Re: VPN session remains up but can no longer get to internal dev

CSCO10203269 · ‎12-03-2008

Our remote users in Germany are provided with a mixture of Vodafone 3G Mobile Connect Cards (PCMCIA) and "USB sticks" for cellular broadband access. Installed on their laptops is Vodafone's Mobile Connect Client & Cisco VPN client version 5.

To connect, they first connect to Vodafone's "VPN access point" -- Vodafone's VPN only service offering. Once connected, they VPN into the network with the Cisco client. All users connect to a Cisco 3020 Concentrator.

Users are able to access network resources, however, they lose connectivity after 5-10min. What's unusual is, it doesn't look like the VPN session drops since the padlock in the right hand corner remains locked; they just can't access network resources.

To troubleshoot...

a) We had a user establish a VPN session then immediately start a continuous ping to an internal device's IP address. The connection stayed up for 20min before requests started timing out.

b) We enabled "IPSec over TCP" on the client and Concentrator side, no change.

What could possibly be causing this behavior?

CSCO10203269 · ‎12-04-2008

Attached is a screenshot showing the pings failing, yet, the Cisco padlock is still locked.

CSCO10203269 · ‎12-04-2008

Forgot to attach file.

gdextensis · ‎12-06-2008

Does Vodafone use Venturi Transport Protocol clients for Windows like Verizon's does with their EvDO cards? If so, we had to turn off and eventually uninstall the Venturi client software because it detrimentally interfered with IPsec traffic.

-Gary

CSCO10203269 · ‎12-08-2008

Gary,

I believe the Vodafone client does come with a optimization component. I ask the local contact to uninstall it to see if it makes a difference.

VPN session remains up but can no longer get to internal devices