Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco PIX 506e + Cisco VPN Client 4.03 -- Connectivity Problems

Posted on 2004-10-22
11
Medium Priority
?
2,924 Views
Last Modified: 2013-11-16
I have about 10 clients (including myself) - all Windows XP SP2 - all are using Cisco's VPN Client v. 4.0.3(c) All of them are coming from behind the same firewall/router.  

From time to time we can not access the VPN if one of us is already connected. And if someone then disconnects it takes a while to get back in. The errors are that the client can not communicate with the gateway, or the gateway does not exist.

The VPN config looks something like this:

access-list no_nat permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list split_tunnel permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
ip local pool ip-pool 10.0.1.1-10.0.1.254
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set trmset1
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption aes-256
isakmp policy 2 hash sha
isakmp policy 2 group 1
isakmp policy 2 lifetime 86400
vpngroup groupvpn address-pool ip-pool
vpngroup groupvpn dns-server 192.168.1.20
vpngroup groupvpn split-tunnel split_tunnel
vpngroup groupvpn idle-time 1800
vpngroup groupvpn user-idle-timeout 1800
vpngroup groupvpn password ********

Any ideas?
0
Comment
Question by:just1coder
  • 6
  • 5
11 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12384997
>all Windows XP SP2 - all are using Cisco's VPN Client v. 4.0.3(c)
This client is not compatible with XP SP2
You will need 4.05 or 4.6

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12385020
All the clients are behind this PIX?
Are you all connecting to the same remote site?
0
 
LVL 2

Author Comment

by:just1coder
ID: 12385361
-I'll try the new client - available at Cisco?
-Clients are not behind the PIX - VPN...behind a Linksys
-All connecting to the same remote site.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12385413
>Clients are not behind the PIX - VPN...behind a Linksys
What model Linksys? That's the weak link in its inability to create multiple tunnels at the same time.
Any wireless?
I'm using Linksys WRV54G router with permanent lan-lan VPN tunnel to PIX at office...
Works a treat!
RV042/82 and BEFV41 also work well with PIX..
0
 
LVL 2

Author Comment

by:just1coder
ID: 12385499
-Linksys BEFSR41 - latest BIOS
-No wireless,...
-I also have a PIX-PIX VPN that has not given ANY trouble ever...

Where can I track down the latest VPN client? Is it only available from Cisco?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12385531
Only available from Cisco..
http://www.cisco.com/kobayashi/sw-center/vpn/client/

I would suggest upgrading the Linksys, then you don't have to worry about any of the PC's needing the client.
It will only support one connection at a time, and then you may have to wait for the SA to timeout before you can make another connection. Even those linksys routers that purport to support multiple simultaneous VPN connections only mean multiple connections to different endpoints, not to the same. A lan-lan VPN would definately be better for you.
0
 
LVL 2

Author Comment

by:just1coder
ID: 12385543
aaaah .... I was wondering about that as I have >2 boxes at home running the same client version as well as XP SP2 and they have no trouble.

I will have to try out the client upgrades first as they will be the easiest to test at 6PM on a Friday :)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12403395
Any progress? Are you still working on this? Do you need more information?
0
 
LVL 2

Author Comment

by:just1coder
ID: 12403490
Distributing 4.6 now ... will advise...

I have a Netgear WGR614 v4 ... would that be a suitable replacement for the aged Linksys?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12403653
That's one I have no experience with, but it appears to be a decent product. I've never been a fan of Netgear, but since Nortel bought them, I guess that helps..
Nortel likes to take a different track,especially when it comes to interopating with Cisco products, though.
Linksys is owned by Cisco, and you have a Cisco PIX as the end point. 'nuff said...
0
 
LVL 2

Author Comment

by:just1coder
ID: 12410521
;) The new clients seems to be helping out.. thanks again!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Integration Management Part 2
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question