VPN works for one wifi adapter but not another one

If your PINGing by IP address and having mixed results, then I'd check both firewall programs (XP and McAfee) to make sure they're allowing PING in both directions for your VPN LAN. If your PINGing to computer NAMES, I'd also look at both your internal and external properties regarding DNS configuration; also try pinging from the Realtek to the FQDN of the computer name, not just the name itself.

When you add another network device you are effectivly creating another network connection.  I agree with vanbarsoun, you need to check your firewall settings for that specific device/connection.  Firewall programs are generally pretty stupid and tend to lock things down when a user response was missed or the configuration wasn't rerun after the new hardware install.

Try this, disable all your firewalls and try to connect.  If it works, then there is your answer.  If it doesn't, well, there are a few more things that could be going on.

Do any other services work over the VPN other than an ICMP ping?  Such as RDP. Telnet, FTP, etc.?

vanbarsoun and JimmyITCS,

II think I  need to provide more clarity about what is going on.  Here is the sequence that demonstrates the problem.:

1. Enable internal wifi adapter.
2. Connect to community wifi network.
3. Use Cisco VPN Client to establish VPN connection to work office network.
4. All IP addresses and computer names on work office network are reachable (by any network application).
5. Disable internal wifi adapter.
6. Enable external USB wifi adapter.
7. Connect to community wifi network.
8. Use Cisco VPN Client to establish VPN connection to work office network.
9. NO IP addresses and computer names (fully qualified or otherwise) on work office network are reachable (by any network application)

It is #9 above that I want fixed.  The only thing that has changed is that I am using the internal wifi adapter verses a new one.  Not at the same time.  One at a time.  In both cases the VPN connection is created via the same connection (Cisco Systems VPN adapter).

I disabled the McAfee firewall  and the problem still exists.

Have you tried disabling the XP built-in firewall, if it's turned on?

vanbarsoun.

XP firewall is not enabled.

Does the Realtek get assigned the same internal IP by the VPN as your internal wireless card? If not, I wonder if there's some sort of IP address filtering going on at the remote end.

vanbarsoun.

That is a difficult thing to determine.  Even with 2 successive connections using the same internal card, the VPN IP address can change.  I am not the only one connecting via VPN, and IP addresses can be assigned to others when I disconnect.

After you connect to the VPN just do an ipconfig /all on the command line to see if you're getting the same or different IP address. Normally, if you're getting the IP address via DHCP, it won't change that quickly. I suppose the next step would be to contact your system/network admin for live troubleshooting.

vanbarsoun.

I have already done what you suggest. Again. Even with 2 successive connections using the same internal card, the VPN IP address can (and does) change.  I am not the only one connecting via VPN, and IP addresses can be assigned to others when I disconnect.

So you are 100% sure that your internal wireless card's MAC address is not being given a reserved IP address, and thus allowed special rules to access the VPN resources? Can you please post the results of your ipconfig /all from both adapters? We can't help if you won't give us answers we're specifically asking for.

vanbarsoun.

I am providing answers to what you are "specifically" asking.  This is  your first request  to post the results of ipconfig/all.  

As I have told you, my internal wireless card's MAC address is being given different IP addresses, depending on when I establish the VPN  connection.

I will provide an example shortly, per your  most recent "specific" request.

Here is an example.  My client has thousands of employees, so during the day, the IP address that is assigned typically changes depending on when the VPN connection is established.  In this example the assigned  IP address did not change, probably because there are  not many people connecting and disconnecting.

Note that the IP address assigned by my local community wifi service is different between the Dell internal card and the Realtek card.  Apparently that IP address is assigned based on MAC address.

Note that I have globally changed the first 2 octets of IP addresses that are associated with my client's network.  It does not change the information that you are interested in.  Thanks.



vpn-example.txt

In your first paragraph above, which "assigned IP address" are you referring to exactly?

It seems that paragraph conflicts with your second paragraph where you mention your internal NIC is assigned an IP address based on MAC, which would mean it would ALWAYS get the same IP address, which I'm assuming would be 10.12.0.23, because that is the only DHCP I'm seeing. Your Cisco VPN adapter is statically configured, so that would obviously never change. Your setup is little odd to me.

If you can detail the actual IP addresses in your "IP address" instances above I think that will clear up the obscurity.

Ethernet adapter Dell 1390 Wireless Connection:
        Physical Address. . . . . . . . . : 00-19-7E-F4-8A-4D
         IP Address. . . . . . . . . . . . : 10.12.0.23

Ethernet adapter Realtek RTL8187 Wireless Connection:
        Physical Address. . . . . . . . . : 00-C0-CA-96-89-3F
        IP Address. . . . . . . . . . . . : 10.12.0.18

glentek,
Let's take a different approach.  Do you have access to a server or PC within the network in which you can install a port scanner?  Here is what I am thinking, connect to the VPN with the card that is working and do a port scan on yourself, but from the inside.  You may need help from another person that has inside access.  Do a quick scan.  I use angry ip scanner or Zenmap.  See what is open and then disconnect so you can log in with the problem device.  Do the same thing with the failing card and compare results.

Another thing to chat about is MAC Address cloning.  See if you can clone the MAC of your working device, you should be able to when you dig into the driver properties.  See if that works.

And it is also time to start chatting about just a plain bad device, but to determine that, we need to know how well this failing device operates.  Can you surf the internet normally with it?  Can you do everything you normally would with your other device, but with the bad one?

You can also look at the biz side VPN logs, firewall logs and server logs to see if the ping requests are reaching the respective boxes.

Disable IPv6 on the failing adapter. This could cause an issue.

Check to see if your Dell card is bridged with any other connections, or check the realtek.  One may be and the other isn't.  Also check for ICS.

Try that Realtek adapter on another PC if possible.

BTW - Your IP Config data seems light, basically useless.  I think vanbarsoun's point was to see the full-out and compare for anomolies.

JimmyITCS,

Thank you for all the ideas. I will have to ask you for further clarification on some.

I will see if I can do a port scan on the biz side.  Problem is that I have to  VPN in to do it, and I can only do that with the Dell internal card.

How would I clone the Dell internal MAC so that is used for the Realtek card?

The Realtek device performs perfectly other than this VPN issue.

I will see if I can look at the biz side VPN logs.

How do I disable IPv6 on the Realtek adapter?

How do I check to see if my Dell card is bridged with another connections?

How do I check  for ICS?

I will try the Realtek adapter on another computer.

A few messages ago I attached a file containing output of ipconfig/all.  Is this what you are calling "light"?  Please explain how I can get more details for you.

Thanks.


I can respond to some of your comments right now.

Please ignore the line "I can respond to some of your comments right now" in my previous post.  My editing error....

To check for IPv6:
When Realtek is connected, open up your network devices and righ click on the realtek and select properties.  In that screen you should see the protocols used.  If there is an IPv6 in there, uncheck it.

Click on the advanced tab to check for ICS (internet connection sharing).  Should be unchecked.

This will also be the same spot to check on MAC cloning, but you need to click on the configure button next to your device in the first tab.  If you can configure MAC cloning, this is where it will be.  You will just need to scroll through the settings.

To check bridging, just open up the network connections and it will tell you if and which adapters are bridged.  You probably would have seen it by now with your troubleshooting if they were bridged.

JimmyITCS,

Thanks for the specific instructions.

IPv6 - no
ICS - unchecked
MAC cloning - not available
Bridging - no

I see that I can configure the "Locally Administered MAC Address" in the Dell internal adapter.  Should I set this to the MAC address of the Realtek adapter and see if VPN problems occur?

Sure, worth a shot at this point.  Can't really break anything.

I changed the "Locally Administered MAC Address" in the Dell internal adapter to the MAC address of the Realtek adapter and then enabled the Dell internal adapter and connected to the wifi AP.  The MAC address (Physical address) was still set to the original Dell internal adapter value when I did a ipconfig/all.

Maybe "Locally Administered MAC Address" is here just for looks?  Or is there something else I must do to clone the Realtek MAC address?

JimmyITCS,

I intalled the Realtek on a computer that has Windows 2000 installed on it, and that's about all.  No firewall software.  I installed Cicso VPN Client and established a VPN connetion to my client's network.  Lo and behold, I could access the computers on that network.

Any ideas what might be interfering with VPN connections using the Realtek on my Dell Laptop?

OK, so the good news is you have a good device.  My recommendation would be uninstall that device completely, including in the device manager and reinstalling the driver software.

My guess is that McAfee hasn't properly classified the network your Realtek stick creates and has it locked down because of it.  Reinstalling the device should initiate another McAfee check.

JimmyITCS,

Tried uninstalling and reinstalling Realtek driver software.  The VPN problem persists.  I can establish a VPN connection, but can't access any computers on the remote network.  I can use the Realtek device for www browsing, email, etc. No problems with that (McAfee or otherwise).  It's just the VPN issue, which is an important one for me because I use this notebook computer for work when I'm travelling.

So I am still open to other deas.

OK, another troubleshooting step.

Can you ping yourself with the Realtek?  Both your LAN and your VPN IP.  Don't just ping localhost, although you can do that too.

'attacked' --> attached... oops :-p

JimmyITCS,

Regarding "OK, another troubleshooting step"

I can ping myself (My LAN, VPN IP, and localhost).  I can't ping the VPN default gateway (times out).

Will tracert as you suggest and report back.  And uninstall/reinstall VPN software iwith Realtek connected as you suggest.

JimmyITCS,

Tracert to VPN default gateway times out.

We have a winner. JimmyITCS is the man.  Other contributors should take note of JimmyITCS.  Thanks for the detailed step by step analysis.  Reinstalling the Cisco VPN Client software while the Realtek adapter was attached (not attacked) fixed the problem.  Thanks!!!

Excellent!  Glad we got you up and running.