Get VPN client to connect, but request timed out when ping

Hi, I use the router Cisco 837 as my VPN server. I am connected using Cisco VPN Client Version 5. But when I ping the ip of the router, I have request timed out. Here is my configuration:

Building configuration... Current configuration : 3704 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname michael ! boot-start-marker boot-end-marker ! memory-size iomem 5 no logging console enable secret 5 $1$pZLW$9RZ8afI8QdGRq0ssaEJVu0 ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! resource policy ! ip subnet-zero no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 ! ip dhcp pool michael    network 192.168.1.0 255.255.255.0    default-router 192.168.1.1    dns-server 202.134.0.155 ! ip dhcp pool excluded-address    host 192.168.1.4 255.255.255.0    hardware-address 01c8.d719.957a.b9 ! ! ip cef ip name-server 202.134.0.155 ip name-server 203.130.193.74 vpdn enable ! ! ! ! username michael privilege 15 secret 5 $1$ZJQu$KDigCvYWKkzuzdYHBEY7f. username danny privilege 10 secret 5 $1$BDs.$Ez0u9wY7ywiBzVd1ECX0N/ ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp xauth timeout 15 ! crypto isakmp client configuration group michaelvpn key vpnpassword pool SDM_POOL_1 acl 199 netmask 255.255.255.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface Ethernet0 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 hold-queue 100 out ! interface Ethernet2 no ip address shutdown hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 0/35   pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Virtual-PPP1 no ip address ! interface Dialer1 description $FW_OUTSIDE$ mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 ppp chap hostname ispusername ppp chap password 0 isppassword ppp pap sent-username ispusername password 0 isppassword crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server no ip http secure-server ! ip nat inside source static udp 192.168.1.0 1723 interface Dialer1 1723 ip nat inside source static tcp 192.168.1.4 21 interface Dialer1 21 ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload ! access-list 1 remark SDM_ACL Category=16 access-list 1 permit 192.0.0.0 0.255.255.255 access-list 102 remark SDM_ACL Category=2 access-list 102 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 199 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 route-map SDM_RMAP_1 permit 1 match ip address 102 ! ! control-plane ! banner motd ^C Authorized Access Only UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED You must have explicit permission to access this device. All activities performed on this device are logged. Any violations of access policy will result in disciplinary action. ^C ! line con 0 no modem enable line aux 0 line vty 0 4 ! scheduler max-task-time 5000 end

Thank you, anny help will be appreciated.

Hi Michael,

I have been through the newspapers, they are not conclusive and only detrmine that Phase 1 is coming. However according to this error message % SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr = 81B50AD8, count = 0 we are hiiting a bug on ios. The id of the bug is CSCsl24693 and the solution is to switch to 12.4 (11) XJ.

Can you re-execute him debugs and send me the detailed results.

Kind regards

Aman

Tags: Cisco Security

Similar Questions

  • Cisco vpn client to connect but can not access to the internal network

    Hi all

    I have a VPN configured on cisco 5540. My vpn was working fine, but suddenly there is a question that the cisco vpn client to connect but can not access to the internal network

    Any help would be much appreciated.

    Hi Samir,

    I suggest that you go to the ASA and check the configuration to make sure that it complies with the requirements according to the reference below link:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805734ae.shtml

    (The link above includes split tunneling, but this is just an option.

    Please paste the output of "sh cry ipsec his" here so that we can check if phase 2 is properly trained. I would say as you go to IPSEC vpn client on your PC and check increment in packets sent and received in the window 'status '.

    Let me know if this can help,

    See you soon,.

    Christian V

  • Get error 118 (net::ERR_CONNECTION_TIMED_OUT): the operation timed out when opening applications on Facebook

    I need help for my this error error 118 (net::ERR_CONNECTION_TIMED_OUT): the operation timed out

    It's my app from facebook

    Hi Muhammadarif,

    1. the problem occurs only in facebook?
    2. what web browser do you use?

    This is a known error in Google chrome. If you are using Google chrome then I suggest you post in the forums of Google chrome.
    http://productforums.Google.com/d/Forum/chrome

    If the problem only occurs in facebook, then I suggest you to contact facebook support.
    http://www.Facebook.com/help/

    Hope this information is helpful and let us know if you need more assistance. We will be happy to help.

  • Remote access VPN client to connect but cannot ping inside the host, after that split tunnel is activated (config-joint)

    Hello

    I don't know what could be held, vpn users can ping to the outside and inside of the Cisco ASA interface but can not connect to servers or servers within the LAN ping.

    is hell config please kindly and I would like to know what might happen.

    hostname horse

    domain evergreen.com

    activate 2KFQnbNIdI.2KYOU encrypted password

    2KFQnbNIdI.2KYOU encrypted passwd

    names of

    ins-guard

    !

    interface GigabitEthernet0/0

    LAN description

    nameif inside

    security-level 100

    192.168.200.1 IP address 255.255.255.0

    !

    interface GigabitEthernet0/1

    Description CONNECTION_TO_FREEMAN

    nameif outside

    security-level 0

    IP 196.1.1.1 255.255.255.248

    !

    interface GigabitEthernet0/2

    Description CONNECTION_TO_TIGHTMAN

    nameif backup

    security-level 0

    IP 197.1.1.1 255.255.255.248

    !

    interface GigabitEthernet0/3

    Shutdown

    No nameif

    no level of security

    no ip address

    !

    interface Management0/0

    Shutdown

    No nameif

    no level of security

    no ip address

    management only

    !

    boot system Disk0: / asa844-1 - k8.bin

    boot system Disk0: / asa707 - k8.bin

    passive FTP mode

    clock timezone WAT 1

    DNS server-group DefaultDNS

    domain green.com

    network of the NETWORK_OBJ_192.168.2.0_25 object

    Subnet 192.168.2.0 255.255.255.128

    network of the NETWORK_OBJ_192.168.202.0_24 object

    192.168.202.0 subnet 255.255.255.0

    network obj_any object

    subnet 0.0.0.0 0.0.0.0

    the DM_INLINE_NETWORK_1 object-group network

    object-network 192.168.200.0 255.255.255.0

    object-network 192.168.202.0 255.255.255.0

    the DM_INLINE_NETWORK_2 object-group network

    object-network 192.168.200.0 255.255.255.0

    object-network 192.168.202.0 255.255.255.0

    access-list extended INSIDE_OUT allow ip 192.168.202.0 255.255.255.0 any

    access-list extended INSIDE_OUT allow ip 192.168.200.0 255.255.255.0 any

    Access extensive list permits all ip a OUTSIDE_IN

    gbnlvpntunnel_splitTunnelAcl standard access list allow 192.168.200.0 255.255.255.0

    standard access list gbnlvpntunnel_splitTunnelAcl allow 192.168.202.0 255.255.255.0

    gbnlvpntunnell_splitTunnelAcl standard access list allow 192.168.200.0 255.255.255.0

    standard access list gbnlvpntunnell_splitTunnelAcl allow 192.168.202.0 255.255.255.0

    pager lines 24

    Enable logging

    asdm of logging of information

    Within 1500 MTU

    Outside 1500 MTU

    backup of MTU 1500

    mask of local pool VPNPOOL 192.168.2.0 - 192.168.2.100 IP 255.255.255.0

    no failover

    ICMP unreachable rate-limit 1 burst-size 1

    ASDM image disk0: / asdm-645 - 206.bin

    don't allow no asdm history

    ARP timeout 14400

    NAT (inside, outside) static source NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination

    NAT (inside, backup) static source NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination

    NAT (inside, outside) static source DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination

    NAT (inside, backup) static source DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination

    !

    network obj_any object

    dynamic NAT interface (inside, backup)

    Access-group interface inside INSIDE_OUT

    Access-group OUTSIDE_IN in interface outside

    Route outside 0.0.0.0 0.0.0.0 196.1.1.2 1 track 10

    Route outside 0.0.0.0 0.0.0.0 197.1.1.2 254

    Timeout xlate 03:00

    Pat-xlate timeout 0:00:30

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    Floating conn timeout 0:00:00

    dynamic-access-policy-registration DfltAccessPolicy

    identity of the user by default-domain LOCAL

    Enable http server

    http 192.168.200.0 255.255.255.0 inside

    http 192.168.202.0 255.255.255.0 inside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    monitor SLA 100

    type echo protocol ipIcmpEcho 212.58.244.71 interface outside

    Timeout 3000

    frequency 5

    monitor als 100 calendar life never start-time now

    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

    Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    backup_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    backup of crypto backup_map interface card

    Crypto ikev1 allow outside

    Crypto ikev1 enable backup

    IKEv1 crypto policy 10

    authentication crack

    aes-256 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 20

    authentication rsa - sig

    aes-256 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 30

    preshared authentication

    aes-256 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 40

    authentication crack

    aes-192 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 50

    authentication rsa - sig

    aes-192 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 60

    preshared authentication

    aes-192 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 70

    authentication crack

    aes encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 80

    authentication rsa - sig

    aes encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 90

    preshared authentication

    aes encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 100

    authentication crack

    3des encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 110

    authentication rsa - sig

    3des encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 120

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 130

    authentication crack

    the Encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 140

    authentication rsa - sig

    the Encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 150

    preshared authentication

    the Encryption

    sha hash

    Group 2

    life 86400

    !

    track 10 rtr 100 accessibility

    Telnet 192.168.200.0 255.255.255.0 inside

    Telnet 192.168.202.0 255.255.255.0 inside

    Telnet timeout 5

    SSH 192.168.202.0 255.255.255.0 inside

    SSH 192.168.200.0 255.255.255.0 inside

    SSH 0.0.0.0 0.0.0.0 outdoors

    SSH timeout 15

    SSH group dh-Group1-sha1 key exchange

    Console timeout 0

    management-access inside

    a basic threat threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal group vpntunnel strategy

    Group vpntunnel policy attributes

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list vpntunnel_splitTunnelAcl

    field default value green.com

    internal vpntunnell group policy

    attributes of the strategy of group vpntunnell

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list gbnlvpntunnell_splitTunnelAcl

    field default value green.com

    Green user name encrypted BoEFKkDtbnX5Uy1Q privilege 15 password

    attributes of user name THE

    VPN-group-policy gbnlvpn

    tunnel-group vpntunnel type remote access

    tunnel-group vpntunnel General attributes

    address VPNPOOL pool

    strategy-group-by default vpntunnel

    tunnel-group vpntunnel ipsec-attributes

    IKEv1 pre-shared-key *.

    type tunnel-group vpntunnell remote access

    tunnel-group vpntunnell General-attributes

    address VPNPOOL2 pool

    Group Policy - by default-vpntunnell

    vpntunnell group of tunnel ipsec-attributes

    IKEv1 pre-shared-key *.

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    type of policy-card inspect dns migrated_dns_map_1

    parameters

    maximum message length automatic of customer

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the migrated_dns_map_1 dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the rsh

    inspect the rtsp

    inspect esmtp

    inspect sqlnet

    inspect the skinny

    inspect sunrpc

    inspect xdmcp

    inspect the sip

    inspect the netbios

    inspect the tftp

    Review the ip options

    !

    global service-policy global_policy

    context of prompt hostname

    no remote anonymous reporting call

    call-home

    Profile of CiscoTAC-1

    no active account

    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

    email address of destination [email protected] / * /

    destination-mode http transport

    Subscribe to alert-group diagnosis

    Subscribe to alert-group environment

    Subscribe to alert-group monthly periodic inventory

    monthly periodicals to subscribe to alert-group configuration

    daily periodic subscribe to alert-group telemetry

    Cryptochecksum:7c1b1373bf2e2c56289b51b8dccaa565

    Hello

    1 - Please run these commands:

    "crypto isakmp nat-traversal 30.

    "crypto than dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 Road opposite value.

    The main issue here is that you have two roads floating and outside it has a better than backup metric, that's why I added the command 'reverse-road '.

    Please let me know.

    Thank you.

  • VPN Client TCP connection to router IOS

    Hello

    I try to get a VPN client to connect via TCP to a router. I currently have the router put in place (and work) in using a VPN - UDP. Unfortunately one of the sites I visit will not allow VPN traffic outside of their firewall. I have searched all over the site of Cisco and can't find any information on the IOS configuration to accept TCP - VPN connections. I would like to change the TCP port 80, so my VPN traffic looks like just standard internet browsing my client firewall. Any links/pointer would be greatly appreciated.

    Thanks in advance!

    -Joe

    Take a look at this:

    http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t8/feature/guide/ftunity.html#wp1310210

    http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t8/feature/guide/ftunity.html#wp1305478

    http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t8/feature/guide/ftunity.html#wp1315635

    Please rate if useful.

    Concerning

    Farrukh

  • When I ping, I get "request timed out every 40 response once.

    I have an other customers with same VLAN with IP, 10.12.121.15, 10.12.121.16, when I ping 10.xxx.xxx.xxx t I receive a response continues but same time each of them has expired for 2 hops. After 2 hops normally his response up to 48 hops yet expired.

    Please let me know what are all possible? even I tried to ping to router the same. If it's a customer, I can suspect network connector or network port, but its almost all customers.

    Please if you more details please let me know in response.

    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Request timed out.
    Request timed out.
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time = 1ms TTL = 126
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">
    Reply from 10.12.121.17: bytes = 32 time<1ms ttl="">

    Hello

    The question you posted would be better suited to the TechNet community. Please visit the link below to find a community that will provide the support you want.

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

    Hope this information is useful.

  • WiFi doesn't work does not correctly and he always finds Request Timed Out

    Hello

    I have two laptops side by side. On two laptops, I have 'ping www.google.com t' on cmd and most of the time "ping www.yahoo.com t.
    Laptop shows "Request Timed Out", but it's only in time and one or two occurrences whenever it shows "Request Timed Out". Portable B shows 'Request Timed Out' more often and several times it is displayed continuously as in the screenshot.
    This has been observed for a few months because I noticed on this subject.
    I wonder this has to do with the firewall or antivirus? Or that it has something to do with the infection by the virus?
    I am very little deep in the knowledge of it. Please bear with me if I ask funny questions. I would appreciate your help! Thanks :)

    Hello

    1. don't you make changes on the computer before the show?
    2. what web browser do you use?
    3. what anti-virus is installed on the computer?

    Method 1:

    You can try the steps in the link and check:
    Windows wireless and wired network connection problems
    http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-Windows

    Method 2:
    You can perform a clean boot and check if any third-party software is causing the problem.
    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
    http://support.Microsoft.com/kb/929135
    Note: After the adventures of shooting set the computer to start as usual by performing step 7 above of the Knowledge Base article.

    Method 3:
    You can try to disable the firewall and anti-virus installed on the computer.

    Enable or disable Windows Firewall
    http://Windows.Microsoft.com/en-us/Windows7/turn-Windows-Firewall-on-or-off
    NOTE: turning off Windows Firewall may make your computer (and your network, if you have one) more vulnerable to damage caused by worms or hackers.
    You can see the following link to disable the Antivirus installed on your computer software.

    NOTE: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks

    For more information, please see the following links:
  • RemoteAccess VPN does not, the client VPNC connects but no connectivity

    Hi all

    I configured cisco ASA 5520 VPN remote access, Cisco vpn client connects very well and both phases are upcoming but aren't encapsulating packets phase ipsec. and ima could not reach remote subnets 192.168.10.0 and 192.168.180.0

    kindly help me to solve the problem... Here's the relevant config

    Thank you
    Mikael

    config====================================================================
    allowed to access list acl sheep line 20 extended ip 192.168.10.0 255.255.255.0 172.23.20.0 255.255.255.128
    allowed to access list acl sheep line 20 extended ip 192.168.180.0 255.255.255.240 172.23.20.0 255.255.255.128

    access-list 1 permit line splitTunnel_raacl extended ip 192.168.10.0 255.255.255.0 any
    allowed to Access-list splitTunnel_raacl line 2 extended ip 192.168.180.0 255.255.255.240 all

    allowed to Access-list ra_acl line 1 extended ip all 192.168.10.0 255.255.255.0
    allowed to Access-list ra_acl line 2 extended ip all 192.168.180.0 255.255.255.240

    AAA-server non-retail-VPN protocol Ganymede +.
    AAA-server non-retail-VPN (inside) host 192.168.200.14
    3n0cr1ght5 key
    Non-retail-VPN (inside) host 192.168.10.9 AAA-server
    3n0cr1ght5 key

    mask IP local pool ra 172.23.20.2 - 172.23.20.125 255.255.255.128

    internal RAVPN group policy
    RAVPN group policy attributes
    VPN-idle-timeout 30
    VPN-filter value ra_acl
    Protocol-tunnel-VPN IPSec
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list splitTunnel_raacl

    type tunnel-group RAVPN remote access
    attributes global-tunnel-group RAVPN
    address-ra-pool
    Group Policy - by default-RAVPN
    IPSec-attributes tunnel-group RAVPN
    pre-shared key xxxx

    Crypto ipsec transform-set esp-3des esp-sha-hmac ravpn-series

    Crypto dynamic-map 23 RAVPN set transform-set ravpn-set

    card crypto ENOCMAP 4-isakmp dynamic ipsec RAVPN
    ========================================================================

    Output
    2 IKE peers: 94.58.71.99
    Type: user role: answering machine
    Generate a new key: no State: AM_ACTIVE

    # sh crypto ipsec peer of his 94.58.71.99
    address of the peers: 94.58.71.99
    Tag crypto map: RAVPN, seq num: 23, local addr: x.x.x.x

    local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)
    Remote ident (addr, mask, prot, port): (172.23.20.2/255.255.255.255/0/0)
    current_peer: 94.58.71.99, username: shanilra
    dynamic allocated peer ip: 172.23.20.2

    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 117, #pkts decrypt: 117, #pkts check: 117
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0
    success #frag before: 0, failures before #frag: 0, #fragments created: 0
    Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
    #send errors: 0, #recv errors: 0

    EDIT: Sorry, just see that I read your config wrong. The vpn-filter is OK, but with split tunnel always not necessary.

    Your vpn-filter-ACL is false (mixex source and destination). Please, remove the vpn filter from your group policy and test again if this works. Looks like you want your customers only to reach the two given networks. For this you need the vpn filter anyway, because they are the only networks that are reached in the split-tunnel-config.

    Sent by Cisco Support technique iPad App

  • VPN client works well, but I am not able to open the desktop remotely

    Hi all

    I configured a router 877 with features of firewall and VPN and DDNS, when the user connects his WAN pc via VPN all works well (mail, telnet, ping, LAN access) but the Remote Desktop feature is not available. I traced with wireshark and saw that the request to port 3389 was correctly sent to the destination server, but the response to the VPN client has been abandoned by the router... and I have no idea how to solve this problem.

    Can someone help me...? Thank you very much.

    Ilaria.

    In room router attached.

    Your problem is the NAT-config. First of all, the next line is not necessary that RDP does not have UDP ober:

    IP nat inside source static udp 192.168.10.136 3389 3389 Dialer0 interface

    Then, the following command causes problems:

    IP nat inside source static tcp 192.168.10.136 3389 3389 Dialer0 interface

    With which the router assumes that the server 192.168.10.136 must always be reached through the IP address of dialer0 and made a translation.

    There are two ways to solve the problem, but they all have some disadvantages...

    (1) only access the server through VPN. For that you can just remove the NAT statement above (the one with tcp) and you should be able to reach the server via VPN.

    (2) restrict the NAT for not doing a translation if a VPN-peer's access to the server.

    To do this, you must attach a roadmap to the NAT statement. But who does not work with the "interface" - keyword in the NAT Statement. But you can use it if you get a fixed IP address from your provider.

    (3) assign a second IP address to the RDP server. The period of the original INVESTIGATION that is used in the NAT statement is used to access the server without VPN, the second IP address is used to access the server through VPN.

    --
    Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
    http://www.Kiva.org/invitedBy/karsteni

  • VPN client, lost connection

    Hello

    I pix506e here... and vpn clients connected.

    But suddenly lost connection vpn client 40 minutes and then try to reconnect again but fail. If the vpn client restarts their pc/notebook...yes it can connected to vpn again... but the interruption of the connection again... then restart... and so on... What is the cause of this problem?

    Thanks for the help

    Tonny

    All remote VPN clients are having the same problem or is it limited to just a few. If the problem is seen with only a few, it is quiet possible that the problem is not with the PIX of the customer. In addition, the DPO is enabled or not. DPD will cause tips to know an IPSec connection over, where the SAs flusing, allowing new being negotiate quickly.

  • Urgent! Users of remote access VPN connects but cannot access remote LAN (ping, folder,...)

    Hello

    I am setting up a VPN on a Cisco ASA 5510 version 8.4 remote access (4) 1.

    When I try to connect via the Cisco VPN client software, I am able to connect however I am unable to access network resources.

    However, I can ping the servers in the other site that is connected through the VPN site-to site to the main site!

    VPN client--> main site (ping times on)--> Site connected with the main site with VPN S2S (successful ping)

    Please help me I need to find a solution as soon as POSSIBLE!

    Thank you in advance.

    Hello

    Please remove the NAT exemption and the re - issue the command but with #1, so it will place the NAT as first line:

    No nat (SERVERS, external) static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

    NAT (SERVERS, external) 1 static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

    After re-configured this way, make sure that this command is also available:

    Sysopt connection permit VPN

    This sysopt will allow traffic regardles any ACL a fall, just in case. Please continue to run a package tracer and post it here,

    Packet-trace entry Server icmp XXXXXX 8 0 detailed YYYYY

    XXXX--> server IP

    AAAA--> VPN IP of the user

    Don't forget to do the two steps and a just in case, capture Please note and mark it as correct the useful message!

    Thank you

    David Castro,

  • VPN question, can connect, but can, t go anywhere

    Hello

    I have my house 2621xm router and I have configured my router as a vpn server and I can connect using vpn client, but that's all I can do. I can't ping or go anywhere. I can't find all the documents on cisco or google that can help me here, so here I am.

    Basically, I give the client vpn ip 192.168.6.X then I want the customer to be able to go anywhere in the 192.168.1.X range 5.X and 10.X.

    any help would be appreciated to greately!

    Try,

    crypto dynamic-map VTELDYNAMAP 10

    market arriere-route

    Kind regards

    Prem

  • VPN client - multiple connection possibilities?

    Hi people,

    My basic question is, Cisco VPN Client allows two simultaneous VPN connections at the same time?

    I would like to implement the following:

    Customer user (remote access VPN via Internet)--> Head Office c/o ASA 5520 pair--> (VPN remote access via Internet)--> pair of Branch Office ASA 5510 S + a/s

    For example, to access the Branch Office system, the user must:

    1. connect to the peer of Head Office ASA via Cisco VPN Client (the user/password authentication)

    Head Office ASA peer gives an 172.16.1.x private IP address and is configured to route all requests for public office ASA IP through its own public IP address.

    2. once Head Office VPN is established, the user establishes a SECOND VPN tunnel of the Cisco VPN client (user/password and focused on the cert auth)

    I.e. branch sees the VPN connection try from the public IP address of Headquarters and therefore allows the VPN through the ACL traffic and allows the continuation of the VPN negotiations as usual.  Customer is given another IP address private, 192.168.10.x.

    Basically, I need to limit the remote access VPN branch to make it only accessible from Headquarters public IP address, no public IP address of the user (and therefore the entire internet).


    I know this is an unusual configuration, and some will say on the sensitivity of security to allow two simultaneous VPN connections.  These are the two networks of trust, strict ACL would be at stake and there is a long history behind this requirement...

    Thanks in advance!

    Alistair,

    You can limit the access of VPN connections to branch by blocking connections on UDP ports 500, 4500 UDP and ESP and allowing him only from your home office. In this way, only the explicitly authorized public IP address of your home office would be able to connect to your remote sites by using an IPSec tunnel.

    Now, on the second tunnel I don't think it's possible. As far I am aware you cannot have two connections to VPN at the same time of the same customer. The VPN will not let you do, it's mainly because when you have a VPN Client the VPN map session comes up and you can only one card virtual VPN.

    Because I don't think it is possible I would advice to try something like this:

    http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

    Could provide you the connectivity that you are looking for without needing a second tunnel VPN from the client side.

    I hope this helps.

    Raga

  • Binds two ISP ASA to remote VPN Client to connect to instead of creating two profiles on the remote client

    Hello

    just a quick,

    TOPOLOGY

    ASA isps1 - 197.1.1.1 - outside

    ASA ISP2 - 196.1.1.1 - backup

    LAN IP - 192.168.202.100 - inside

    I have configured Tunnel on the interfaces (external and backup), but is to link both legs public to serve a thare as redundancy for vpn users and users of the vpn tunnel leave pointing inside IP whenever they want to establish vpn sssion, we want it to be one, so if an interface fails vpn users will not know , but he will try the second for the connection. instead of creating the profile for the two outside of the leg on the vpn client.

    is this possible?

    Hi Rammany.

    In your case, you have only an ASA that connects with 2 ISP in another segment IP... 196.x.x.x (Link1) & 197.x.x.x (Link2). What your condition is you want to have the VPN client who must be consulted with backup. If 196.x.x.x link fails, it should automatically take 197.x.x.x link. That too we should not have the config set in the VPN client backup server. You don have the possibility of having standby active also in asa single.

    I think n so it will work with your current design.

    This option is if your VPN client supports host name resolution (DNS). You can have the VPN created for both the public IP address share the same host name keeping the bond as the primary address 1 and 2 a secondary address. It will work alone.

    Hope someother experts in our forum can help you with that.

  • 506th PIX and VPN client - multiple connections connections

    I have a PIX of the 506th (6.2) w/3DES license and 3.6.3 VPN client software. I'm only using group user name and password to authenticate. The first user login works fine. When the second user connects, the first is finished and the second works very well. The product turned on States I should be able to have 25 simultaneous connections or site to site or customer.

    Any help will be greatly appreciated, Kyle

    Are these two users on the same site, behind a device that makes PAT? If so, then this device is causing the problem, not the PIX. The device is unable to correctly translate the IPsec packets. Unfortunately nothing you can do about it on the PIX, although the next version of the software (6.3 to your calendar of March) will have NAT - T support (which the client currently supports). Once that support NAT - T both ends, they'll be able to say that there's a PAT instrument between the two and they will automatically encapsulate everything in the UDP packets, which your PAT instrument will be able to translate correctly.

Maybe you are looking for