?
Solved

cisco 4.7 at&t can not connect mtu set to 1400 bites in 0.

Posted on 2009-05-20
16
Medium Priority
?
433 Views
Last Modified: 2013-11-21
I am trying to connect from home to work using vpn 4.7 cisco. however when i connect the bytes in say 0. and when i try to connect to my server through remote desktop it just disconnects me. I ahve set the mtu at 1400 like some forums stated and nothing. I have worked with my IT team they do not know what the problem is. I have called at&T they say is a vpn issue and they do not know about vpns so i am at a loss. Please help i have gone evry route i can think off.
0
Comment
Question by:alx02
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
16 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24439609
Hi,

Have you checked the available bandwidth to you? You can do so using IPerf.

Iperf                dast.nlanr.net/Projects/Iperf           Open-Source
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24439612
Also any specific entries in the VPN client log?
0
 

Author Comment

by:alx02
ID: 24441678
Here is what the log says;
Cisco Systems VPN Client Version 4.7.00.0533
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
Config file directory: C:\Program Files\Cisco Systems\VPN Client\

1      10:14:30.665  05/21/09  Sev=Warning/2      IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:507)

i can not get iperf to run it runs and i see the windown come up real quick but can not access it.
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 

Author Comment

by:alx02
ID: 24446409
Here is another thing we just tested. We took my laptop to someone elses house that does not have att and we were still unable to get any bytes in/ connect to servers.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24454258
If you have the same problem through another ISP then it has nothing to do with AT&T.

Based on the error message, you are not even successfully connecting to the VPN server.  Your IT department should see messages of some sort on the VPN server.

The message "Received an IPC message during invalid state (IKE_MAIN:507)" indicates the the VPN client received a message from the VPN server, but the client was not "ready" to get that message.

I would go back to your IT department and have them look at their logs some more.
0
 

Author Comment

by:alx02
ID: 24468921
giltjr,
thank you for your response i am having them take a look at their logs on their ide this week and will post what they say.
0
 

Author Comment

by:alx02
ID: 24474465
All,
Sat down with IT and connected while they had their logs up here is what they are seeing;
User xxxxxx was granted access.
 Fully-Qualified-User-Name = xxxxxxxxxxxxxx/Users/xxxxxx
 NAS-IP-Address = 38.101.72.145
 NAS-Identifier = <not present>
 Client-Friendly-Name = Cisco 2811 Router VPN
 Client-IP-Address = 38.101.72.145
 Calling-Station-Identifier = 208.102.1.138
 NAS-Port-Type = Virtual
 NAS-Port = 2
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = VPN Login
 Authentication-Type = PAP
 EAP-Type = <undetermined>

But i still get no bytes in.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24474528
Until you get connected to the VPN succesfully you will get no bytes in.

Are you still getting the RPC error?

After you "think" you are connected, issue the commands:

     ipconfig /all
     netstat -rn

and confirm with your IT department that they are correct for your setup.
0
 

Author Comment

by:alx02
ID: 24475317
We sat down and looked at the logs from the ipconfig and netstat -rn with IT. All looks fine from their side they say. they are questioning as to why one of my gateways are showing as 127.0.0.1. but other than that they have no further information.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24475425
If the routing table looks good to them, what happens if you issue the command:

tracert -d x.x.x.x

where x.x.x.x is one of the IP addresses for a host that you should be using the VPN for.

Can you post your routing tables?  Under Windows there should normally be at least two route entries that use 127.0.0.1 as the gateway address.  The first is for the whole loopback address space and that should look like:

        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

The other entry should be for your specific IP addresss something like:

        y.y.y.y         255.255.255.255 127.0.0.1       127.0.0.1       1

Where y.y.y.y is your computer's IP address.  Once connected to the VPN you should end up with two entries as your computer should have two IP addresses; one for the NIC and one the virtual NIC representing the VPN connection.
0
 

Author Comment

by:alx02
ID: 24475583
here is the table;
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1        10.0.1.3       20
          0.0.0.0          0.0.0.0        10.0.10.4       10.0.10.4       1
         10.0.0.0        255.0.0.0        10.0.10.4       10.0.10.4       20
         10.0.1.0    255.255.255.0         10.0.1.3        10.0.1.3       20
         10.0.1.0    255.255.255.0        10.0.10.4       10.0.10.4       1
         10.0.1.1  255.255.255.255         10.0.1.3        10.0.1.3       1
         10.0.1.3  255.255.255.255        127.0.0.1       127.0.0.1       20
        10.0.10.4  255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255         10.0.1.3        10.0.1.3       20
   10.255.255.255  255.255.255.255        10.0.10.4       10.0.10.4       20
     38.104.22.10  255.255.255.255         10.0.1.1        10.0.1.3       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        240.0.0.0         10.0.1.3        10.0.1.3       20
        224.0.0.0        240.0.0.0        10.0.10.4       10.0.10.4       20
  255.255.255.255  255.255.255.255         10.0.1.3        10.0.1.3       1
  255.255.255.255  255.255.255.255        10.0.10.4               3       1
  255.255.255.255  255.255.255.255        10.0.10.4       10.0.10.4       1
Default Gateway:         10.0.10.4
===========================================================================
when i do the tracert command i get host unreachable
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24475715
What was the IP address you were attempting to do a tracert to?
Also can you post the output from ipconfig command?

It appears that part of the problem may be your home IP subnet is part of both your works IP subnets (the VPN tunnel and the internal network).

Right now I would say that your home computers IP address is 10.0.1.3 with a subnet mask of 255.255.255.0.

It appears your works VPN subnet is 10.0.10.0, but I'm not sure of the subnet, as there is no route to that network.  I do see:

         10.0.1.0    255.255.255.0         10.0.1.3        10.0.1.3       20
         10.0.1.0    255.255.255.0        10.0.10.4       10.0.10.4       1

Which is really confusing because this says to get to any host in the 10.0.1.0/24 subnet you must go through 10.0.10.4, which I think is your IP address on the VPN.

How much trouble would it be to change your home's IP subnet to something like 192.168.10.0/24?

0
 

Author Comment

by:alx02
ID: 24476004
i changed the subnet to a 172 and same results. The It department has looked in further and they are convinced it has something to do with the vpn as i have gone to other people's home and can not log in on different service providers and setups.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 24476144
I would agree, however I would also say that you may have had another issue from your home due to your IP subnet appearing to be within your works IP subnets.

Does anybody you know work?

If so, you may want to get a copy of the output from their ipconfig /all and netstat -rn to compare to what you have.
0

Featured Post

Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question