Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




615 posts

Ultimate Geek
+1 received by user: 49

Subscriber

Topic # 102745 21-May-2012 21:21
Send private message

Hi all.

I don't like being this vague but I don't have access to the vpn concentrator.  So all I can do is describe the problem from the user perspective.

I work from home in Dunedin and try to connect to the Sydney office with the Cisco AnyConnect client.  The problem I've got is that every time I try to connect regardless on which machine I connect with, I'm always assigned the same IP address of 10.20.0.1 which is NOT on the office network of 192.168.27.0.

I've tried this on 3 different laptops, 1 desktop and 2 different virtual machines, all a mix of Windows 7 and XP and get the same result.  I've also tried installing the AnyConnect client using different adsl and 3G connections.  
Only once have I ever gotten a 192.168.27.0 address after I uninstalled the AnyConnect client and removed the Cisco network adaptor, then re-installed it.  But the next time around I got the 10.20.0.1 again and haven't been able to repeat this no matter how many times I uninstall/reinstall.

As a workaround I can successfully use AnyConnect to vpn into one of the offices in North America, the UK or Europe and rely on the WAN links between offices to access my Sydney home server.  But needless to say its a painfully slow experience.

I've taken this to the corporate European helpdesk in the past but got the runaround so it was easier and less frustrating to just put up with the slow workaround.  But now I've a new laptop and figure its time to give this another shot.

Before I fire it back to the corporate helpdesk though, I'd prefer to give them some direction to travel in so if anyone's got any ideas then I'm all ears :)

*Edit - And if it helps I can also get someone in Sydney to wander into the server room and get the model of the concentrator.

Create new topic
197 posts

Master Geek
+1 received by user: 2

Subscriber

  Reply # 628612 21-May-2012 21:57
Send private message

Cisco AnyConnect would normally use a separate IP range for the VPN client users, you won't get an IP in the same range as the office LAN.

There are a couple of factors that could be an issue:

* The company sounds big, so they probably auth using RADIUS. Is there a static IP assigned in RADIUS?

* After you connect, do a traceroute to the server you're trying to reach. Does it even hit the first hop? If it does, then the VPN is fine. If you can't get further than the concentrator then more likely someone there has firewalled the VPN IP range by accident or there is no routing between the VPN client range and the LAN.

* If you connect and can't reach the first hop, there is an access list defined in the concentrator which sets all the IP ranges you can reach with the client. Ask for this to be checked it actually allows access to the office LAN.

* Other common issue I see is anti virus software that scans HTTPS, NOD32 is often the culprit. Disable the web scanning feature. Same goes for any other software on the laptop that would touch HTTPS traffic.

Some of those steps above you will need access to the concentrator, but at least if you go to the helpdesk with those suggestions they might do something.

HTH

Scott



615 posts

Ultimate Geek
+1 received by user: 49

Subscriber

  Reply # 628760 22-May-2012 09:52
Send private message

Thanks for the reply Scott. 

bender: Cisco AnyConnect would normally use a separate IP range for the VPN client users, you won't get an IP in the same range as the office LAN.


Yep, this is the actual case, I simplified it.  I'm the only one that gets a 10.20.0.x address which routes nowhere, everyone else gets a 192.168.27.x address that can route through to the office lan.

* The company sounds big, so they probably auth using RADIUS. Is there a static IP assigned in RADIUS?


I'm not sure as the one (and once only) time it did actually work and I got a 192.168.27.x address.  It does however seem the most likely culprit though so thanks, I've included it in the email.

* After you connect, do a traceroute to the server you're trying to reach. Does it even hit the first hop? If it does, then the VPN is fine. If you can't get further than the concentrator then more likely someone there has firewalled the VPN IP range by accident or there is no routing between the VPN client range and the LAN.


There's no default gateway handed out so I can't ping anything through the vpn interface.  Split tunneling is enabled as I can ping/tracert everything else through the lan interface.

* Other common issue I see is anti virus software that scans HTTPS, NOD32 is often the culprit. Disable the web scanning feature. Same goes for any other software on the laptop that would touch HTTPS traffic.


I've tried on a brand new Windows 7 install that only has a few Windows updates installed - no AV or 3rd party software at all.

Its got to be the concentrator end, right?

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone TV — television in the cloud
Posted 17-Oct-2017 19:29


Nokia 8 review: Classy midrange pure Android phone
Posted 16-Oct-2017 07:27


Why carriers might want to embrace Commerce Commission study, MVNOs
Posted 13-Oct-2017 09:42


Fitbit launches Ionic, its health and fitness smartwatch
Posted 12-Oct-2017 15:52


Xero launches machine learning automation to improve coding accuracy for small businesses
Posted 12-Oct-2017 15:45


Bank of New Zealand uses Intel AI to detect financial crime
Posted 12-Oct-2017 15:39


Sony launches Xperia XZ1, a smartphone with real-time 3D capture
Posted 11-Oct-2017 10:26


Notes on Nokia’s phone comeback
Posted 10-Oct-2017 10:06


Air New Zealand begins Inflight Wi-Fi rollout
Posted 9-Oct-2017 20:16


The latest mobile phones in perspective
Posted 9-Oct-2017 18:34


Review: Acronis True Image 2018 — serious backup
Posted 8-Oct-2017 11:22


Lenovo launches ThinkPad Anniversary Edition 25
Posted 7-Oct-2017 23:16


Less fone, more tech as Vodafone gets brand make-over
Posted 6-Oct-2017 08:16


API Talent Achieves AWS MSP Partner Status
Posted 5-Oct-2017 21:20


Stellar Consulting Group now a Domo Partner
Posted 5-Oct-2017 21:03



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.