I have noticed that with some machines running windows 7 and the Cisco VPN client installed the packets do not get incrypted when the VPN connection is established in fact all packets get bypassed.
Has anyone seen this before and what is the workaroud to get this fixed bear in mind that the client does not want to go the route of SSL because of the cost implications.
Seems a problem with the Split Tunnel ACL. This ACL tells wich packets will be encrypted.
Paste your config plz,
Try looking in the stats pane, when VPN Client is connected, in the routes tab. Is there any route?
I have several machines running W7 without problem.
Check if you have "Deterministric Network Enhancer" enabled on the LAN/WAN interface. Without it enabled, the client will connect but will not encrypt anything.
Tthe split tunnel is not the issue all traffic must be tunneld the secure route network has the default route in. Busy investigating Deterministric Network Enhancer. This seems to be with the 3g Data card that is used if the older firmware is used it work with Windows 7 but the newer versions dont work. VPN is established but all packets gets bypassed.
HI I have used cisco vpn client on windows 7 without problem. All the above replies seem to be vaild. you can veryify whether the split tunneling is work properly in the cleint under statistics. Where you can verify what routes are being tunnelled and also can verify how many packets are being encrypted / decrypted.. If you see packets being encryped but not decrypted verify nat-t set up and finally verify the deterministic network enhancer on the NIC is enabled. If all of these look okay I am afraid you are going have to talk to TAC as this then starts to look like an interoperability issue between a particular version of the VPN client and a particular version of windows 7. One last point it is possible tht there is a firewall blocking protocl 50 so block esp packets but permitting port UDP 500 so allowing the IKE tunnel negotiation thus allowing the tunnel to come up but not data to flow over it.
Sorry If I sound like I am teaching my grandmother to **** eggs.
How do I check if this is enabled on the interface? I also found this page http://www.citrix.com/lang/English/lp/lp_1680845.asp as a ref to upgrade to check if this fixes the issue.
No worries nothing has changed on the FW setup this was working before only dif is the machines are no longer WinXP but Win 7 now with latest client installed.
to check whether the deterministic enhancer is enabled just go Control Panel\Network and Internet\Network Connections In addtion to the Physical NIC You will also see a seperate "vitual network" interface created when you installed the vpn client. Right click on the physical NIC and go to properties. You should see the deterministic network enhancer listed under the dialogue box that opens.. So you need to check the deterministic network enhancer is enabled on the physical NIC and that the virtual adpator is also present. Beyone that I have no more advice.
Ok here is the thing now on my Windows 7 machine the virtual Nic is there but on the machines not working with the dongle connected it does not show up in the virtual space. Take the same machine with an older 3g dongle the virtual nic appears.
Ok the way to fix this is to go to this website download the the fix patch and the Deterministric Network Enhancer update for windows. Uninstall the Cisco VPN client then unplug the network cable run the fix run the upgrade reboot and then reinstall the Cisco VPN client.
This is a citrix wensite but the fix works for Windows 7 and Cisco vpn client.