Russ' Do It Yourself Home Workshop

Finding Fixes to Just About Anything and Everything

Cisco VPN Client Encrypted and Decrypted Packets are Zero–No DNS Resolution on Windows 7

Posted by Russell Wright on September 26, 2014

This problem has been killing me!  I’ve searched and searched and finally came across this article (and a fix that actually works!):

http://hydrous.net/weblog/2009/10/28/force-windows-to-use-a-vpns-dns-server

Here’s the background.

As a consultant, I have multiple VPN clients at any given time loaded on multiple machines.  In this case it was my old trusty Dell D830 (upgraded with an SSD for like-new performance) that was giving me fits.  At some point in time the Cisco VPN client got to the point it was able to connect, but I could not access any resources on the client’s network.  Basically, there is no DNS resolution and nothing would ping or connect.  When you start looking around at the VPN Client Statistics, you notice the Packets Encrypted and Decrypted values are 0…they never change. 

image

In this screen shot, you’ll see they are NOT zero, which means things are working again!

image

Well, how do you fix this?  It appears it has to do with the binding order of the Cisco VPN adapter you see in your Network Connections. 

image

Checking out the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage and finding the Bind property, you can open it up and see a bunch of devices and their GUIDs.

image

Now the trick is to be able to look at this list and determine which one(s) belong(s) to the Cisco VPN adapter and move it/them to the top of the list.

image

One of the ways to do this is to navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces key and start clicking through the short list, while paying attention to potentially identifiable information in the right pane.  Usually this is in the form of a NameServer, which you can generally find in the properties of the network adapter after you’ve made a connection to the VPN server and the VPN network adapter has been enabled.

Now, it appears, at least in my case, that there are a couple of entries that look suspicious.  They were suspicious because they were both subnets that are used within the VPN network adapter configuration for this client, i.e. IP address beginning with 172.x.x.x and name servers in the 10.10.x.x range.  What I found was a 172.26.x.x NameServer and a 10.10.x.x NameServer and I adjusted them so they were at the top of the list, with the 172.26.x.x entry at the top and the 10.10.x.x entry just below it.  I’m not sure if one of these is just a bad entry that could be deleted, but for the time being I’m leaving them both in, until such time I can have a better determination.

image

image

image

I fired up the VPN, it connected and, low and behold, the packets were encrypting and decrypting again!  DNS name resolution was working!  All’s well in Cisco VPN land, once again.

 

Search terms:

Cisco VPN connects but doesn’t work
No DNS resolution on Cisco VPN
Encrypt and Decrypt not working Cisco VPN client
Connect to VPN but can’t access any network resources

One Response to “Cisco VPN Client Encrypted and Decrypted Packets are Zero–No DNS Resolution on Windows 7”

  1. Bob said

    Thanks for the information. It worked. Very frustrating searching for an answer to this problem. Too many give the same useless answers. They never had this problem and are just giving generic useless things to try! Again thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: