Cisco VPN client, packets beeing discarded and bypassed

Discussion in 'Cisco' started by seansan, Dec 3, 2004.

  1. seansan

    seansan Guest

    Hi there,

    major problem and it is getting frustrating. I have the cisco vpn
    client version 3.6.3.A and can connect to the VPN server, but cannot
    access the network. The problem is that when I open stats I see :

    0 encrypted 0 decrypted
    0 bytes in 0 bytes out
    200 pack discarded 222 packets bypassed

    I have one secured connection (to a subnet), but normally, on another
    network I get three subnets that are secured. Then it works

    All my packets are beeing discarde of bypassed. I am on a B class
    network, e.g. 10.190.x.x and am trying to connect to a single IP
    address using UDP/NAT/Firewall. I altered the local firewall as below:

    Source Destination Prot. Port
    10.190.0.0 10.10.10.1 UDP 62515
    10.190.0.0 10.10.10.1 UDP 4500
    10.190.0.0 10.10.10.1 TCP 10000

    Does anyone know how to help? Am I missing port numbers or a protocol
    I have to use instead?
     
    seansan, Dec 3, 2004
    #1
    1. Advertising

  2. In article <>,
    seansan <> wrote:
    :major problem and it is getting frustrating. I have the cisco vpn
    :client version 3.6.3.A and can connect to the VPN server, but cannot
    :access the network.

    :I am on a B class network, e.g. 10.190.x.x

    IPs starting with 10 are never class B networks: they are either
    class A networks, or they are using CIDR in which the concept of class
    does not exist.

    You may be configuring a netmask of 255.255.0.0 on a 10 series address,
    but that doesn't make it a class B network: if you are going to
    talk about class at all, it makes it a subnetted class A network.

    It may look like I'm being pedantic here, but when you are talking
    about Cisco VPN equipment, it can be important to know the difference between
    a Class B and a subnetted class A. The reason it can make a difference
    is that when you are using EzVPN (which would usually be the case for
    the Cisco VPN client), the EzVPN server might not send the client a
    netmask, unless the server is configured to do so and the client is a
    new enough version to receive the netmask. For example, the Cisco PIX
    version of the EzVPN server code only gained the ability to send masks
    along as of the latest software release, PIX 6.3(4), and for backwards
    compatability the PIX will not send the mask unless you have specifically
    configured a netmask as part of the vpdngroup configuration.

    If your client system is expecting a netmask that is really a subnet
    of a Class, and the client needs that netmask to be in force in order
    to reach other IPs that are outside the range of the desired netmask
    but inside the range of the overall Class, then you can run into problems,
    especially problems reaching local networks [if split tunnelling has
    been enabled at the VPN server.]
    --
    Warhol's Law: every Usenet user is entitled to his or her very own
    fifteen minutes of flame -- The Squoire
     
    Walter Roberson, Dec 3, 2004
    #2
    1. Advertising

  3. seansan

    Gazous

    Joined:
    Sep 24, 2006
    Messages:
    3
    Hi,

    I have exactly the same problem but only on one PC.
    Using the same certificate I tried with all Cisco VPN clients (4.6, 4.7 & 4.8) and I compared everything with another computer which works fine (routes table...). i can't find what's hapenning : I have an valid IP, DNS resolution is OK but I'am not able to traffic on the tunnel.

    Just a precision, everything was OK on this comuter till 3 days ago and I have no firewall.

    An idea?
     
    Gazous, Sep 24, 2006
    #3
  4. seansan

    Gazous

    Joined:
    Sep 24, 2006
    Messages:
    3
    Hi,

    I have exactly the same problem but only on one PC.
    Using the same certificate I tried with all Cisco VPN clients (4.6, 4.7 & 4.8 ) and I compared everything with another computer which works fine (routes table...). i can't find what's hapenning : I have an valid IP, DNS resolution is OK but I'am not able to traffic on the tunnel.

    Just a precision, everything was OK on this comuter till 3 days ago and I have no firewall.

    An idea?
     
    Gazous, Sep 24, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christian Knoblauch

    beeing a vpn gateway and doing VPN passthrough

    Christian Knoblauch, Dec 29, 2003, in forum: Cisco
    Replies:
    0
    Views:
    589
    Christian Knoblauch
    Dec 29, 2003
  2. MP
    Replies:
    2
    Views:
    12,303
  3. Wolff

    OT: Just beeing curious...

    Wolff, Jul 1, 2003, in forum: MCSE
    Replies:
    3
    Views:
    1,044
    Consultant
    Jul 7, 2003
  4. Replies:
    2
    Views:
    360
    Travis
    Aug 21, 2006
  5. wookie
    Replies:
    0
    Views:
    1,178
    wookie
    Sep 19, 2008
Loading...

Share This Page