wrwiii12
asked on
Cisco VPN using wrong DNS
I am using a windows XP laptop with a cisco vpn client. This works well when I am everywhere except certain locations. At certain locations the issue I have is that when I connect the vpn I have the LAN IP info and dns and I have the correct vpn IP info and dns. I am not able to ping any devices by name or ip address. It must be something with their network setup because I can put in my Verizon aircard and everything works just fine. Does anyone know what would cause such a thing? The VPN client authenticate, connects, and even gives an IP address but I can't talk to anything by name or IP on the vpn network. Like I said before its only on certain networks that this happens.
ASKER
On the current network where it is not working the addresses are as follows:
LAN 10.1.2.X
VPN 10.224.199.X
VPN LAN Internal 10.224.224.X
So I dont think that is it unfortunatly.
LAN 10.1.2.X
VPN 10.224.199.X
VPN LAN Internal 10.224.224.X
So I dont think that is it unfortunatly.
What is the netmask for the LAN and the VPN?
netstat -rn where it is not working?
What mode is the connection UDP/TCP?
Do a tracert VPN location. Is the traffic going via the VPN IP or via the LAN interface?
ASKER
All networks are using 255.255.255.0
netstat -rn just showed the routing table only so I did netstat -n and everything was TCP but the weird thing is that nothing in the list showed the IP address of the public vpn gateway
I can not do a tracert because when i ping a 10.224.224.X address it times out
netstat -rn just showed the routing table only so I did netstat -n and everything was TCP but the weird thing is that nothing in the list showed the IP address of the public vpn gateway
I can not do a tracert because when i ping a 10.224.224.X address it times out
I was looking for the routing table. use tracert 10.224.224.x and see what path it takes. Does your VPN ip get set as the default gateway?
ASKER
I attached a file for you to look at.
When I do tracert 10.224.224.X I get
Tracing route to 10.224.224.162 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
When I do tracert 10.224.224.X I get
Tracing route to 10.224.224.162 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
ASKER
forgot to add file
a.txt
a.txt
Your routing table seems fine.
Do you know whether this location is allowing VPN passthrough?
It might be that the issue is with NAT-T not being permitted through.
An option could be to use a network analyzer wireshark (www.wireshark.org formerly ethereal) to see what leaves your system and see whether any response is coming back when you are trying to access anything on the other side of the VPN.
Trying to access anything on the 10.224.190.x network?
Do you know whether this location is allowing VPN passthrough?
It might be that the issue is with NAT-T not being permitted through.
An option could be to use a network analyzer wireshark (www.wireshark.org formerly ethereal) to see what leaves your system and see whether any response is coming back when you are trying to access anything on the other side of the VPN.
Trying to access anything on the 10.224.190.x network?
ASKER
I thought of that too. But when I have been to places where VPN passthrough is not enabled I am not even able to connect to the VPN gateway because the GRE comm would fail.
I meant that it allows the 500, 1701,1723 (ipsec, L2TP, PPTP) traffic to pass back and forth, but the NAT-T is not (4500, 10000 depending on the settings of the cisco)
Analyzing your system's network data flow may shed a light on what is going on.
Analyzing your system's network data flow may shed a light on what is going on.
https://www.experts-exchange.com/questions/23340293/How-do-i-route-traffic-from-the-IP-of-the-remote-access-client-to-the-network-behind-the-VPN-appliance.html seems to have a similar situation here a VPN session can not pass traffic while works elsewhere.
ASKER
Well I have left the location where I was having the problem and will have to wait until I get to another location that has this setup.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I.e. when you connect to the VPN you are able to access 192.168.4.x, 172.16.45.x, 10.0.5.x.
At the location where you are seeing a problem, prior to connecting to the VPN, your laptop gets an IP on either 192.168.4.y, 172.16.45.y, or 10.0.5.y. This will likely explain the issue why your VPN works most of the time.