I had been using the CiscoVPN client v 4.0.3 win my Cisco PIX 6.3 and
it was working just fine. Then one day, on a whim, I downloaded the
4.6 client. I uninstalled the 4.0.3 client, rebooted, installed the
4.6 client, rebooted [again], imported the same profile I used with the
old client and connected. I connected, got prompted for a user name
and password and it looked like everything was fine. On the client
machine I did an 'ipconfig' and it even showed an IP address from the
correct pool. But, I can't ping anything else inside the firewall.
The only other thing I can ping is the outside interface of the
firewall. I uninstalled 4.6 , rebooted, installed 4.0.3, rebooted
[again] and imported the profile and was able to connect and work just
fine. I have no idea why the new client will not work. Nothing has
changed on the PIX side.

This is the first time I've used this forum, so forgive me if I have
left out crucial info. I can post logs or anything that would help,
but I'm mostly wondering if this problem sounds familiar to anyone or
if anyone can point me towards a good resource.

In article <1105324024.389407.170020@c13g2000cwb.googlegroups .com>,
<brownr26@yahoo.com> wrote:
:I had been using the CiscoVPN client v 4.0.3 win my Cisco PIX 6.3 and
:it was working just fine. Then one day, on a whim, I downloaded the
:4.6 client. I uninstalled the 4.0.3 client, rebooted, installed the
:4.6 client, rebooted [again], imported the same profile I used with the
ld client and connected. I connected, got prompted for a user name
:and password and it looked like everything was fine. On the client
:machine I did an 'ipconfig' and it even showed an IP address from the
:correct pool. But, I can't ping anything else inside the firewall.
:The only other thing I can ping is the outside interface of the
:firewall.

People have been reporting various issues with the 4.6 client --
though most of the problems have been with it failing to run at all,
or with problems in installing or deinstalling it.

: I uninstalled 4.6 , rebooted, installed 4.0.3, rebooted
:[again] and imported the profile and was able to connect and work just
:fine. I have no idea why the new client will not work. Nothing has
:changed on the PIX side.

Does it happen to be the case that you are using RFC1918 reserved IPs
internally in the LAN inside your PIX, and that you are not using the
reserved IP range according to the "class" that the reserved IP falls
in? i.e., you are using 10.*.*.* internally but are not using a netmask
of 255.0.0.0 (/8); or are using 172.16.0.0 thru 172.31.255.255
internally but are not using a netmask of 255.255.0.0 (/16); or are
using 192.168.0.0 thru 192.168.255.255 internally but are not using a
netmask of 255.255.255.0 (/24) ? [I'll assume you aren't using
169.254.*.* or 127.*.*.* or 224.*.*.* or any other reserved special
purpose range.] Alternately, are you using any other IP range
internally but are using a subnet mask that does not match
what would be expected by examining the first byte (i.e.,
1-126.*.*.* is /8, 128-191.*.*.* is /16, 192-222.*.*.* is /24) ?

If that happens to be the case, that you are using subnets internally
differently than their 'class' number would suggest, then I suggest
you upgrade your 6.3 PIX to 6.3(4) and use the new facility
to assign a netmask on an IP address pool.

http://www.cisco.com/univercd/cc/td/...4.htm#wp137259

I don't know if that will fix the problem, but it's the best guess I've
got [and I'm getting pretty good at this telepathy business ;-) ]

--
History is a pile of debris -- Laurie Anderson

Walter,

Thanks for the reply. I bopped on over to the Cisco site this morning
only to find 4.6 was gone [gasp!]. So - I uninstalled, downloaded
4.0.5.... and it worked without a problem.

Guess we'll all wait with bated breath for Cisco's "fixed" new client.

Robert

Walter Roberson wrote:

hey are you running windows xp sp2 on your system?