I am working with an ASA running 8.x and a Cisco VPN client running
4.6.03.0021. The client connects fine (passes phase 1 and phase2 and traffic flows downstream of the ASA which I have sniffed. It appears as though the traffic it not returned to the client as all sessions timeout.I have other clients using this same profile without issue. It appears that the clients having the problem all have the following in common:
Physical NIC IP Address. . . . . . . . . . . . . : 192.168.2.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . :
Cisco Systems VPN Adapter IP Address. . . . . . . . . . . . : 172.16.1.25 Subnet Mask . . . . . . . . . . . : 255.255.255.240 Default Gateway . . . . . . . . . : 172.16.1.25
You will notice that the Cisco VPN Adapter is given an IP Address and Mask from the ASA via a configured address pool, but you will notice that virtual adapter is using the same IP address for its interface and gateway.
I have other Cisco VPN client running version 3.6.x and 5.x that do not have this issue. I ruled out the common issues NAT-T, MTU, etc.
I was hoping some one could confirm or deny whether this IP addressing issue may be the culprit and whether this is a known issue for this version of the client. My search of Cisco Bugtraq show no.
Reply Reply to author Forward