Cisco VPN client gives the following status: Not Connected

Discussion in 'Cisco' started by J, Jul 16, 2005.

  1. J

    J Guest

    I installed the Cisco VPN Client
    set up the following sections:
    Host
    Group Authentication
    Enable Tunneling
    UPD

    My VPN network connection is set up with the following address

    169.254.18.31 - is 169 a good address?

    Every time I try to connect, the status comes back with a not connected
    I tried the UDP method but it can't connect

    Any help would be appreciated!

    Thanks
     
    J, Jul 16, 2005
    #1
    1. Advertisements

  2. :I installed the Cisco VPN Client

    :My VPN network connection is set up with the following address

    :169.254.18.31 - is 169 a good address?

    No, 169.254 is reserved for local connections, and is deliberately
    not supposed to be routable. It differs from the RFC1918 address
    spaces, which are private but routable within a private network.
     
    Walter Roberson, Jul 16, 2005
    #2
    1. Advertisements

  3. There is no such thing as unroutable IP address. Even 127.0.0.1 is
    routable. You possibly meant IP address from private and reserved
    address spaces.
     
    =?ISO-8859-2?Q?=A3ukasz_Bromirski?=, Jul 16, 2005
    #3
  4. It means You're set to get an IP address from DHCP server, but Your
    NIC couldn't locate one, and Your Windows box choose randomly some IP
    address from 169.254/16 space. Recheck Your network settings and
    try to renew address. For more information, refer to RFC3330[1]:

    "169.254.0.0/16 - This is the "link local" block. It is allocated for
    communication between hosts on a single link. Hosts obtain these
    addresses by auto-configuration, such as when a DHCP server may not
    be found."

    I know some technical guys from Cox, and I see You've station from
    their network - call Your technical support, they should be able to
    guide you step by step.

    [1]. http://www.faqs.org/rfcs/rfc3330.html
     
    =?ISO-8859-2?Q?=A3ukasz_Bromirski?=, Jul 16, 2005
    #4
  5. :> No, 169.254 is reserved for local connections, and is deliberately
    :> not supposed to be routable. It differs from the RFC1918 address
    :> spaces, which are private but routable within a private network.

    :There is no such thing as unroutable IP address. Even 127.0.0.1 is
    :routable. You possibly meant IP address from private and reserved
    :address spaces.

    You would appear to be incorrect on both points.


    http://www.faqs.org/rfcs/rfc3927.html

    "RFC 3927 - Dynamic Configuration of IPv4 Link-Local Addresses"

    This document uses the term "routable address" to refer to all valid
    unicast IPv4 addresses outside the 169.254/16 prefix that may be
    forwarded via routers. This includes all global IP addresses and
    private addresses such as Net 10/8 [RFC1918], but not loopback
    addresses such as 127.0.0.1.



    http://www.faqs.org/rfcs/rfc3330.html
    "RFC 3330 - Special-Use IPv4 Addresses"

    127.0.0.0/8 - This block is assigned for use as the Internet host
    loopback address. A datagram sent by a higher level protocol to an
    address anywhere within this block should loop back inside the host.
    This is ordinarily implemented using only 127.0.0.1/32 for loopback,
    but no addresses within this block should ever appear on any network
    anywhere [RFC1700, page 5].

    169.254.0.0/16 - This is the "link local" block. It is allocated for
    communication between hosts on a single link. Hosts obtain these
    addresses by auto-configuration, such as when a DHCP server may not
    be found.
     
    Walter Roberson, Jul 16, 2005
    #5
  6. Well, not exactly:
    Please note phrase "this document".

    Process of "routing" a packet, is finding longest destination match in
    routing table and queuing this packet on the looked up destination
    address. This process is not specially different for any public IP
    (62.111.150.246 being my actual IP for example) and for any from
    the RFC1918 *if* we let things like keeping Internet clean and filtering
    private address spaces aside. Router gets a packet, look ups the
    RIB for longest-prefix match and forwards packet, if nothing gets in
    the way.

    It's true of course, that most of the systems usually treat 127/8
    traffic in a special way on a low-level, but it's still
    routable - meaning it can be found in a RIB and it can be used.
    And I don't know any (I've just browsed NetBSD/OpenBSD/FreeBSD and
    Linux kernel sources just to be sure) that treats RFC1918 lookups
    differently than any other destination addresses.

    And, as far as we're speaking about that - many ISPs still don't
    filter RFC1918 address space, and You can still see 10/8, 172.16/12,
    192.168/16 or even sometimes 169.254/16 packets wild in the Internet.
    If they wouldn't be routable, how could they appear in Internet?
    ....yes, and quoting my post: "Even 127.0.0.1 is routable" means,
    127/8 network is usually in the RIB. You don't have it?

    As far as speaking about what is 'private address space' and
    'public address space' please see RFC1918:

    http://www.faqs.org/rfcs/rfc1918.html

    And You'll notice official terminology is 'private/public address
    space', not 'routable/not routable IP address'. RFC3927 is using
    the term 'routable' to differentiate link-level address space of
    IPv4 (169.254/16) from other address spaces. Only other place within
    RFC/BCP etc. besides RFC3927 I see term 'routable IP address' is with
    suffix 'globally' which makes obvious sense but You didn't add it in
    Your post.

    However, I do think this discussion is purely academical - I'll just
    made a comment about terminology that's all. I won't try to push my
    humble opinion down Your throat ;)

    Regards,
     
    =?ISO-8859-2?Q?=A3ukasz_Bromirski?=, Jul 16, 2005
    #6
  7. Got to log tab on the vpn client and enable logging .

    Capture the logs .

    Probably they will help in understanding what's happening here . Maybe
    group name is wrong or password not correct etc .

    Post the logs .

    HTH
    SH
     
    Sarabjit Singh, Jul 17, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.