Results 1 to 10 of 10

Thread: Strange Strange VPN Problem

  1. #1

    Strange Strange VPN Problem

    I'm going to try to explain this one as concisely as possible. This one's been a nightmare.

    So, one of our clients wants an independent contractor set up to VPN into their network from her home computer (XP Pro). Our client uses a Cisco Pix running Radius, so that part was pretty easy...Sent her the Cisco client and PCF file after I created a VPN login for her in Active Directory.

    Turns out she already had the Cisco client installed, because she uses it to VPN into her own office network. Ok, that's good, allowed us to skip a step. So I had her just import the PCF file. That worked just fine, and she connected with no problem at all.

    Well, afterwards she tries to VPN into her own office network again, and it won't connect. So, she talks to her company's President, he gets pissed and calls our client, our client gets pissed and calls us.

    Fun. Now, keep in mind all I did was import a PCF file for our client's network. I did NOT in any way touch the existing PCF for her office's network. Thankfully, my bosses understood that and have taken the complaints in stride without pointing any fingers at me. Nonetheless, the client's convinced that we have to fix it, so for the sake of PR we're trying our best. So here's the breakdown:

    1) She could connect to her VPN before just fine.
    2) She can connect to our client's VPN just fine since I imported the PCF file.
    3) Now she can't connect to her VPN.
    4) She is prompted for authentication, but after she enters her user/pass, it just sits indefinitely at "contacting security gateway". Nothing further ever happens (no error message, no disconnected status -- just hangs there).
    5) I tried removing our client's PCF. No change.
    6) I deleted and reimported her office's PCF. No change.
    7) I upgraded her Cisco client to the latest version. No change.
    8) Various reboots. No change.
    9) Uninstalled and reinstalled Cisco client. No change.
    10) I copied her PCF to my computer here in the office. Using her login information, I can connect. So it's isolated to her computer.
    11) She was on SP1, so we updated to SP2. No change.
    12) Confirmed she is not mistyping her password or leaving her Caps Lock on.

    After 5 hours of troubleshooting that didn't fix a darn thing, we've finally developed a theory.

    She's using RoadRunner for her home cable connection. Our theory is that last time she was connected to her VPN, she was disconnected unnaturally so that her IP is cached in the Pix as if it were still connected. That being the case, if she tries to connect again, the Pix thinks she's already connected and trying to connect a second time, thus it won't let her connect. That would aslo explain why we can connect as her from any other location (since we obviously have a different IP address).

    So, where we are right now is that we advised her to either 1) Ask RR to give her a new IP address (evidently with cable ISPs, even though she has a dynamic IP address, it stays sticky for quite a while), or 2) have someone at her office reboot the Pix (thus clearing the cache). So, RR replied that she needs to leave her modem disconnected for 1-3 hours in order to get a new IP address, and she's opened a ticket with her IT dept. (evidently outsourced) about rebooting the Pix.

    We're hoping that's it, so that when she calls us back all will be well with the world.

    But any thoughts/ideas/suggestions on this?

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I am not familar with the cisco vpn ...so just thoughts

    But can you not configure 2 seperate PCF connections??

    I VPN into a few places...and all have a seperate connection and configuration...because the IP addresses and authentication is different????

    Just thoughts...like I said

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    But can you not configure 2 seperate PCF connections??
    That's exactly what I did actually.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    so when you imported the new one...did it not over right her old one

    sorry..if I am not understanding??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    you didn't leave much for us to pick over did you

    maybe just post back in a couple of hours to let us know it's fine
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    so when you imported the new one...did it not over right her old one
    Correct. You can have multiple PCF profiles i the Cisco client -- when you open the client you just highlight a profile then click "Connect". That's why my importing the PCF for our client would have in no way interfered with her existing PCF for her network.

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Ok

    I think I get it now....

    Thanks for splaining it to me

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Well, turns out our theory worked out! Rebooted the Pix, and didn't even need a new IP address. It connected just fine. So it looks like it was a matter of clearing the cache after all.

    Not often I get to answer my own questions here.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OK mate..................

    Now you go to your CEO and get him to go to the client's CEO and tell him he will be billed for this...........

    Then, just maybe, he will go to these tossers' CEO and get the stupid sow fired..............because that is what she needs and deserves

    Oh! it doesn't work............. let's run to CEO? the stupid sow should be fired, she is a security liability.


  10. #10
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    SO I WAS RIGHT

    could it be
    is it possible

    Yep


    Drinking
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •