Super-Networking Blog

Do you want your workstations to connect to PPTP VPNs through a Cisco Pix firewall without having to setup a static NAT for each one.

Are you getting the following error in your syslogs when you try:

“regular translation creation failed for protocol 47″

All you should have to do is add a new fixup protocol entry.

“fixup protocol pptp 1723″

Now assuming that you have a PAT for all traffic from inside to outside you PPTP connections should work.

There are other factors that could cause this to fail, make sure that you are on at least version 6.3 of the Pix software.

If you still have problems check your syslogs.

Well after some limited users were using the Cisco VPN Client 5 beta it worked at first then we had some more problems with intermittent connection problems.

Last post here

Cisco has just released the official Client 5.0.00.0340 which is supposed to fix most issues with Vista. Remember you cannot use the installer shield version in Vista only the MSI. We will be testing this version once again. There are also some workarounds Cisco posted if you continue to have problems.

Workarounds for Vista:
Error 412: The remote peer is no longer responding
Upgrade local NAT device’s firmware
If this is not possible, switch to TCP
If this is not possible, use the following keyword in connection profile (*.pcf):UseLegacyIKEPort=1

CAVEAT: If you are using Domain Isolation customer will not be able to use the UseLegacyIKEPort
keyword as this conflicts with Microsoft�s domain isolation.

Error 442: Failed to enable virtual adapter
Open Network and Sharing Center
Open Network Connection Manager
Enable the virtual adapter (�Cisco VPN Adapter�)
Right-click on it and select �Diagnose�
Select �Fix��

If this doesn’t work
Run the following from �cmd’:
reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f
Reboot

NOTE: If customer has UAC enabled, s/he must run �cmd� as administrator.

Error 1721 (At install time.)
Client does not support 64bit.

Workaround for change in DST this year for a Cisco VPN Concentrator. If you time is still an hour off do the following.

Go to:

Configuration

System

General

Time and Date - Then uncheck the “Enable DST Support”

If you are using NTP it should update to the correct time.

Well the issues with Cisco VPN clients and Vista continues. The past posts including: More Vista Fun with VPN, have fixed most of the issues with most of the users.

Unfortunately one of our users has started having the following issue.

Secure VPN Connection terminated locally by the Client.

Reason 440: Driver Failure.

We have not found a workaround for this error yep but we are trying the latest and greatest Cisco VPN client 5.0.00.0090. I will keep this post up to date with changes to this issue and other Vista/VPN issues.

*Update* This version is running great so far, driver error above was fixed with this version.

Participate Now & Receive Gas for a Year!

I originally posted on running Cisco VPN on Vista here.There is actually a newer client that is working better and its version # is 4.8.02.0010. You must install the msi version because the is version doesn’t install on Vista. We have fun this to be a stable VPN client on both Vista and XP for most connections.

We have been running into some issues with running this VPN over slower network connections but the issue comes and goes. A possible workaround that seems to be working in the initial stages is the following.

Try this:

1. Open an administrative command prompt.

2. Type “netsh int tcp set global autotuninglevel=disabled“.

3. Reboot.

The default autotuninglevel is “normal” if you want to set it back.

You can also try removing IPv6 from networking as this has been reported to screw up some routers.

Participate Now & Receive Gas for a Year!

I run Cisco VPN for my companies VPN solution and to connect to that VPN we use a Cisco VPN client. With Vista’s new and improved security features the current client no longer works. I have downloaded the new Cisco VPN beta client for Vista but we have been unable to get it to work currently.

As we try things and find out more information on this issue I will update this post. Being we are in testing yet for Vista we have not spent much time or energy on the issue. If anyone has a workaround for this already please reply to this post. Anyone running Cisco VPN and thinking of upgrading please beware.

*Update*

Had another user try that Beta client 4.8.01.0590 and they were able to connect just fine. Looks like the other user maybe has a config issue.

Participate Now & Receive Gas for a Year!