VPN 3000 Concentrator question - Can get in but can't browse

[mdcr]

We have a VPN that we can connect to from the outside, we get authenticated using the CISCO VPN client v 4.0.1, we can ping machines in the network, but when we try to go to Network Neighborhood or try to map a drive, we can't get anywhere or it will timeout. From certain locations we seem to connect and work fine (usually they don't have a firewall), but this problem mostly occurs at locations that have their own firewall in place. It seems to be related to an outside location's firewall, but the question is, why does this problem allow for a connection to be made, authentication to occur, and then not allow for regular Windows Networking tasks to take place? Any thoughts? Thanks!

 

[tbissett]

Have you tried enabling the IPSEC Over TCP feature on your concentrator and VPN client?

On the concentrator, go to Configuration-Systems-Tunneling Protocols-IPSEC-NAT Transparency and enable IPSEC Over TCP, also specifying a port.

On the client, go to Options-Properties and select User IPSEC over TCP, again specifying the port number.

The issue you are seeing has to do with your outside firewalls NATing traffic through an established tunnel. You don't see it when authenticating because all the IKE and IPSEC proposals are still in the process of being built.

In any case, IPSEC over TCP has worked very well for getting around this.