?
Solved

Cisco VPN/3005 Concentrator Connects, but no resources available

Posted on 2010-09-10
6
Medium Priority
?
564 Views
Last Modified: 2012-08-13
Our Cisco VPN clients (4.x, 5.x) can connect to our Cisco 3005 VPN Concentrator, but no resources, including exchange server via Outlook, web, file resources, etc. are not available to the users. Pings are not replied to.

We can see the successful connection in the 3005 session monitoring. We think that possibly a recent Windows patch has caused this. We recently have moved to the Sunbelt Software Enterprise Premium VIPRE product, but we had seen instances of this problem before installing it.

Does anyone have any suggestions about what might be causing this? We do have users than can successfully connect. I am going to power cycle the 3005. Any suggestions are appreciated.
0
Comment
Question by:RDKTMC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 60

Accepted Solution

by:
Kevin Cross earned 1000 total points
ID: 33665507
RDKTMC,

Hopefully with the Moderator's call for additional help above, you will shortly receive help from those more familiar with your particular product set; however, see if this general thoughts help in any way.

(1) Check if the clients are actually getting an IP address.  I have seen where the clients are getting authenticated and so show as connected ; however, the virtual adapter that is created with most VPN software is in the wrong bind order in advanced network settings, so the DHCP portion of the VPN is not successful and so the client doesn't actually get to do anything on the network.  

(2) Client may be getting IP address, but there is something wrong with routing of requests coming from VPN subnet to network resources.  Usually a firewall | vpn rule.  Along this thought ICMP traffic may just be blocked, so double check that you should get a response from pings or find a device that will respond successfully with ping and try that.  Usually you can try the router or do a tracert and see what path it is taking as could just be the client using wrong gateway like trying to use its Internet connection instead of the VPN connection like a split tunneling issue.

(3) Client is getting IP address and is connected and being routed correctly; however, DNS is the issue.  Try pinging or accessing resources via IP address instead of host | DNS name and see if that works.

M-1
0
 

Author Comment

by:RDKTMC
ID: 33676776
Thanks mwvisa1 for your comments. We are getting somewhere with this using comments from support forum. We have been disabling the Vipre firewall and found that we're able to connect and see resources. We have also seen a problem with the firewall not allowing people out on their internet connection through their own wireless router. The Vipre firewall seems to have a lot of issues with blocking things that users don't need blocked. We went through all the exceptions we had when we implemented the windows firewall. It would be great if we could import those exceptions into the vipre firewall. Big learning curve here...
0
 
LVL 60

Expert Comment

by:Kevin Cross
ID: 33677792
I bet.  Wish I used that particular Firewall and could help, but getting split tunneling to work correctly.  Good luck...
0
 
LVL 60

Expert Comment

by:Kevin Cross
ID: 33677815
I just did a quick search and one suggestion on the Vipre Firewall that is similar to what we use is to add an Exception to System.  Our Firewall allows a rule that basically allows the internal networks of the router to communicate to each other.  From my understanding, this is is not totally disabling the Firewall so it is more secure.  It is essentially saying that traffic generating from the System itself should be allowed and successfully authenticated VPN users' request probably come in as the router|firewall.  Worth a shot.
0
 

Author Closing Comment

by:RDKTMC
ID: 33716603
Led us towards disabling NDIS IM Filter on the network adapter.  After reboot this "resolved" the issue for us.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question