07-01-2011 02:03 PM - edited 08-28-2017 11:31 PM
This document explains why IPSEC VPN clients don't work on Verizon 4g network.
The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem.
Based on suggestions made by Verizons it seems as though the following things need to be attempted:
1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents:
a. IPSEC over NAT-T on IOS devices
2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents:
a. IPSEC over TCP on IOS devices
b. Enabling IPSEC over TCP on ASA
3. Use Anyconnect rather than IPSEC
4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications.
Thanks this resolved my issue by enabling NAT-T for an ASA for users using the Verizon LG VL600 4G usb stick.
This worked for me too. On a PIX with a UML290 aircard over Verizon's network.
Verizon sipport has an update for the UML290 modem (at least for a Windows 7 device), please see the link that was supplied to me here: http://www.vzam.net/uploadedFiles/UML290%20VPN%20Connection%20Issues%20-%20Read%20Me.zip . Hope this helps.
Hi,
I also suggest, if available, using "RAS(Modem)" connection method instead of "NDIS" which has solved my problem and had nothing to do with my infrastruture.
Best regards
i have an LTE modem, it connects on Huawei LTE but can not access any internal resources
Hello,
We just ran into this problem with users on Verizon using the Gobi 4000 (Sierra Wirless MC 7750) and the Cisco VPN. We could connect to the VPN but couldn't send any traffic or access internal resources.
We enabled NAT-T on the ASA but it still didn't work right away. We found a post suggesting to update the DNE driver and that fixed the issue for us. Our Windows 7 laptops are connected and working now.
The 32-bit download is here: ftp://files.citrix.com/dneupdate.msi
The 64-bit download is here: ftp:/
Additional information on this is here: http:/
Credit to scojjac at http://community.spiceworks.com/topic/329360-verizon-lte-cisco-ipsec-vpn-issue
Hope this helps,
John
Thank you! Enabling IPSEC over TCP did the trick in my case. Along with making the change on the ASA:
crypto isakmp ipsec-over-tcp port 10000
I also had to set the VPN client to use TCP as well.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: