7 Replies Latest reply on Jul 21, 2010 10:03 PM by rcamm

    Problem connection VPN windows 7 with UTM SG 560

      Hi all,

       

      We have a McAfee UTM SG560 firewall which works fine and with Windows XP we can easily make a VPN connection. Unfortunately, when we want to make a VPN connection from a Windows 7 workstation, we get an error 691.

      The security protocol is PPTP, with MSCHAPv2 and the windows firewall is off.

       

      Does anyone know how to resolve this issue? It becomes a problem, as more workstations and laptops are working with Windows7.

       

      Like to hear from you.

      Many thanx!

       

      Tjeuke

        • 1. Re: Problem connection VPN windows 7 with UTM SG 560

          check the pptp vpn server encryption settings.

           

          set it to the hightest security and see if that makes windows 7 happier

           

          if not, under advanced there is a debug option which will indicate where it is breaking when viewed via the syslog

          • 2. Re: Problem connection VPN windows 7 with UTM SG 560

            Hi there,

             

            I wonder if there is any luck that this has been resolved.  I have encountered the same issue.  pls kindly see my recent thread on this http://community.mcafee.com/message/140573#140573

            it seems that the default gateway  cannot be effected even I have checked to follow default gateway at the Windows VPN property (same as Window XP settting). 

             

             

            also in the SG560 VPN PPTP setting, encryption already set to the highest 128bit. 

             

            pls kindly find the attached log(the assigned IP is 169.254.253.252 :

            Jul 21 18:12:36 pptpd[2454]: CTRL: Client 169.254.253.134 control connection started 
            Jul 21 18:12:36 pptpd[2454]: CTRL: Starting call (launching pppd, opening GRE) 
            Jul 21 18:12:36 pppd[2455]: pppd 2.3.8 started by (unknown), uid 0 
            Jul 21 18:12:36 pppd[2455]: Using interface ppp0 
            Jul 21 18:12:36 pppd[2455]: pppd create pidfile /var/run/ppp0.pid 
            Jul 21 18:12:36 pppd[2455]: Connect: ppp0 <--> /dev/ttyp0 
            
            Jul 21 18:12:36 pppd[2455]: Will not do PAP for user PoPToP 
            Jul 21 18:12:36 pppd[2455]: Will not do CHAP for user PoPToP 
            Jul 21 18:12:36 pptpd[2454]: GRE: Discarding duplicate packet 
            Jul 21 18:12:38 pptpd[2454]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! 
            Jul 21 18:12:38 pppd[2455]: MSCHAP-v2 peer authentication succeeded for shtang 
            Jul 21 18:12:38 pppd[2455]: found interface eth0 for proxy arp 
            Jul 21 18:12:38 pppd[2455]: local  IP address 169.254.253.254 
            Jul 21 18:12:38 pppd[2455]: remote IP address 169.254.253.252 
            Jul 21 18:12:38 kernel: Default - dropped: IN=ppp0 OUT= MAC= SRC=169.254.253.252 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=137 DPT=137 LEN=76  
            Jul 21 18:12:38 kernel: Default - dropped: IN=ppp0 OUT= MAC= SRC=169.254.253.252 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=137 DPT=137 LEN=76  
            Jul 21 18:12:38 kernel: Default - dropped: IN=ppp0 OUT= MAC= SRC=169.254.253.252 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=2 PROTO=UDP SPT=137 DPT=137 LEN=76  
            Jul 21 18:12:38 kernel: Default - dropped: IN=ppp0 OUT= MAC= SRC=169.254.253.252 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=3 PROTO=UDP SPT=68 DPT=67 LEN=308  
            Jul 21 18:12:39 kernel: Default - dropped: IN=ppp0 OUT= MAC= SRC=169.254.253.252 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=4 PROTO=UDP SPT=137 DPT=137 LEN=76  
            Jul 21 18:12:40 httpd: Authentication successful for IT from 169.254.253.134  

             

            and the ipconfig is :

             

            PPP adapter VPN Connection 2:

             

               Connection-specific DNS Suffix  . :

               IPv4 Address. . . . . . . . . . . : 169.254.253.252

               Subnet Mask . . . . . . . . . . . : 255.255.255.255

               Default Gateway . . . . . . . . . : 0.0.0.0

            see the  default gateway is 0.0.0.0. while in XP it is set to be the same as the client  IP address. not sure if that causing the issue.

             

             

             

            hope there is some solution.

             

            thanks a lot.

             

            regards, utmsupp

            • 3. Re: Problem connection VPN windows 7 with UTM SG 560

              we have tested win W7, so this is strange.

               

              is it possible your client pc has an existing network card/connection  that is already on the 169.254.253.252 subnet ?

               

               

              I would use a reserved private subnet...not a  auto config subnet.

              can you ping hosts inside the network and see th pings coming in with the UTM packet capture ?

              • 4. Re: Problem connection VPN windows 7 with UTM SG 560

                thanks for your prompt response.

                 

                that is a client labtop that uses  VPN outside of office and  LAN/wireless network in the office.  it does get another DHCP IP when back to office. I do have a strange observation that when I an connected via VPN(with the IP defined in PPTP  server configuration).  that office IP(DHCP) seems interfering even it is not connected.

                 

                but with the same setting, the XP client laptop that works, notice Default Gateway set as the same of the client laptop IP .

                Connection-specific DNS Suffix  . :

                   IPv4 Address. . . . . . . . . . . : 169.254.253.252

                   Subnet Mask . . . . . . . . . . . : 255.255.255.255

                   Default Gateway . . . . . . . . . : 169.254.253.252

                 

                 

                I didn't quite understand your suggestion on using reserving subnet. could you kindly clarify more?  will be great if there is a recommended sample setup(both UTM and Win 7 end) ?  it is a very simple office LAN environment and using VPN to connect from outside.

                 

                 

                 

                 

                thank you so much.

                 

                regards,

                utmsupp

                • 5. Re: Problem connection VPN windows 7 with UTM SG 560

                  169.254.x.x is the subnet range a windows PC will use if no DHCP server is available...so if the unit has a network card that is unconfigured, it will configure itself to get an address in this range. This will conflict with the PPTP connection, which is on the same subnet.

                   

                  As such you should use a IP pool that is on the same subnet as the remote LAN, which is hopefully not 169.254.x.x

                  • 6. Re: Problem connection VPN windows 7 with UTM SG 560

                    thanks again.

                     

                    wonder if I understand correctly, we should avoid 169.254 for our remote LAN at all.  

                     

                    and XP works is because if may not have set the unoccupied adapter to reserved range? just wonder.

                     

                    thanks.

                     

                    utmsupp