Solved

Windows 7 machines have internet but not Windows XP machines

Posted on 2013-11-11
16
287 Views
Last Modified: 2013-11-26
I have a Cisco ASA 5505 that connects an office of 10 phones and 10 PC's to the main office via VPN. The phones work fine but only one PC has internet and that is the Windows 7 machine. None of the Windows XP machines can ping outside of the local default gateway.
I remoted into the W7 machine and took off IPv6 and it lost internet. When I added IPv6 back, it could get on the net. I added IPv6 to a Windows XP machine but still no internet.

LAN:
Network- 192.168.31.0/24
DG- 192.168.31.1
DNS-  resolves to ISP

Please let me know if you need anything else.
0
Comment
Question by:Paul Wagner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 5
16 Comments
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39639191
Are your windows xp machines setup for DHCP or for static ip addresses? Two is your ASA running your dhcp and is it enabled/configured? Depending on your setup you may have to set your access point to bridge mode if you're using NAT setup.
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39639201
@MHMAdmins

Windows XP machines are set up for DHCP, and so is the Windows 7 machine.

ASA is running DHCP and it is working/enabled/configured.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39639210
Are your machines getting a valid ip address if you run ipconfig? test the loop back address by pinging 127.0.0.1 to make sure it's not the NIC. On the windows machines you may have to specify the gateway/DNS in the TCP/IP v4 settings.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 5

Author Comment

by:Paul Wagner
ID: 39639220
Yes. All machines are getting a DHCP address from the ASA.
Can I specify those settings in the ASA?
Some of these machines get taken home at the end of the day by the user.


Note: Windows 7 machine gets IPv6 addresses for DNS server.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39639221
How many user licenses do you have?  If for example you have 10 licenses, the 11th PC to connect would be allowed LAN and VPN access, but not Internet.  Sometimes licenses get used up by guest devices such as laptops and phones.  Rebooting the router will reset the counter.

As I recall the default configuration of the 5505 blocks out going pings.  Try a web site by IP to verify it's not a DNS issue, such as google  http://74.125.226.144

>>"Some of these machines get taken home at the end of the day by the user."
Try rebooting the machine.  XP doesn't always release the DHCP IP configuration from another network when disconnected,
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39639239
You may have to run ipconfig /flushdns on those endpoints if they are taken home, they may still be using dns cache from the other accesspoints.
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39639265
@ RobWill

..... -___-

You're telling me that the 10 license limitation is for individual devices to get internet access? I was told it was a VPN access limitation.

The machines have been rebooted and have had ipconfig /renew done on them.
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39639267
ipconfig /flushdns already done.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39639273
Can you turn IPv6 off on the ASA and only have it send out IPV4 addresses? On the xp machines if you can ping and get address but no internet, go into IE properties, then connections tab, LAN settings and make sure automatically detect settings is selected and not using proxy. Then try to browse the internet.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39639293
>>"You're telling me that the 10 license limitation is for individual devices to get internet access? I was told it was a VPN access limitation"
Yes.

User (Internet access) licenses are available in 10, 50, and unlimited, and priced accordingly.
There are also VPN licenses which are completely independent.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39639303
internet licenses shouldn't have anything to do with it if you are using a NAT setup. This is why NAT was invented as the world is running out of IPV4 addresses to dole out.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39639363
Sorry, many NAT routers have license limitations for Internet access. Cisco ASA 5505 is one, as do Watchguard, Juniper, and more.  As mentioned the Cisco is available with:

Model ASA5505-BUN-K9 10 users
Model ASA5505-50-BUN-K9  50 users
Model  asa5505-ul-bun-k9  unlimited users

VPN licenses are independent and have different limits.  One site to site VPN license allows unlimited users to connect to the remote site but I believe all are limited to 10 tunnels.
Detailed specs:  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd8048dba8.html

As each device connects it records the MAC address, registers it, and when the limit is reached no other device can connect to the Internet.  Licensing is not concurrent users so shutting down one device does not allow another.  To reset the counter you need to reboot the router.

This is a common issue, however odd that it would be broken into XP and win 7 unless a coincidence.
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39639390
@RobWill

I think you might be right. I've requested a larger license and hope to get that soon. I'll let you know.

What about the VPN license? I have a single site to site vpn set up. Will I be ok there?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39639461
Yes VPN access should be fine.  Even the basic unit comes with 10 VPN licenses that can be used for any combination of site-to-site tunnels and mobile software VPN users.  As mentioned any number of people can use one site-to-site tunnel.  So long as you don't have more than 9 simultaneous mobile VPN users, you should have no problem.   I suspect if you do have any mobile VPN clients they would be connecting to the main site not the site we are discussing, and have no impact.

>>"I've requested a larger license and hope to get that soon. "
You could test by disconnecting many or all users, reboot the router, and try one XP machine.
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39639483
I noticed that the DHCP scope on the ASA only lets me go from a .2 address to a .32.

ex: 192.168.1.2-192.168.1.32

Is that due to the license restrictions as well?
I've purchased the 10-50 user license and am waiting for it. I imagine I should be able to increase the scope at that time.  ...?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39639492
Correct.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question