Ok, I believe I found
the solution for my first problem with the VPN concentrator. Stupid
mistake on my part, I had the Default Gateways backwards. After I fixed
that problem I was able to authenticate through the VPN.
Now, the next problem
I had is that when I do authenticate through the VPN, using NT Domain
authentication, I am unable to ping any internal addresses. But for some
reason, I was able to pull DHCP addresses from the DHCP servers, which resides
internal. I have checked the routing table, etc.
What could be the
problem??
-----Original
Message-----
From: Groomes,
Jay
Sent: Wednesday, April
03, 2002 2:18 PM
To: Steve
Smith; ecklesd; [EMAIL PROTECTED]
Subject: RE: Cisco VPN 3000
Concentrator
No
software FW are running on the clients, I also read that information on an
online forum.
Also,
Yes… we have tried changing the port to use 10000… One question, that is UDP
10000, not TCP 10000, correct?
-----Original
Message-----
From: Steve
Smith [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03,
2002 2:15
PM
To: Groomes, Jay; ecklesd;
[EMAIL PROTECTED]
Subject: RE: Cisco VPN 3000
Concentrator
Is there
any FW on these clients? I had some folks with the same error and it was
because they had personal firewalls on their pc or in
between.
Also,
Have you tried changing it to use port 10000 instead of
default.
-----Original
Message-----
From: Groomes,
Jay [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April
03, 2002 1:04
PM
To: ecklesd;
[EMAIL PROTECTED]
Subject: RE: Cisco VPN 3000
Concentrator
Lance,
Thanks
for the reply. No, our network does not have Beos systems running on
our network. And I’m sure that the clients are not running the
newsreader as well.
We
currently have the Cisco 3005 Concentrator, and we are running version 3.5.2
on the Concentrator, and version 3.5 on the clients.
Jay
-----Original
Message-----
From: ecklesd
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April
03, 2002 1:57
PM
To: Groomes, Jay;
[EMAIL PROTECTED]
Subject: Re: Cisco VPN 3000
Concentrator
Do you have Beos systems running
on your network? Beos newsreader clients use the bnews service.
"Duplicate first packet
detected" message happens when the transition from IKE and AUTH phases
gets corrupted
usually because the client can't use protocols and ports
to establish the session. What version of the VPN 3000 do you have?
Upgrading to version 3.0 or greater should solve this problem if you
are running an older version.
----- Original
Message -----
Sent:
Wednesday, April 03,
2002 12:56
PM
Subject: Cisco
VPN 3000 Concentrator
All,
I am having a
problem getting the VPN 3000 Concentrator to authenticate users to our
network. The user are using a dial-up connection in order to VPN in,
but they are receiving the error, “Remote Peer has lost connection”
I have searched through the firewall logs and saw that is does accept IKE
traffic, but it denies bnews traffic. What is the bnews
service?
Also, I check the
VPN logs, and it states the error, “Duplicate first packet
detected!” Is there a fix for this error?
And what does this error mean? Could it the problems reside on the
ISP side?
All help is
greatly appreciated!
Jay
