OK, lets start this off with a fairly uncommon problem that allows a VPN to connect but does not pass any traffic. The VPN profile and account are tested on another machine and found to be working, so the problem is (gasp!)… the client machine!
You can verify this problem by noticing an ‘error with call to iphlpapi.dll’ in the cisco client logs (you may need to enable them on the logs tab of the client).
The rather irritating resolution to this is:
1. Remove Cisco VPN Client
3. Download ftp://files.citrix.com/winfix.exe and run it
4. Reboot again!
5. download ftp://files.citrix.com/
7. Reinstall the VPN Client.
9. The Cisco VPN client should now connect and allow traffic to pass.
This seems to be a problem with DNE, which appears to do some pretty important things with VPN traffic, more information on it is available here: https://www.citrix.com/go/lp/dne.html
I hope this saves you time, and stress, in the future.
I have seen this resolve problems in similar circumstances with WatchGaurd as well as Cisco ASA’s (5505 or 5510) VPNs aswell, only they actually don’t seem to connect at all, I haven’t seen the error message but if I find it I’ll put it here. Thanks to “The other Martin” for the tip.