I'm going to try to explain this one as concisely as possible. This one's been a nightmare.

So, one of our clients wants an independent contractor set up to VPN into their network from her home computer (XP Pro). Our client uses a Cisco Pix running Radius, so that part was pretty easy...Sent her the Cisco client and PCF file after I created a VPN login for her in Active Directory.

Turns out she already had the Cisco client installed, because she uses it to VPN into her own office network. Ok, that's good, allowed us to skip a step. So I had her just import the PCF file. That worked just fine, and she connected with no problem at all.

Well, afterwards she tries to VPN into her own office network again, and it won't connect. So, she talks to her company's President, he gets pissed and calls our client, our client gets pissed and calls us.

Fun. Now, keep in mind all I did was import a PCF file for our client's network. I did NOT in any way touch the existing PCF for her office's network. Thankfully, my bosses understood that and have taken the complaints in stride without pointing any fingers at me. Nonetheless, the client's convinced that we have to fix it, so for the sake of PR we're trying our best. So here's the breakdown:

1) She could connect to her VPN before just fine.
2) She can connect to our client's VPN just fine since I imported the PCF file.
3) Now she can't connect to her VPN.
4) She is prompted for authentication, but after she enters her user/pass, it just sits indefinitely at "contacting security gateway". Nothing further ever happens (no error message, no disconnected status -- just hangs there).
5) I tried removing our client's PCF. No change.
6) I deleted and reimported her office's PCF. No change.
7) I upgraded her Cisco client to the latest version. No change.
8) Various reboots. No change.
9) Uninstalled and reinstalled Cisco client. No change.
10) I copied her PCF to my computer here in the office. Using her login information, I can connect. So it's isolated to her computer.
11) She was on SP1, so we updated to SP2. No change.
12) Confirmed she is not mistyping her password or leaving her Caps Lock on.

After 5 hours of troubleshooting that didn't fix a darn thing, we've finally developed a theory.

She's using RoadRunner for her home cable connection. Our theory is that last time she was connected to her VPN, she was disconnected unnaturally so that her IP is cached in the Pix as if it were still connected. That being the case, if she tries to connect again, the Pix thinks she's already connected and trying to connect a second time, thus it won't let her connect. That would aslo explain why we can connect as her from any other location (since we obviously have a different IP address).

So, where we are right now is that we advised her to either 1) Ask RR to give her a new IP address (evidently with cable ISPs, even though she has a dynamic IP address, it stays sticky for quite a while), or 2) have someone at her office reboot the Pix (thus clearing the cache). So, RR replied that she needs to leave her modem disconnected for 1-3 hours in order to get a new IP address, and she's opened a ticket with her IT dept. (evidently outsourced) about rebooting the Pix.

We're hoping that's it, so that when she calls us back all will be well with the world.

But any thoughts/ideas/suggestions on this?