I’ve noticed a frequent compatibility problem with the classic Cisco VPN client (IPSec IKEv1) in combination with certain Windows network drivers. In particular, the Intel PROSet software wreaks havoc with the Cisco VPN Client name lookup capabilities (DNS over Tunnel). The following is a description of the typical scenario.
- Cisco VPN Client is installed and working correctly.
- Later the Intel PROSet Wireless Utility (with drivers) is updated or installed on a Windows system
- Following the PROSet install, the VPN Client seems to connect properly, but DNS name lookup across the tunnel silently fails (name lookups are sent to the local ISP rather than across the tunnel).
- A clean uninstall and reinstall of the Cisco VPN client fixes the issue
- Any subsequent update or install of the PROSet software will break the VPN Client name lookup again.
As you can imagine, this issue is difficult to troubleshoot because the PROSet software damages the Cisco VPN Client name lookup ability silently while the client VPN session appears to establish correctly. NOTE that this issue is VERY COMMON with DELL laptops – testing reveals that Dell usually distributes Only the PROSet Utility driver leaving customers to go directly to Intel to find the DRIVER-ONLY Intel Wireless download. A further issue with the Dell-provided package, the Dell Update Utility included with many of their laptops will automatically find and install the latest PROSet Wireless Utility on your system if you don’t watch for and deselect that specific update.
To resolve this issue in a fairly reliable fashion, I recommend removing both the PROSet utility and Cisco VPN client, then installing the Intel Wireless DRIVERS-ONLY package followed by a fresh install of the VPN Client. To get the latest Intel Wireless drivers, try the following link or search Google for something like “Intel Wireless Download.”
- Intel® PROSet/Wireless Software Downloads
- Select your preferred version and matching operating system
- Download the file marked with a D for DRIVERS ONLY like Wireless_xx.xx.x_Ds64.exe
- The file size is smaller for the Driver-Only package because you’re avoiding the PROSet Utility
Before uninstalling and reinstalling any software, I recommend using Basic DNS Troubleshooting techniques like the following to determine whether a more basic name lookup issue can be resolved without software changes.
- Clear the Windows DNS Lookup Cache (using command-line or a simple reboot)
- ipconfig /flushdns
- OR: Reboot the system
- Connect using the VPN Client BEFORE doing anything else on the computer. This is to prevent Caching a DNS name look-up until AFTER the PC can talk to the private name servers.
- Use the nslookup command to test name lookup – IP’s returned should match the expected private IP of each server or host accessed across the tunnel.