Solved

Cisco VPN/3005 Concentrator Connects, but no resources available

Posted on 2010-09-10
6
547 Views
Last Modified: 2012-08-13
Our Cisco VPN clients (4.x, 5.x) can connect to our Cisco 3005 VPN Concentrator, but no resources, including exchange server via Outlook, web, file resources, etc. are not available to the users. Pings are not replied to.

We can see the successful connection in the 3005 session monitoring. We think that possibly a recent Windows patch has caused this. We recently have moved to the Sunbelt Software Enterprise Premium VIPRE product, but we had seen instances of this problem before installing it.

Does anyone have any suggestions about what might be causing this? We do have users than can successfully connect. I am going to power cycle the 3005. Any suggestions are appreciated.
0
Comment
Question by:RDKTMC
  • 3
  • 2
6 Comments
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 250 total points
ID: 33665507
RDKTMC,

Hopefully with the Moderator's call for additional help above, you will shortly receive help from those more familiar with your particular product set; however, see if this general thoughts help in any way.

(1) Check if the clients are actually getting an IP address.  I have seen where the clients are getting authenticated and so show as connected ; however, the virtual adapter that is created with most VPN software is in the wrong bind order in advanced network settings, so the DHCP portion of the VPN is not successful and so the client doesn't actually get to do anything on the network.  

(2) Client may be getting IP address, but there is something wrong with routing of requests coming from VPN subnet to network resources.  Usually a firewall | vpn rule.  Along this thought ICMP traffic may just be blocked, so double check that you should get a response from pings or find a device that will respond successfully with ping and try that.  Usually you can try the router or do a tracert and see what path it is taking as could just be the client using wrong gateway like trying to use its Internet connection instead of the VPN connection like a split tunneling issue.

(3) Client is getting IP address and is connected and being routed correctly; however, DNS is the issue.  Try pinging or accessing resources via IP address instead of host | DNS name and see if that works.

M-1
0
 

Author Comment

by:RDKTMC
ID: 33676776
Thanks mwvisa1 for your comments. We are getting somewhere with this using comments from support forum. We have been disabling the Vipre firewall and found that we're able to connect and see resources. We have also seen a problem with the firewall not allowing people out on their internet connection through their own wireless router. The Vipre firewall seems to have a lot of issues with blocking things that users don't need blocked. We went through all the exceptions we had when we implemented the windows firewall. It would be great if we could import those exceptions into the vipre firewall. Big learning curve here...
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33677792
I bet.  Wish I used that particular Firewall and could help, but getting split tunneling to work correctly.  Good luck...
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33677815
I just did a quick search and one suggestion on the Vipre Firewall that is similar to what we use is to add an Exception to System.  Our Firewall allows a rule that basically allows the internal networks of the router to communicate to each other.  From my understanding, this is is not totally disabling the Firewall so it is more secure.  It is essentially saying that traffic generating from the System itself should be allowed and successfully authenticated VPN users' request probably come in as the router|firewall.  Worth a shot.
0
 

Author Closing Comment

by:RDKTMC
ID: 33716603
Led us towards disabling NDIS IM Filter on the network adapter.  After reboot this "resolved" the issue for us.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now