Cisco VPN login problem

[Tarmac_Terrorist]

I seem to have a strange issue with my cisco vpn which tech support at work don't seem to be able to sort.

I've recently had a new hard drive on my laptop and a new version of cisco put on my laptop.

The strange thing is, it connects via vodafoone 3g card perfectly but on my home network I get an error message (462) - basically I click connect and it doesn't bring up the usual login details box where I put the code in.

Now if I repeatedly click connect and disconnect it will evenytually confuse itself and brings up the required login box. I populate the details and it will then connect ok.

My tech support say it is an issue with my router (they think something is blocking it). I disagree with this on the basis that my own laptop has a slightly older version of the cisco on it and it connects perfectly to the same login details through my home network.

Is there a firewall setting that needs adjusting on my work laptop. As I mentioned above, it works fine with vodafone 3g connection but not my home network.

Any suggestions as I am hitting a dead end with my work's IT team! :confused:

[Mac]

I was going to answer on the other thread, but thought better of it

Check your MTU size. There's various utilities to shrink your outgoing MTU. You can get an issue with IPSEC/SSL VPNs where the authority is sent out as 'dont' fragment' but with the packet sizing meaning the packet must fragment, resulting in a failed connection. You get the impression that authentication takes yonks and then just fails with a random error.

Set your MTU back to say 1200/1300 and see if you can actually login.

Do you have access to the vpn host? I.e. to get a copy of the IOS running config? If you turn on:

debug crypto isakmp 255

...and then login and let me have the output I should be able to tell you exactly why it's failing

There's a basic fault finding thing here: Cisco VPN Client FAQ - Cisco Systems

Edited November 1, 2008 by Mac

[Mac]

As a side note, are you using any two factor authentication? RSA for example?

[Tarmac_Terrorist]

Thanks Mac, I think I have a MS routing problem as it connects fine in the office but fails at home through my ISP connection. The Cisco help pages should assist with fixing this. I had a temporary laptop earlier this week whilst mine was having a new hard drive installed and it did exactly the same thing.

I'll probably fire it up again on Sunday and have another play.

[Mac]

My guess would be MTU size then

[Tarmac_Terrorist]

Not being a very techy sort of person I will have to get out tech support to look into this further I think. I'm happy to change settings on my laptop myself but I will use your suggestions with tech support - thanks for this, they seemed happy to just say it's a problem with my belkin router and not bother to help to really resolve the problem!

[Jon]

I agree with Mac. I have had the same problem on several PC's i was supporting in 95% plus of cases changing the MTU size resolved the problem.

Jon.

[burble]

MTU is a likely cause, but you could also try to copy the connection entry in the VPN Client, right click on the duplicate, modify, transport. Fiddle about with transparent tunneling options. IPSec over UDP seems to work in most situations for me.

[Tarmac_Terrorist]

Tech support agreed that the MTU could be the problem. For some reason they didn't seem keen to look into this. They sent me an older version of the software to load on my laptop which I loaded and now works fine.

Thanks for your help & suggestions guys

[Mac]

Previous cisco client allowed dispersed authentication, that's why. Less secure, and easy to abuse if you're in the right mind.

[Tarmac_Terrorist]

Thanks Mac

[rottenbend]

What operating system do you have on your laptop/home machine? Are you using MSCHAP?

Cisco Client won't work with Vista because MS have deprecated MSCHAP because of security concerns.

I've had to set up a separate XP machine on a virtual machine to connect to some of our client's VPNs.

[Tarmac_Terrorist]

What operating system do you have on your laptop/home machine? Are you using MSCHAP?

Cisco Client won't work with Vista because MS have deprecated MSCHAP because of security concerns.

I've had to set up a separate XP machine on a virtual machine to connect to some of our client's VPNs.

My work laptop is on MS Office 2003 and my own is on XP. It was never a problem logging onto the cisco vpn until I had a new hard drive installed and a newer version of the cisco login software. All is still fine on the slightly older software version though.