This is the *only* PC with these issues? i.e. Other PCs can access this vpngroup within your PIX and get to resources just fine? If so, check MTU settings on the client... try pinging internal resources using "ping 1.1.1.1 -l 32" from DOS. If that works, start bumping up the value after -l higher and higher until pings fail. Then, use the Set MTU utility to decrease the maximum MTU for the client.
If this *isn't* the only PC suffering from the problem... check your NAT settings. If you can connect just fine, but not access any resources... chances are, they're being NATed on the return trip and shouldn't be. Hope this helps, Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected] http://www.dpsciences.com/ From: Roger Wright [mailto:[email protected]] Sent: Thursday, September 03, 2009 5:05 PM To: NT System Admin Issues Subject: Re: Cisco VPN Client Weirdness Windows FW is disabled. Can't access internet - spit-tunneling is disabled Good idea - I turn up the log settings and observe! Roger Wright ___ Sent from Tampa, Florida, United States On Thu, Sep 3, 2009 at 4:39 PM, Charlie Kaiser <[email protected]> wrote: Once you connect the VPN, can you access any local or non-vpn resources? Like go to google.com? Is windows firewall running? What does the VPN log show? Anything of interest? *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** > -----Original Message----- > From: Roger Wright [mailto:[email protected]] > Sent: Thursday, September 03, 2009 1:40 PM > To: NT System Admin Issues > Subject: Cisco VPN Client Weirdness > > Argggggh....I'm pulling my hair out on this one! > > New R500 laptop with Cisco VPN client on Windows XP. I can > make the tunnel connections all day long but can't hit any > resources inside the network. I've noticed that when the VPN > is active my gateway IP is the same as the VPN-assigned > machine IP so I guess that makes sense. > > But this happens regardless of which VPN endpoint I hit, > which creds I use, wired or wireless NIC, etc. And on this > machine only. And when comparing the client settings with > another they appear identical. > > I've removed and reinstalled the OS, the Cisco client, > reverted to a previous version, logged in locally, etc, etc, - no go. > > Any suggestions? > > > Roger Wright > ___ > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
