none
Cisco AnyConnect VPN Client And MFWC RRS feed

  • Question

  • Our configuration is: ISA 2004 std on a SBS 2003 server. All workstations are XP Pro sp3 fully patched. All browsers are same version. Here is the problem that I’m having.

    Installed Cisco AnyConnect VPN Client on four different workstations. One works correctly, on the other three they cannot resolve DNS for the VPN servers. From all of them I can ping by IP Address and get responses with no dropped packets, but if I try to ping by server.domain.local no response. If I use a browser, either IE or Firefox, I cannot connect to their sites either by IP Address or FQDN. I believe that I’ve narrowed it down to the Firewall client on these computers. I was able to get one of them to connect a correctly a few times and noticed that not only did I get the “You are working offline” message the FWC would disable itself and all would work great. Now none of them will connect correctly. Since my workstation works fine I know AnyConnect makes the connection and on all of the others we can ping Destination Servers by IP Address, so routing, auth, etc. works.

    If I manually disable the FWC on the other workstations it doesn’t help at all, ISA has to do it to make it work.
    On my workstation I can RDP to a server on the others no way. I know that this has got to be something simple but it is eluding me. I’ve updated nic drivers, reset the winsock, tried deleting and reinstalling both the FWC and the Cisco VPN client on all of the workstations to no avail
    .
    I’m hoping someone else has had this problem and can point me to the solution.

    Thanks,
    Chuck
    Sunday, March 18, 2012 9:18 PM

Answers

  • Hi Chuck,

    Thanks for posting here.

    So will domain be resolved properly form these problematic client host without FWC and Cisco VPN client installed ? and please also make sure all clients are pointing and using SBS 2003 host as the preferred DNS server.

    After that please try to run the command “nslookup server.domain.local ” and see if current IP address will return.
    Could you also show us the “ipconfig /all” results from problematic client and SBS host here ?

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    I finally took the easy way out and just uninstalled the FWC on the problematic machines, not something I really wanted to do. The Cisco VPN Client now works correctly. I'll do more research and trouble shooting on another box later but had to get this up and running due to some deadlines.

    Thank you for your reply.

    Chuck
    • Marked as answer by Juke Tuesday, March 20, 2012 5:27 PM
    Tuesday, March 20, 2012 5:27 PM

All replies

  • Hi Chuck,

    Thanks for posting here.

    So will domain be resolved properly form these problematic client host without FWC and Cisco VPN client installed ? and please also make sure all clients are pointing and using SBS 2003 host as the preferred DNS server.

    After that please try to run the command “nslookup server.domain.local ” and see if current IP address will return.
    Could you also show us the “ipconfig /all” results from problematic client and SBS host here ?

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, March 20, 2012 10:10 AM
  • Hi Chuck,

    Thanks for posting here.

    So will domain be resolved properly form these problematic client host without FWC and Cisco VPN client installed ? and please also make sure all clients are pointing and using SBS 2003 host as the preferred DNS server.

    After that please try to run the command “nslookup server.domain.local ” and see if current IP address will return.
    Could you also show us the “ipconfig /all” results from problematic client and SBS host here ?

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    I finally took the easy way out and just uninstalled the FWC on the problematic machines, not something I really wanted to do. The Cisco VPN Client now works correctly. I'll do more research and trouble shooting on another box later but had to get this up and running due to some deadlines.

    Thank you for your reply.

    Chuck
    • Marked as answer by Juke Tuesday, March 20, 2012 5:27 PM
    Tuesday, March 20, 2012 5:27 PM