Solved

Cisco PIX 506e + Cisco VPN Client 4.03 -- Connectivity Problems

Posted on 2004-10-22
2,920 Views
Last Modified: 2013-11-16
I have about 10 clients (including myself) - all Windows XP SP2 - all are using Cisco's VPN Client v. 4.0.3(c) All of them are coming from behind the same firewall/router.  

From time to time we can not access the VPN if one of us is already connected. And if someone then disconnects it takes a while to get back in. The errors are that the client can not communicate with the gateway, or the gateway does not exist.

The VPN config looks something like this:

access-list no_nat permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list split_tunnel permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
ip local pool ip-pool 10.0.1.1-10.0.1.254
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set trmset1
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption aes-256
isakmp policy 2 hash sha
isakmp policy 2 group 1
isakmp policy 2 lifetime 86400
vpngroup groupvpn address-pool ip-pool
vpngroup groupvpn dns-server 192.168.1.20
vpngroup groupvpn split-tunnel split_tunnel
vpngroup groupvpn idle-time 1800
vpngroup groupvpn user-idle-timeout 1800
vpngroup groupvpn password ********

Any ideas?
0
Question by:just1coder
    11 Comments
     
    LVL 79

    Accepted Solution

    by:
    >all Windows XP SP2 - all are using Cisco's VPN Client v. 4.0.3(c)
    This client is not compatible with XP SP2
    You will need 4.05 or 4.6

    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    All the clients are behind this PIX?
    Are you all connecting to the same remote site?
    0
     
    LVL 2

    Author Comment

    by:just1coder
    -I'll try the new client - available at Cisco?
    -Clients are not behind the PIX - VPN...behind a Linksys
    -All connecting to the same remote site.
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    >Clients are not behind the PIX - VPN...behind a Linksys
    What model Linksys? That's the weak link in its inability to create multiple tunnels at the same time.
    Any wireless?
    I'm using Linksys WRV54G router with permanent lan-lan VPN tunnel to PIX at office...
    Works a treat!
    RV042/82 and BEFV41 also work well with PIX..
    0
     
    LVL 2

    Author Comment

    by:just1coder
    -Linksys BEFSR41 - latest BIOS
    -No wireless,...
    -I also have a PIX-PIX VPN that has not given ANY trouble ever...

    Where can I track down the latest VPN client? Is it only available from Cisco?
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Only available from Cisco..
    http://www.cisco.com/kobayashi/sw-center/vpn/client/

    I would suggest upgrading the Linksys, then you don't have to worry about any of the PC's needing the client.
    It will only support one connection at a time, and then you may have to wait for the SA to timeout before you can make another connection. Even those linksys routers that purport to support multiple simultaneous VPN connections only mean multiple connections to different endpoints, not to the same. A lan-lan VPN would definately be better for you.
    0
     
    LVL 2

    Author Comment

    by:just1coder
    aaaah .... I was wondering about that as I have >2 boxes at home running the same client version as well as XP SP2 and they have no trouble.

    I will have to try out the client upgrades first as they will be the easiest to test at 6PM on a Friday :)
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Any progress? Are you still working on this? Do you need more information?
    0
     
    LVL 2

    Author Comment

    by:just1coder
    Distributing 4.6 now ... will advise...

    I have a Netgear WGR614 v4 ... would that be a suitable replacement for the aged Linksys?
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    That's one I have no experience with, but it appears to be a decent product. I've never been a fan of Netgear, but since Nortel bought them, I guess that helps..
    Nortel likes to take a different track,especially when it comes to interopating with Cisco products, though.
    Linksys is owned by Cisco, and you have a Cisco PIX as the end point. 'nuff said...
    0
     
    LVL 2

    Author Comment

    by:just1coder
    ;) The new clients seems to be helping out.. thanks again!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Title # Comments Views Activity
    firewall rules 2 58
    Sonicwall NSA failover & LB 4 38
    Microsoft Advanced Firewall Isolation 6 72
    How to create one more DMZ subnet? 8 55
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now