Solved

Cisco VPN in Windows 7

Posted on 2013-07-01
8
316 Views
Last Modified: 2013-07-29
Hello

We have recently been rolling out windows 7 across the organisation.

There seems to be a problem with remote workers accessing their exchange mail boxes when connected to the VPN. They can connect to the VPN ok but their mailbox will not connect.

All details have been checked and seem to be correct, for some reason when we do a DNS lookup it is not coming back with the correct address. It is returning with a BT home Hub address rather than our domain controller as defined in our policy.

Below is a copy of the IP Configuration. We have crossed referenced it with a machine here in the office on which we can get it to work and it all seems to be correct.

Any help would be appreciated.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 9N6S1Q1
   Primary Dns Suffix  . . . . . . . : susad.sustrans.org.uk
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : susad.sustrans.org.uk
                                       sustrans.org.uk
                                       org.uk

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
   Physical Address. . . . . . . . . : A0-88-B4-1D-A2-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c5c:5fff:bb00:e953%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 28 June 2013 11:29:47
   Lease Expires . . . . . . . . . . : 29 June 2013 11:56:44
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 413173940
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-D9-E5-5C-26-0A-54-66-B0

   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 5C-26-0A-54-66-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : susad.sustrans.org.uk
   Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Wind
ows
   Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f119:566a:6ec3:539b%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.180.91(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520095130
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-D9-E5-5C-26-0A-54-66-B0

   DNS Servers . . . . . . . . . . . : 10.0.0.216
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7F752F1A-CF8A-42DF-B23D-5C7A41E97E76}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.susad.sustrans.org.uk:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : susad.sustrans.org.uk
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3cc8:2ed2:3f57:feb8(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::3cc8:2ed2:3f57:feb8%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Sustrans.Build>
0
Comment
Question by:sustrans
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 

Author Comment

by:sustrans
ID: 39289684
We have tried disabling the IPv6 but this didn't solve the problem
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39289783
Is the email server on the same subnet as the vpn clients?

I see you have a wireless connection established as well.

The default gateway on that can be causing a problem.

Did not see a default gateway on your vpn adapter

Can you ping fqdn of the mail server?

Can you telnet the mail server port 25?
0
 
LVL 16

Expert Comment

by:btassure
ID: 39290154
Can you post the following please:

route print (from the client PC)

The relevant part of the config for the head end of the VPN

I assume this is a the full fat IPSEC client and not Anyconnect SSL client?
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:sustrans
ID: 39296881
In response to the above questions:

1. E-mail server is on 10.0.0.0 network, whilst Client is on 10.0.180.0 network
2. Wifi Gateway ip should'nt cause an issue?
3. Can i ping the FQDN of the server: NO
4. Can i telnet server: NO

This is not limited to just this exchange server, connect this PC to certain Wifi or 3G and connect, then connect via VPN to Network and i am unable to connect to any remote IP addresses.

However try a different wifi network changing nothing else and it works fine. eg use Vodafone 3G Dongle - VPN connects but unable to route traffic, then swap to using a free WIFI access then the VPN connects and routes as expected.

It seems dependent on the ISP, The VPN routes traffic and sets default DNS server (under nslookup) for Zen Internet and Virgin Media, whilst Vodafone 3G or BT Broadband seems to assign its own DNS server as the main default DNS server and routing seems to fail.

Any Ideas?
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39297091
you  need to start checking firewalls being on another subnet you need to have ports opened to gain access to resources on the other subnet.

run nmap to see what ports are open.

Post results
0
 
LVL 16

Expert Comment

by:btassure
ID: 39330178
Did you see my comment above RE configs and route tables? That would help diagnose the problem. It certainly sounds like a routing issue somewhere on the VPN, possibly NAT issues (or rather, by default it WILL NAT traffic down the VPN which is not desired).
0
 

Accepted Solution

by:
sustrans earned 0 total points
ID: 39351151
This is now closed - this issue was caused by the Cisco ASA settings in the split tunnelling set-up missed out the domain name
0
 

Author Closing Comment

by:sustrans
ID: 39363101
Found solution myself after checking Cisco Forum Site
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question