Skip navigation
Login   |   Register
Cisco Learning Home > CCSP Study Group > Discussions
This Question is Answered
23690 Views 10 Replies Latest reply: Aug 23, 2011 4:49 AM by chrisvanwyk RSS

Currently Being Moderated

Windows 7 and Cisco VPN client

Aug 22, 2011 2:15 AM

chrisvanwyk 6 posts since
Feb 2, 2009

Hi

 

I have noticed that with some machines running windows 7 and the Cisco VPN client installed the packets do not get incrypted when the VPN connection is established in fact all packets get bypassed.

Has anyone seen this before and what is the workaroud to get this fixed bear in mind that the client does not want to go the route of SSL because of the cost implications.

 

 

Regards

Chris

  • Aaron 134 posts since
    Aug 23, 2009
    Currently Being Moderated
    1. Aug 22, 2011 11:12 AM (in response to chrisvanwyk)
    Re: Windows 7 and Cisco VPN client

    Hi,

     

    Seems a problem with the Split Tunnel ACL. This ACL tells wich packets will be encrypted.

    Paste your config plz,

    Try looking in the stats pane, when VPN Client is connected, in the routes tab. Is there any route?

    I have several machines running W7 without problem.

     

    Cheers,

    Join this discussion now: Login / Register
  • Jared 5,541 posts since
    Jul 27, 2008
    Currently Being Moderated
    2. Aug 22, 2011 6:18 PM (in response to Aaron)
    Re: Windows 7 and Cisco VPN client

    I concur.  Sounds like a split tunnel issue to me.  I have been running the VPN client just fine on Windows 7 and Vista just fine.

    Join this discussion now: Login / Register
  • Piotr Matusiak 69 posts since
    Mar 27, 2010
    Currently Being Moderated
    3. Aug 23, 2011 1:08 AM (in response to chrisvanwyk)
    Re: Windows 7 and Cisco VPN client

    Hi Chris,

     

    Check if you have "Deterministric Network Enhancer" enabled on the LAN/WAN interface. Without it enabled, the client will connect but will not encrypt anything.

     

    Regards,

    Piotr

    Join this discussion now: Login / Register
  • cmulcaire 19 posts since
    Jan 6, 2010
    Currently Being Moderated
    5. Aug 23, 2011 2:33 AM (in response to chrisvanwyk)
    Re: Windows 7 and Cisco VPN client

    HI I have used cisco vpn client on windows 7 without problem. All the above replies seem to be vaild. you can veryify whether the split tunneling is work properly in the cleint under statistics.  Where you can verify what routes are being tunnelled and also can verify how many packets are being encrypted / decrypted.. If you see packets being encryped but not decrypted verify nat-t set up and finally verify the deterministic network enhancer on the NIC is enabled.  If all of these look okay I am afraid you are going have to talk to TAC as this then starts to look like an interoperability issue between a particular version of the VPN client and a particular version of windows 7. One last point it is possible tht there is a firewall blocking protocl 50 so block esp packets but permitting port UDP 500 so allowing the IKE tunnel negotiation thus allowing the tunnel to come up but not data to flow over it.

    Sorry If I sound like I am teaching my grandmother to **** eggs.

     

    Regarsd

     

    Chris M.

    Join this discussion now: Login / Register
  • cmulcaire 19 posts since
    Jan 6, 2010
    Currently Being Moderated
    8. Aug 23, 2011 2:51 AM (in response to chrisvanwyk)
    Re: Windows 7 and Cisco VPN client

    Hi

     

    to check whether the deterministic enhancer is enabled just go  Control Panel\Network and Internet\Network Connections  In addtion to the Physical NIC You will also see a seperate "vitual network" interface created when you installed the vpn client. Right click on the physical NIC and go to properties. You should see the deterministic network enhancer listed under the dialogue box that opens..  So you need to check the deterministic network enhancer is enabled on the physical NIC and that the virtual adpator is also present. Beyone that I have no more advice.

     

    Regards

     

    Chris M.

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)