Solved

Cisco VPN/3005 Concentrator Connects, but no resources available

Posted on 2010-09-10
6
543 Views
Last Modified: 2012-08-13
Our Cisco VPN clients (4.x, 5.x) can connect to our Cisco 3005 VPN Concentrator, but no resources, including exchange server via Outlook, web, file resources, etc. are not available to the users. Pings are not replied to.

We can see the successful connection in the 3005 session monitoring. We think that possibly a recent Windows patch has caused this. We recently have moved to the Sunbelt Software Enterprise Premium VIPRE product, but we had seen instances of this problem before installing it.

Does anyone have any suggestions about what might be causing this? We do have users than can successfully connect. I am going to power cycle the 3005. Any suggestions are appreciated.
0
Comment
Question by:RDKTMC
  • 3
  • 2
6 Comments
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 250 total points
Comment Utility
RDKTMC,

Hopefully with the Moderator's call for additional help above, you will shortly receive help from those more familiar with your particular product set; however, see if this general thoughts help in any way.

(1) Check if the clients are actually getting an IP address.  I have seen where the clients are getting authenticated and so show as connected ; however, the virtual adapter that is created with most VPN software is in the wrong bind order in advanced network settings, so the DHCP portion of the VPN is not successful and so the client doesn't actually get to do anything on the network.  

(2) Client may be getting IP address, but there is something wrong with routing of requests coming from VPN subnet to network resources.  Usually a firewall | vpn rule.  Along this thought ICMP traffic may just be blocked, so double check that you should get a response from pings or find a device that will respond successfully with ping and try that.  Usually you can try the router or do a tracert and see what path it is taking as could just be the client using wrong gateway like trying to use its Internet connection instead of the VPN connection like a split tunneling issue.

(3) Client is getting IP address and is connected and being routed correctly; however, DNS is the issue.  Try pinging or accessing resources via IP address instead of host | DNS name and see if that works.

M-1
0
 

Author Comment

by:RDKTMC
Comment Utility
Thanks mwvisa1 for your comments. We are getting somewhere with this using comments from support forum. We have been disabling the Vipre firewall and found that we're able to connect and see resources. We have also seen a problem with the firewall not allowing people out on their internet connection through their own wireless router. The Vipre firewall seems to have a lot of issues with blocking things that users don't need blocked. We went through all the exceptions we had when we implemented the windows firewall. It would be great if we could import those exceptions into the vipre firewall. Big learning curve here...
0
 
LVL 59

Expert Comment

by:Kevin Cross
Comment Utility
I bet.  Wish I used that particular Firewall and could help, but getting split tunneling to work correctly.  Good luck...
0
 
LVL 59

Expert Comment

by:Kevin Cross
Comment Utility
I just did a quick search and one suggestion on the Vipre Firewall that is similar to what we use is to add an Exception to System.  Our Firewall allows a rule that basically allows the internal networks of the router to communicate to each other.  From my understanding, this is is not totally disabling the Firewall so it is more secure.  It is essentially saying that traffic generating from the System itself should be allowed and successfully authenticated VPN users' request probably come in as the router|firewall.  Worth a shot.
0
 

Author Closing Comment

by:RDKTMC
Comment Utility
Led us towards disabling NDIS IM Filter on the network adapter.  After reboot this "resolved" the issue for us.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
CISCO refresh sheets 2 33
Systems talking to each other 5 107
Remotely accessing Raspberry Pi from internet 4 59
Cisco iWAN 8 45
Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now