's tags (2)
2 REPLIES
Cisco Employee

Re: WIN7 64bit Enterprise & Cisco 64bit VPN Client issues

Hi David,

I don't think running a packet sniffer like wireshark in any way affects the functioning of the ipsec vpn client software. The packet sniffer just captures packets by sniffing the inbound and outboud traffic transparently, it would not affect a software like Ipsec client. I can only think of a coincidence here.

Regarding the intermittent DNS issues, i would suggest we take logs from the vpn client, and debugs from the headend vpn server (ASA or router or simliar), analyze them and check for abnormalities. Please paste the debugs and logs here so that i can analyze them.

For debug commands this link would he helpful : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

Also please do few nslookup tests (run "nslookup ", like nslookup cisco.com) and check if the dns replies are coming from your correct internal servers and not public dns servers.

Let me know if this helps,

Cheers,

Rudresh V

New Member

Re: WIN7 64bit Enterprise & Cisco 64bit VPN Client issues

Hi Rudresh V

Thanks for your reply,  I know it sounds unlikely but Wireshark definately affects the functioning of the VPN,  it may be something to do with the WinPcap drivers which are used with wireshark. I've run lots of logs and found that when we get a complete connection failure the client end router seems to miss handle the session from the VPN client as an initial attempt is seen on the head end a response comes from the head end on port UDP500 and thats it nothing else. Logs for the DNS issues show nothing unusual. As for checking for the correct resolver the client is only using the internal DNS.

I was hoping someone else may have seen this issue, there are a few posts along the same lines but none with any resolution.

Regards

David

5242
Views
0
Helpful
2
Replies
CreatePlease login to create content