Cisco VPN Troubles Software to Concentrator
Posted on 2005-03-08
Our company has been using a Cisco VPN Concentator for quite a while and really like how well it works and the improvment of the traffic speeds through the device, but as we are using it more, we are running into issues. Our laptop users are required to build a tunnel before they are capable of surfing the web or really doing anything, as we route their DNS through our internal DNS server. This is so we can control what they are doing and push updates down to them through SMS or other utilities.
The problem we are having is that in some places they can not connect through the VPN. We have against LDAP to Windows 2003 AD before they connect. When they are in one of these locations, they recieved the login prompt, they type their username and password, then it show them connected. The problem is it never passes traffic.
I have taken some very detailed logs and the logs show absolutly no problems. All phases pass right and keys are excahanged. Everything happens as normal. It just will not pass traffic. I was thinking that maybe it is becouse these places block IPSEC in their gateway, but I need to make sure becouse this is happenning in many places including airports and hotels.
I have been able to personally visit one of these places and test the VPN. Interesting enough, the airports uses the exact same private subnet range that we do, so the client is sitting on 172.16.8.3/24 for his VPN IP address and the WLAN Ip address from the airport is 172.16.25.233/16. I don't know if the machine gets confused on to where to route traffic at that point or what, but we need to try to come up wit something.