-
July 14th, 2006, 05:02 PM
#1
Strange Strange VPN Problem
I'm going to try to explain this one as concisely as possible. This one's been a nightmare.
So, one of our clients wants an independent contractor set up to VPN into their network from her home computer (XP Pro). Our client uses a Cisco Pix running Radius, so that part was pretty easy...Sent her the Cisco client and PCF file after I created a VPN login for her in Active Directory.
Turns out she already had the Cisco client installed, because she uses it to VPN into her own office network. Ok, that's good, allowed us to skip a step. So I had her just import the PCF file. That worked just fine, and she connected with no problem at all.
Well, afterwards she tries to VPN into her own office network again, and it won't connect. So, she talks to her company's President, he gets pissed and calls our client, our client gets pissed and calls us.
Fun. Now, keep in mind all I did was import a PCF file for our client's network. I did NOT in any way touch the existing PCF for her office's network. Thankfully, my bosses understood that and have taken the complaints in stride without pointing any fingers at me. Nonetheless, the client's convinced that we have to fix it, so for the sake of PR we're trying our best. So here's the breakdown:
1) She could connect to her VPN before just fine.
2) She can connect to our client's VPN just fine since I imported the PCF file.
3) Now she can't connect to her VPN.
4) She is prompted for authentication, but after she enters her user/pass, it just sits indefinitely at "contacting security gateway". Nothing further ever happens (no error message, no disconnected status -- just hangs there).
5) I tried removing our client's PCF. No change.
6) I deleted and reimported her office's PCF. No change.
7) I upgraded her Cisco client to the latest version. No change.
8) Various reboots. No change.
9) Uninstalled and reinstalled Cisco client. No change.
10) I copied her PCF to my computer here in the office. Using her login information, I can connect. So it's isolated to her computer.
11) She was on SP1, so we updated to SP2. No change.
12) Confirmed she is not mistyping her password or leaving her Caps Lock on.
After 5 hours of troubleshooting that didn't fix a darn thing, we've finally developed a theory.
She's using RoadRunner for her home cable connection. Our theory is that last time she was connected to her VPN, she was disconnected unnaturally so that her IP is cached in the Pix as if it were still connected. That being the case, if she tries to connect again, the Pix thinks she's already connected and trying to connect a second time, thus it won't let her connect. That would aslo explain why we can connect as her from any other location (since we obviously have a different IP address).
So, where we are right now is that we advised her to either 1) Ask RR to give her a new IP address (evidently with cable ISPs, even though she has a dynamic IP address, it stays sticky for quite a while), or 2) have someone at her office reboot the Pix (thus clearing the cache). So, RR replied that she needs to leave her modem disconnected for 1-3 hours in order to get a new IP address, and she's opened a ticket with her IT dept. (evidently outsourced) about rebooting the Pix.
We're hoping that's it, so that when she calls us back all will be well with the world.
But any thoughts/ideas/suggestions on this?
-
July 14th, 2006, 05:32 PM
#2
I am not familar with the cisco vpn ...so just thoughts
But can you not configure 2 seperate PCF connections??
I VPN into a few places...and all have a seperate connection and configuration...because the IP addresses and authentication is different????
Just thoughts...like I said
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
July 14th, 2006, 05:35 PM
#3
But can you not configure 2 seperate PCF connections??
That's exactly what I did actually.
-
July 14th, 2006, 05:40 PM
#4
so when you imported the new one...did it not over right her old one
sorry..if I am not understanding??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
July 14th, 2006, 05:41 PM
#5
you didn't leave much for us to pick over did you
maybe just post back in a couple of hours to let us know it's fine
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
July 14th, 2006, 05:54 PM
#6
so when you imported the new one...did it not over right her old one
Correct. You can have multiple PCF profiles i the Cisco client -- when you open the client you just highlight a profile then click "Connect". That's why my importing the PCF for our client would have in no way interfered with her existing PCF for her network.
-
July 14th, 2006, 06:53 PM
#7
Ok
I think I get it now....
Thanks for splaining it to me
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
July 14th, 2006, 07:45 PM
#8
Well, turns out our theory worked out! Rebooted the Pix, and didn't even need a new IP address. It connected just fine. So it looks like it was a matter of clearing the cache after all.
Not often I get to answer my own questions here.
-
July 14th, 2006, 07:53 PM
#9
OK mate..................
Now you go to your CEO and get him to go to the client's CEO and tell him he will be billed for this...........
Then, just maybe, he will go to these tossers' CEO and get the stupid sow fired..............because that is what she needs and deserves
Oh! it doesn't work............. let's run to CEO? the stupid sow should be fired, she is a security liability.
-
July 14th, 2006, 08:21 PM
#10
SO I WAS RIGHT
could it be
is it possible
Yep
Drinking
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|