Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco VPN/3005 Concentrator Connects, but no resources available

Posted on 2010-09-10
6
Medium Priority
?
570 Views
Last Modified: 2012-08-13
Our Cisco VPN clients (4.x, 5.x) can connect to our Cisco 3005 VPN Concentrator, but no resources, including exchange server via Outlook, web, file resources, etc. are not available to the users. Pings are not replied to.

We can see the successful connection in the 3005 session monitoring. We think that possibly a recent Windows patch has caused this. We recently have moved to the Sunbelt Software Enterprise Premium VIPRE product, but we had seen instances of this problem before installing it.

Does anyone have any suggestions about what might be causing this? We do have users than can successfully connect. I am going to power cycle the 3005. Any suggestions are appreciated.
0
Comment
Question by:RDKTMC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 60

Accepted Solution

by:
Kevin Cross earned 1000 total points
ID: 33665507
RDKTMC,

Hopefully with the Moderator's call for additional help above, you will shortly receive help from those more familiar with your particular product set; however, see if this general thoughts help in any way.

(1) Check if the clients are actually getting an IP address.  I have seen where the clients are getting authenticated and so show as connected ; however, the virtual adapter that is created with most VPN software is in the wrong bind order in advanced network settings, so the DHCP portion of the VPN is not successful and so the client doesn't actually get to do anything on the network.  

(2) Client may be getting IP address, but there is something wrong with routing of requests coming from VPN subnet to network resources.  Usually a firewall | vpn rule.  Along this thought ICMP traffic may just be blocked, so double check that you should get a response from pings or find a device that will respond successfully with ping and try that.  Usually you can try the router or do a tracert and see what path it is taking as could just be the client using wrong gateway like trying to use its Internet connection instead of the VPN connection like a split tunneling issue.

(3) Client is getting IP address and is connected and being routed correctly; however, DNS is the issue.  Try pinging or accessing resources via IP address instead of host | DNS name and see if that works.

M-1
0
 

Author Comment

by:RDKTMC
ID: 33676776
Thanks mwvisa1 for your comments. We are getting somewhere with this using comments from support forum. We have been disabling the Vipre firewall and found that we're able to connect and see resources. We have also seen a problem with the firewall not allowing people out on their internet connection through their own wireless router. The Vipre firewall seems to have a lot of issues with blocking things that users don't need blocked. We went through all the exceptions we had when we implemented the windows firewall. It would be great if we could import those exceptions into the vipre firewall. Big learning curve here...
0
 
LVL 60

Expert Comment

by:Kevin Cross
ID: 33677792
I bet.  Wish I used that particular Firewall and could help, but getting split tunneling to work correctly.  Good luck...
0
 
LVL 60

Expert Comment

by:Kevin Cross
ID: 33677815
I just did a quick search and one suggestion on the Vipre Firewall that is similar to what we use is to add an Exception to System.  Our Firewall allows a rule that basically allows the internal networks of the router to communicate to each other.  From my understanding, this is is not totally disabling the Firewall so it is more secure.  It is essentially saying that traffic generating from the System itself should be allowed and successfully authenticated VPN users' request probably come in as the router|firewall.  Worth a shot.
0
 

Author Closing Comment

by:RDKTMC
ID: 33716603
Led us towards disabling NDIS IM Filter on the network adapter.  After reboot this "resolved" the issue for us.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question