Solved

Cisco VPN in Windows 7

Posted on 2013-07-01
8
299 Views
Last Modified: 2013-07-29
Hello

We have recently been rolling out windows 7 across the organisation.

There seems to be a problem with remote workers accessing their exchange mail boxes when connected to the VPN. They can connect to the VPN ok but their mailbox will not connect.

All details have been checked and seem to be correct, for some reason when we do a DNS lookup it is not coming back with the correct address. It is returning with a BT home Hub address rather than our domain controller as defined in our policy.

Below is a copy of the IP Configuration. We have crossed referenced it with a machine here in the office on which we can get it to work and it all seems to be correct.

Any help would be appreciated.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 9N6S1Q1
   Primary Dns Suffix  . . . . . . . : susad.sustrans.org.uk
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : susad.sustrans.org.uk
                                       sustrans.org.uk
                                       org.uk

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
   Physical Address. . . . . . . . . : A0-88-B4-1D-A2-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c5c:5fff:bb00:e953%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 28 June 2013 11:29:47
   Lease Expires . . . . . . . . . . : 29 June 2013 11:56:44
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 413173940
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-D9-E5-5C-26-0A-54-66-B0

   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 5C-26-0A-54-66-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : susad.sustrans.org.uk
   Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Wind
ows
   Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f119:566a:6ec3:539b%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.180.91(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520095130
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-D9-E5-5C-26-0A-54-66-B0

   DNS Servers . . . . . . . . . . . : 10.0.0.216
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7F752F1A-CF8A-42DF-B23D-5C7A41E97E76}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.susad.sustrans.org.uk:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : susad.sustrans.org.uk
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3cc8:2ed2:3f57:feb8(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::3cc8:2ed2:3f57:feb8%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Sustrans.Build>
0
Comment
Question by:sustrans
  • 4
  • 2
  • 2
8 Comments
 

Author Comment

by:sustrans
Comment Utility
We have tried disabling the IPv6 but this didn't solve the problem
0
 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
Is the email server on the same subnet as the vpn clients?

I see you have a wireless connection established as well.

The default gateway on that can be causing a problem.

Did not see a default gateway on your vpn adapter

Can you ping fqdn of the mail server?

Can you telnet the mail server port 25?
0
 
LVL 16

Expert Comment

by:btassure
Comment Utility
Can you post the following please:

route print (from the client PC)

The relevant part of the config for the head end of the VPN

I assume this is a the full fat IPSEC client and not Anyconnect SSL client?
0
 

Author Comment

by:sustrans
Comment Utility
In response to the above questions:

1. E-mail server is on 10.0.0.0 network, whilst Client is on 10.0.180.0 network
2. Wifi Gateway ip should'nt cause an issue?
3. Can i ping the FQDN of the server: NO
4. Can i telnet server: NO

This is not limited to just this exchange server, connect this PC to certain Wifi or 3G and connect, then connect via VPN to Network and i am unable to connect to any remote IP addresses.

However try a different wifi network changing nothing else and it works fine. eg use Vodafone 3G Dongle - VPN connects but unable to route traffic, then swap to using a free WIFI access then the VPN connects and routes as expected.

It seems dependent on the ISP, The VPN routes traffic and sets default DNS server (under nslookup) for Zen Internet and Virgin Media, whilst Vodafone 3G or BT Broadband seems to assign its own DNS server as the main default DNS server and routing seems to fail.

Any Ideas?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
you  need to start checking firewalls being on another subnet you need to have ports opened to gain access to resources on the other subnet.

run nmap to see what ports are open.

Post results
0
 
LVL 16

Expert Comment

by:btassure
Comment Utility
Did you see my comment above RE configs and route tables? That would help diagnose the problem. It certainly sounds like a routing issue somewhere on the VPN, possibly NAT issues (or rather, by default it WILL NAT traffic down the VPN which is not desired).
0
 

Accepted Solution

by:
sustrans earned 0 total points
Comment Utility
This is now closed - this issue was caused by the Cisco ASA settings in the split tunnelling set-up missed out the domain name
0
 

Author Closing Comment

by:sustrans
Comment Utility
Found solution myself after checking Cisco Forum Site
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually. Ever had this experience and just need to get the …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now