Solved

Cisco VPN and Windows XP

Posted on 2011-02-18
13
700 Views
Last Modified: 2012-05-11
I have two clients connecting via Cisco VPN client Version 5. They are both behind the same router. One of them is running Windows Vist 64 bit and one is running Windows XP. The Vista client can connect to our network but the XP machine cannot. The Windows Firewall is off on both machines. Any clues.
0
Comment
Question by:farmsm77
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 6

Expert Comment

by:RaithZ
ID: 34927365
What error is the Windows XP client getting?  One of the big things with the Cisco VPN client is that you can't have any of your network connections shared via Internet Connection Sharing.  Any chance they have that setup and don't realize it?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34927477
Are both trying to connect at the same time?    

IF the vista machine is powered off, can the XP machine connect?  

What error is displayed on XP when the fail to connect happens?    

Are the vista and XP both using the same auth method and Policy for conenction?  
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 34927618
Can you post the client log?
0
 

Author Comment

by:farmsm77
ID: 34927624
The XP machine is getting no error message. In fact, the VPN tunnel is connected (the lock is locked) but resources behind the VPN server are inaccessible. The XP machine is not using Internest Connection Sharing.

The Vista machine does not appear to be having any issues. Multiple users connecting through the same router to our firewall is not uncommon and has worked fine with different clients in the past. It just appears to be that this one XP client is having trouble.
0
 

Author Comment

by:farmsm77
ID: 34927685
The VPN log is showing nothing. Anywhere else I should be looking?
0
 
LVL 4

Accepted Solution

by:
Allvirtual earned 125 total points
ID: 34927788
Yes. Do you have other VPN clients installed on this machine?
Check if the Windows IPsec/IKE services are running. If so stop and disable them.
What AV/Internet Security software are you using? Could be this is blocking the traffic. Either configure the software correctly or disable/uninstall it.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 33

Expert Comment

by:MikeKane
ID: 34927821
Another thought, When the XP is connected, what host are you trying to access on the other LAN?    What service are you trying to connect into.  

If the XP shows the yellow lock, then the tunnel has been built.    This could be an issue with DNS resolution perhaps, or a bad gateway, or a problem with AV/firewall as Allvirtual mentioned.    

0
 

Author Comment

by:farmsm77
ID: 34927902
There are no other VPNs on this machine.

I am using ESET Smart Security. All my clients use this same AV with no issues.

I tried shutting down the Windows IPSEC service. No change, the remote resources are not available.

Tried to ping the inside interface of the VPN server, no good. Tried connecting using RDP, no good.
0
 

Author Comment

by:farmsm77
ID: 34927906
As far as ESET is concerned, I shut it down and tried to connect; still no good.
0
 
LVL 6

Expert Comment

by:RaithZ
ID: 34927950
Are both clients using the same connection settings within the VPN client, such as allow local lan bypass etc?  If the Vista client exports his connection file and then its imported into the windows xp client, does it still have the same issue?  
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 34927989
If you had Windows IPsec services running you need to Disable the service and reboot the computer. Then try.
Also maybe try a different client. Try downloading the NCP Secure Entry Client http://www.ncp-e.com. It's fully functional for 30 days plus they give full support for the trial. You must uninstall the Cisco client before! Save your .pcf connection profile because the NCP client will allow you to import that profile. The NCP client has much better debugging capabilities. Much more professional software then the Cisco stuff.
0
 

Author Comment

by:farmsm77
ID: 34929428
Disabling the IPSEC service did not seem to fix anything. However, I did notice that on the XP machine. the Log On credentials for the IPSEC service is different from the Vista machine. The XP machine uses the local account and the Vista machine logs on using the Network Service account. I tried changing this on the XP machine, but I do not have the password for this account and a blank password did not work.
0
 

Author Closing Comment

by:farmsm77
ID: 34945081
AV was the problem as well as file and print sharing on the wireless connection (not just the VPN connection).
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now