?
Solved

Cisco VPN in Windows 7

Posted on 2013-07-01
8
Medium Priority
?
333 Views
Last Modified: 2013-07-29
Hello

We have recently been rolling out windows 7 across the organisation.

There seems to be a problem with remote workers accessing their exchange mail boxes when connected to the VPN. They can connect to the VPN ok but their mailbox will not connect.

All details have been checked and seem to be correct, for some reason when we do a DNS lookup it is not coming back with the correct address. It is returning with a BT home Hub address rather than our domain controller as defined in our policy.

Below is a copy of the IP Configuration. We have crossed referenced it with a machine here in the office on which we can get it to work and it all seems to be correct.

Any help would be appreciated.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 9N6S1Q1
   Primary Dns Suffix  . . . . . . . : susad.sustrans.org.uk
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : susad.sustrans.org.uk
                                       sustrans.org.uk
                                       org.uk

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
   Physical Address. . . . . . . . . : A0-88-B4-1D-A2-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c5c:5fff:bb00:e953%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 28 June 2013 11:29:47
   Lease Expires . . . . . . . . . . : 29 June 2013 11:56:44
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 413173940
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-D9-E5-5C-26-0A-54-66-B0

   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 5C-26-0A-54-66-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : susad.sustrans.org.uk
   Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Wind
ows
   Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f119:566a:6ec3:539b%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.180.91(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520095130
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-D9-E5-5C-26-0A-54-66-B0

   DNS Servers . . . . . . . . . . . : 10.0.0.216
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7F752F1A-CF8A-42DF-B23D-5C7A41E97E76}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.susad.sustrans.org.uk:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : susad.sustrans.org.uk
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3cc8:2ed2:3f57:feb8(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::3cc8:2ed2:3f57:feb8%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Sustrans.Build>
0
Comment
Question by:sustrans
  • 4
  • 2
  • 2
8 Comments
 

Author Comment

by:sustrans
ID: 39289684
We have tried disabling the IPv6 but this didn't solve the problem
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39289783
Is the email server on the same subnet as the vpn clients?

I see you have a wireless connection established as well.

The default gateway on that can be causing a problem.

Did not see a default gateway on your vpn adapter

Can you ping fqdn of the mail server?

Can you telnet the mail server port 25?
0
 
LVL 16

Expert Comment

by:btassure
ID: 39290154
Can you post the following please:

route print (from the client PC)

The relevant part of the config for the head end of the VPN

I assume this is a the full fat IPSEC client and not Anyconnect SSL client?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:sustrans
ID: 39296881
In response to the above questions:

1. E-mail server is on 10.0.0.0 network, whilst Client is on 10.0.180.0 network
2. Wifi Gateway ip should'nt cause an issue?
3. Can i ping the FQDN of the server: NO
4. Can i telnet server: NO

This is not limited to just this exchange server, connect this PC to certain Wifi or 3G and connect, then connect via VPN to Network and i am unable to connect to any remote IP addresses.

However try a different wifi network changing nothing else and it works fine. eg use Vodafone 3G Dongle - VPN connects but unable to route traffic, then swap to using a free WIFI access then the VPN connects and routes as expected.

It seems dependent on the ISP, The VPN routes traffic and sets default DNS server (under nslookup) for Zen Internet and Virgin Media, whilst Vodafone 3G or BT Broadband seems to assign its own DNS server as the main default DNS server and routing seems to fail.

Any Ideas?
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39297091
you  need to start checking firewalls being on another subnet you need to have ports opened to gain access to resources on the other subnet.

run nmap to see what ports are open.

Post results
0
 
LVL 16

Expert Comment

by:btassure
ID: 39330178
Did you see my comment above RE configs and route tables? That would help diagnose the problem. It certainly sounds like a routing issue somewhere on the VPN, possibly NAT issues (or rather, by default it WILL NAT traffic down the VPN which is not desired).
0
 

Accepted Solution

by:
sustrans earned 0 total points
ID: 39351151
This is now closed - this issue was caused by the Cisco ASA settings in the split tunnelling set-up missed out the domain name
0
 

Author Closing Comment

by:sustrans
ID: 39363101
Found solution myself after checking Cisco Forum Site
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question