[Dshield] Cisco VPN Issues Anyone?
M Quibell
mquibell at hotmail.com
Tue Nov 18 19:39:05 GMT 2008
Please describe what happens, any errors. Check and post logs. Then do a sniff.
Marc
> Date: Tue, 18 Nov 2008 12:15:52 -0500
> From: Jon.Kibler at aset.com
> To: list at lists.dshield.org
> Subject: [Dshield] Cisco VPN Issues Anyone?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I have a client that had Cisco client-based VPN break over the weekend
> - -- but just on Windows boxes. Everything was working okay Friday, but on
> Monday morning, Windows VPN users could not connect to the VPN. Mac and
> Linux still works fine.
>
> Nothing has been changed on the network for a few weeks, and we have
> verified those configurations. Plus, all non-Windows boxes seem to work
> just fine, so it seems to be something on the Windows client side and
> not on the network side.
>
> We have tried removing all the latest Windows patches, tried taking a
> new box and installing the VPN client on it, and nothing with Windows
> seems to work. We have also turned off all firewalls and AV on the boxes
> and that did not make any difference.
>
> We have opened a case with Cisco TAC, but they are stumped at this point.
>
> - From a technical standpoint, what happening is that the ISAKMP SA
> establishment breaks. It appears that for some reason the Windows client
> is failing to process a response packet and then starts a retry, which
> also fails.
>
> Has anyone else seen this or something similar?
>
> Any thoughts on where to look for an issue?
>
> TIA for help!
>
> Jon K
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkki+EgACgkQUVxQRc85QlPtAQCgmU/cIUYocKXYmNuTEUGMq4n2
> lGIAn1Z0rbF5RUUtU6LF6zjGGz2th88b
> =TKcQ
> -----END PGP SIGNATURE-----
>
>
>
>
> =========================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
_________________________________________________________________
Get more done, have more fun, and stay more connected with Windows Mobile®.
http://clk.atdmt.com/MRT/go/119642556/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20081118/5e6a8108/attachment.htm
More information about the Dshield
mailing list