For a long time I have used Cisco VPN client on my Windows 7 computers. I use it to provide IPSec VPN tunnels to Cisco ASA firewalls and it works well enough for me to not resort to ShrewSoft.
I wasted about an hour trying to work out why my VPN session would establish but not decrypt any packets. Sending encrypted packets was fine, but I got nothing back. It didn’t matter which ASA I was connecting to, so I figured this was a client issue.
Long story short – the Cisco VPN client will do this if you have more than one IP address assigned to your local LAN interface. I had added a second to configure an access point earlier in the week, and left it in place without considering it could affect the VPN client. After removing this second IP address, the session traffic traversed the tunnel as normal.