Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco VPN Client - PPTP & IPSec Over UDP

Status
Not open for further replies.
kirsch59

kirsch59

Programmer
Oct 4, 2001
15
US
I'm running XP Home Edition SP2, DLINK Wireless Router, Cisco client VPN 4.03 (rel) and DSL. I'm able to connect to my works network using Cisco's VPN software (IPSec Over UDP NAT/PAT). When I try to connect to a VPN using Microsoft's VPN software (PPTP) I cannot connect. This PC is wired to the DLINK wireless router.

I am able to connect using PPTP from another PC running XP Home Edition SP2 which does not have the Cisco VPN client software installed. This PC uses a wireless network card.

Can Microsoft's PPTP and Cisco's IPSec Over UDP NAT/PAT coexist and work on the same PC?

What do I have to disable on the PC that has the Cisco VPN software so I can connect to a VPN network using PPTP?

Thanks,
Mark
 
Sort by date Sort by votes
Chances are the answer is no. The reason I say this is that they just did get to where Nortel and Cisco VPN clients could be installed on the same machine. The Cisco VPN creates a second LAN connection called the "VPN Adapter" and that may be the cause of the problem with Microsofts version. Now if the question is geared more towards both running at the same time this will never happen. I hope this helps.
 
Upvote 0 Downvote
You probably just need to stop the Cisco VPN service before you will be able to make PPTP connections with the native MS VPN client.

I just ran into this problem the other day and wrote batch scripts using the net start/stop commands to easily control the service:

net stop cvpnd

--and--

net start cvpnd

I actually found your post trying to get more information on why this is and if there is any way to be able to make these PPTP connections while the Cisco VPN service is running since I have a lot of users who will have trouble understanding why they need to stop and start services and who also need to be able to make both types of connections at any given time while on travel. I don't know if this is something to do with XP Service Pack 2...don't really know much about the Cisco client. I guess it might just have to do with the specific configuration the Cisco VPN client uses. At my last company I ran into users who had problems with general network connectivity when the Cisco VPN client was installed but I don't remember PPTP VPN being affected. In that environment we didn't use PPTP as our standard, although many preferred it to the 3rd party, so it's possible I just never ran into the problem. I'm thinking the admin responsible for the Cisco client config might be able to stipulate what services are allowed while CVPND is running. Does anyone here know?
 
Upvote 0 Downvote
I stopped the Cisco VPN service by doing the command
net stop cvpnd

This did not solve the PPTP connection problem. When I attempted to connect I received the error 720 - A connection to a remote computer could not be established.
 
Upvote 0 Downvote
A 720 error tells me that you're probably either not getting IP connectivity/DNS resolution when disconnected from the Cisco client or something is blocking some connectivity required to establish the PPTP connection...probably traffic on 1723 since we're talking PPTP.

This info could be pertinent:
- What is the firewall situation; does the pc have a firewall running on it? Are you able to make a connection using a telnet command against the VPN server on the port used by PPTP connections?

telnet <vpn server ip> 1723

...not sure if you work with telnet for troubleshooting connectivity issues but just in case you don't...you know this is working if you get a blank screen after issuing the command; a failure will yield something like this:

Connecting To <your VPN server>...Could not open connection to the host, on port 1723: Connect failed


- Do you know if PPTP connections worked prior to installing Cisco VPN? If not then have you tried removing Cisco VPN to ensure this is definitely the cause of the problem? As I said I don't really know much about the Cisco client because I've never had to "officially" support it but there is a firewall functionality built into the client because I've run into users who were unable to do certain network functions, for example they could initiate an ftp connection (ie get to the ftp server) but then all return ftp traffic on 21 was rejected. In that situation we found that once the Cisco VPN was removed he use ftp again. My guess is that the admin responsible for the VPN client config might be able to specify services to be blocked by the Cisco VPN client's built in firewall. In the case of the user with FTP problems he was also unable to use FTP even with CVPND service stopped - it would not work until the software was removed. In retrospect I would have liked to have the user poke around for a setting in the client to disable the firewall but we're talking phone support here for a problem with software that I was not officially responsible for supporting so you'll understand that I was not in a position to monkey around with trying to figure out how to fix the software if I could prove that all my stuff worked fine when it wasn't installed.

- If this machine COULD connect before installing Cisco VPN then I would consult the admin responsible for the Cisco VPN client configuration - ask him if there is any specific configuration that could cause this.
 
Upvote 0 Downvote
Still no success. I have a another PC (XP Home SP2) that has a wireless NIC and does not have Cisco's VPN client installed. This PC connects to the VPN using PPTP.

When I use the PC that has Cisco's VPN client installed I get the error message 678: Remote computer did not respond. I got this error message after I rebooted my router and DSL modem.

When I attempt to telnet to the VPN server I get the error: Could not open connection to the host, on port 1723: Connect failed.

This weekend I'll reinstall the Cisco software and see if PPTP works without the software. Also, I may upgrade the Cisco software and use the latest version.

Thanks for your help.
 
Upvote 0 Downvote
If that telnet command is failing then port 1723 traffic is blocked or there is a general problem with IP connectivity on that machine...hence all the firewall questions. As I said before if the machine works once the Cisco client is gone then there's probably something going on with the Cisco client's built in firewall or how the Cisco client interacts with another firewall running on the system - apparently the Cisco client has a reputation for not playing nice with the MS firewall. The MS errors you recieve are fairly generic - that's why I say go to the source and mimic a request to the port the PPTP VPN client will use since Microsoft doesn't take steps to develop error messages that can help people fix their problems. Good luck.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
608
GlobeTrekkerGal
GlobeTrekkerGal
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
445
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
405
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
356
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top