Solved

Cisco VPN/3005 Concentrator Connects, but no resources available

Posted on 2010-09-10
6
553 Views
Last Modified: 2012-08-13
Our Cisco VPN clients (4.x, 5.x) can connect to our Cisco 3005 VPN Concentrator, but no resources, including exchange server via Outlook, web, file resources, etc. are not available to the users. Pings are not replied to.

We can see the successful connection in the 3005 session monitoring. We think that possibly a recent Windows patch has caused this. We recently have moved to the Sunbelt Software Enterprise Premium VIPRE product, but we had seen instances of this problem before installing it.

Does anyone have any suggestions about what might be causing this? We do have users than can successfully connect. I am going to power cycle the 3005. Any suggestions are appreciated.
0
Comment
Question by:RDKTMC
  • 3
  • 2
6 Comments
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 250 total points
ID: 33665507
RDKTMC,

Hopefully with the Moderator's call for additional help above, you will shortly receive help from those more familiar with your particular product set; however, see if this general thoughts help in any way.

(1) Check if the clients are actually getting an IP address.  I have seen where the clients are getting authenticated and so show as connected ; however, the virtual adapter that is created with most VPN software is in the wrong bind order in advanced network settings, so the DHCP portion of the VPN is not successful and so the client doesn't actually get to do anything on the network.  

(2) Client may be getting IP address, but there is something wrong with routing of requests coming from VPN subnet to network resources.  Usually a firewall | vpn rule.  Along this thought ICMP traffic may just be blocked, so double check that you should get a response from pings or find a device that will respond successfully with ping and try that.  Usually you can try the router or do a tracert and see what path it is taking as could just be the client using wrong gateway like trying to use its Internet connection instead of the VPN connection like a split tunneling issue.

(3) Client is getting IP address and is connected and being routed correctly; however, DNS is the issue.  Try pinging or accessing resources via IP address instead of host | DNS name and see if that works.

M-1
0
 

Author Comment

by:RDKTMC
ID: 33676776
Thanks mwvisa1 for your comments. We are getting somewhere with this using comments from support forum. We have been disabling the Vipre firewall and found that we're able to connect and see resources. We have also seen a problem with the firewall not allowing people out on their internet connection through their own wireless router. The Vipre firewall seems to have a lot of issues with blocking things that users don't need blocked. We went through all the exceptions we had when we implemented the windows firewall. It would be great if we could import those exceptions into the vipre firewall. Big learning curve here...
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33677792
I bet.  Wish I used that particular Firewall and could help, but getting split tunneling to work correctly.  Good luck...
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33677815
I just did a quick search and one suggestion on the Vipre Firewall that is similar to what we use is to add an Exception to System.  Our Firewall allows a rule that basically allows the internal networks of the router to communicate to each other.  From my understanding, this is is not totally disabling the Firewall so it is more secure.  It is essentially saying that traffic generating from the System itself should be allowed and successfully authenticated VPN users' request probably come in as the router|firewall.  Worth a shot.
0
 

Author Closing Comment

by:RDKTMC
ID: 33716603
Led us towards disabling NDIS IM Filter on the network adapter.  After reboot this "resolved" the issue for us.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to set IPSec under Server 2008 R2 and Server 2012 R2 3 43
nested esxi, NIC issues 1 34
rajdeep0081@hotmail.com 3 72
IR 1023 Scanning 4 25
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question