Cisco VPN Client Encrypted and Decrypted Packets are Zero–No DNS Resolution on Windows 7
Posted by Russell Wright on September 26, 2014
This problem has been killing me! I’ve searched and searched and finally came across this article (and a fix that actually works!):
Here’s the background.
As a consultant, I have multiple VPN clients at any given time loaded on multiple machines. In this case it was my old trusty Dell D830 (upgraded with an SSD for like-new performance) that was giving me fits. At some point in time the Cisco VPN client got to the point it was able to connect, but I could not access any resources on the client’s network. Basically, there is no DNS resolution and nothing would ping or connect. When you start looking around at the VPN Client Statistics, you notice the Packets Encrypted and Decrypted values are 0…they never change.
In this screen shot, you’ll see they are NOT zero, which means things are working again!
Well, how do you fix this? It appears it has to do with the binding order of the Cisco VPN adapter you see in your Network Connections.
Checking out the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage and finding the Bind property, you can open it up and see a bunch of devices and their GUIDs.
Now the trick is to be able to look at this list and determine which one(s) belong(s) to the Cisco VPN adapter and move it/them to the top of the list.
One of the ways to do this is to navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces key and start clicking through the short list, while paying attention to potentially identifiable information in the right pane. Usually this is in the form of a NameServer, which you can generally find in the properties of the network adapter after you’ve made a connection to the VPN server and the VPN network adapter has been enabled.
Now, it appears, at least in my case, that there are a couple of entries that look suspicious. They were suspicious because they were both subnets that are used within the VPN network adapter configuration for this client, i.e. IP address beginning with 172.x.x.x and name servers in the 10.10.x.x range. What I found was a 172.26.x.x NameServer and a 10.10.x.x NameServer and I adjusted them so they were at the top of the list, with the 172.26.x.x entry at the top and the 10.10.x.x entry just below it. I’m not sure if one of these is just a bad entry that could be deleted, but for the time being I’m leaving them both in, until such time I can have a better determination.
I fired up the VPN, it connected and, low and behold, the packets were encrypting and decrypting again! DNS name resolution was working! All’s well in Cisco VPN land, once again.
Cisco VPN connects but doesn’t work
No DNS resolution on Cisco VPN
Encrypt and Decrypt not working Cisco VPN client
Connect to VPN but can’t access any network resources