VPN connects but no traffic passes

OK, lets start this off with a fairly uncommon problem that allows a VPN to connect but does not pass any traffic. The VPN profile and account are tested on another machine and found to be working, so the problem is (gasp!)… the client machine!

You can verify this problem by noticing an ‘error with call to iphlpapi.dll’ in the cisco client logs (you may need to enable them on the logs tab of the client).

The rather irritating resolution to this is:

1. Remove Cisco VPN Client
2. Reboot
3. Download ftp://files.citrix.com/winfix.exe and run it
4. Reboot again!
5. download ftp://files.citrix.com/dneupdate.msi for 32-bit or ftp://files.citrix.com/dneupdate64.msi and run the relevant file..
6. Reboot
7. Reinstall the VPN Client.
8. Reboot.
9. The Cisco VPN client should now connect and allow traffic to pass.

This seems to be a problem with DNE, which appears to do some pretty important things with VPN traffic, more information on it is available here: https://www.citrix.com/go/lp/dne.html

I hope this saves you time, and stress, in the future.

 

Update:

I have seen this resolve problems in similar circumstances with WatchGaurd  as well as Cisco ASA’s (5505 or 5510) VPNs aswell, only they actually don’t seem to connect at all, I haven’t seen the error message but if I find it I’ll put it here. Thanks to “The other Martin” for the tip.

3 thoughts on “VPN connects but no traffic passes”

  1. Had these in two offices (West Coast/NYC) for a litlte over a week. The firmware is highly unstable, even after being upgraded to the latest version from Cisco. These were installed by a highly-rated Cisco partner firm for our offices, and after trying to get the most basic features to stick we’ve all simply given up. The VPN is extremely slow and volatile, settings do not stick in the firmware (“Hey, didn’t I just make that a UDP port forward? Why does it default to TCP when the setting is applied and saved?”), DNS errors (that Cisco acknowledged and “fixed”) caused unpredictable browsing and Web services for users, there’s no command-line interface only GUI, and port forwarding simply does not (even when Cisco support tried to fix it). Terrible routers that it turns out are re-branded Linksys (remember, Cisco bought Linksys not too long ago). Save yourself a headache and start with a 5505 if you’re looking at this price point.

Leave a Reply

Your email address will not be published. Required fields are marked *