Win XP and Cisco VPN

[Nancy Kafer]

I have a user that has a laptop running Windows XP and the Cisco VPN client
(4.0.2B). When I connect the laptop up to a network behind a Linksys router
I am able to browse the web fine. However, if I have browsed the web and
then try to connect to our corporate network via the VPN client I cannot
ping any servers. If I reboot the machine and immediately connect to the VPN
everything works fine.

I noticed that in the network connections he has a network bridge (MAC
Miniport bridge) that bridges his 1394 connection and his LAN connection. So
I removed the LAN connection from the bridge and disabled the bridge. I then
tried to browse the web, close the browser and open the VPN connection. Web
access worked fine but the VPN connection did not. I rebooted the machine
and accessed the VPN immediately and everything works.

Is the network bridge causing this problem? What is this bridge? I've tried
to do some research and from what I can tell it's a Microsoft thing that
bridges multiple network connections to one MAC address. Is this correct? Is
it necessary?
Has anyone experienced this problem before?

Thanks in advance for any help.

Nancy

 

[Mohamed Abdulla]

Nancy, from that laptop, follow the procedure that leads to the problem (try
browsing the web first, then try connecting the VPN), but at the phase of
browsing the web (just before connecting to your VPN), try to print the
output of the MS prompt command (ipconfig /all). Also, print the output of
the command "route print" (those two commands to make sure the proper IP
address is set on the PC, and that the Gateway IP is set properly). Now
proceed by trying to connect to your corporate VPN, and repeat the two
command printing after that (here you will be looking for any changes in the
PC IP address, or the Gateway IP address, plus routing information updates
on the routing table). You will also benefit from using the command:
"tracert www.google.com" -(or any valid url), to see the path your packets
takes to the destination, and then tracert again but this time to any IP
internal to your corporate VPN, to make sure you have reachability. If you
don't have reachability, then the tracert command will give you a hint on
where do your packets get lost, and you can start from there. As you can
see, my suggestion for troubleshooting is focused on IP routing problems, as
this might be causing the faulty behaviour in a great percentage. Now for
the MS Bridge, it will pass IP traffic transparently between established on
the PC connections (say you have two Ethernet connections+one 1394
connection + dial-up PPP connection+ VPN Dial connection), the bridge will
bridge the traffic between all these connections to facilitate communication
between stations connected to any of the PC's communication connections.
Please, double check my explanation on the MS Bridge, as that how I imagine
it to be, but not so sure if I'm correct, Anybody to correct please !

Now after you check all the possibilities for an IP routing problem, and you
find that there are no problems, you may start thinking towards,
reinstalling the Cisco VPN Client software, or installing a newer (or even
older as this sometimes works) version of that software. Also, consider
posting this to Cisco as they have a good support on their line of products.

I hope this will lead you to a solution.

 

[Nancy Kafer]

I apologize for not replying sooner. I was able to get this issue resolved.
Turns out it was a problem with the fact that we had previously installed a
trial version of ZoneAlarm Pro then replaced it with a copy of ZoneAlarm's
Integrity client. Once we removed all traces of these programs and
reinstalled everything worked fine.

Thanks for the help.

Nancy