When a Mobile 3G or WWAN Card is used for internet connection along with CISCO IPSec VPN Client, the issue faced is that the users are able to connect to the tunnel to the headend but no traffic passes through the tunnel,the Encrypted counters do not increase on the VPN Client.
Windows 7 introduced a new adapter type called WWAN. The traffic accepted by the NIC is controlled by an NDIS Miniport Driver. The WWAN type bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so the Client NDIS IM driver fails to receive packets that go in and out WWAN devices. The third party tool that acts as the NDIS IM driver in case of the Cisco IPSec VPN Client is DNE by Citrix.
The current release of Citrix DNE is an NDIS intermediate driver that is based on NDIS 5.0.However, the native Windows 7 Mobile Broadband driver(WWAN Card)is based on NDIS 6.2. Earlier intermediate drivers that are based on NDIS 4.x or on NDIS 5.x have a known compatibility issue with the native Windows 7 Mobile Broadband driver.
The solution is to update your NDIS intermediate driver to NDIS 6.x-based Light Weight Filter (LWFdrivers are a combination of NDIS intermediate drivers and a miniport driver. The Beta version shipped out by is though known to have cause BSOD on systems.
Workaround and Explanation
Use the WWAN card as a dial up connection or use AnyConnect
The Dial Up Connection works and the USB WWAN card works because in these cases the card is used as a Modem (thereby bypassing the limitation of NDIS drivers) to connect to the internet
The AnyConnect works because it does not require any such driver.
I have gone over the scaling guide and the install guide but it's never been clear to me why the fully distributed deployment PAN needs to have so much CPU and memory. The job of the PAN is to keep the database synchronised with all the other...
We have Cisco Asa5516-x at the data center that makes site to site vpn tunnels with remote offices, recently we are observing some of the site VPN tunnels and any connect clients are getting disconnect 1- we have 8 site to site vpn tunnels with...
Hello,We recently changes our firewall policies on our FMC to block a lot more countries by GeoLocation then we ever have. In the same coin my company does a lot of international business, mostly with Germany, Finland, Norway, Japan, Spain, Canada. W...
Hey guys! We are configuring a site-to-site to a Check Point gateway. Although it initially appears to be working, with phase 1 and phase 2 being successful, the phase 2 portion keeps restarting. All we can see from the log is that the router is send...