Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2752
Views
0
Helpful
3
Replies

RV180- Problem with Cisco AnyConnect (2.5.2006) VPN Using DTLS

Andrew Bailey
Level 1
Level 1

‎09-18-2012 06:37 AM

Greetings all,

My work laptop uses a Cisco AnyConnect VPN Client (Software Version 2.5.2006). The connection protocol is DTLS.

I recently upgraded to a Cisco RV180 at home at it is running the latest software version (1.0.1.9).

Since the RV180 went into service the work laptop will connect intermittantly. Usually email works but web browsing and and other services do not. It is slight strange behaviour- and seems to defy what a VPN should do......

The behaviour is very repeatable. For example from the customers office the laptop connects perfectly via VPN and if I swap back to an older inferior make of router at home VPN also works normal without changes to the laptop configuration.

I work for a large company (70,000+ employees) and we use "standard" builds so altering the laptop configuration is not really an option.

It seems to me that the RV180 doesn't support the DLTS VPN connection (indeed DLTS passthrough isn't an option in the VPN passthrough list) and is possibly blocking some incoming packets on the WAN interface.

I haven't yet tried a firewall rule to allow a DLTS (or UDP perhaps?) connection back in from the WAN side (obviously from just the IPs at my work end) but this is the only option I can think of to make this machine connect "correctly".

Does anyone have any ideas what else I could try to resolve this issue?

Kind Regards,

Andy.

Labels:
0 Helpful
3 Replies 3

Tom Watts
VIP Alumni
VIP Alumni

‎09-18-2012 09:41 AM

Hi Andrew, this router is not designed to operate with any of the Cisco VPN clients except QuickVPN. Currently the only router that has additional support is the SA500 using the Cisco 5.x. AnyConnect may be integrated later to the higher end small business platforms, but currently it is unsupported on all small business models.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Andrew Bailey
Level 1
Level 1
In response to Tom Watts

‎09-18-2012 12:08 PM

Tom,

Thanks for your reply.

I think perhaps I wasn't clear- I'm not trying to VPN to the RV180 (ie laptop to WAN) I'm simply trying to "pass through" the router (ie from the LAN out to the WAN) using the AnyConnect client from home to work

I have VPN Passthrough enabled for all three VPN types available but clearly a DTLS based VPN is not listed under these options. It is this outgoing DTLS connection that is failing as it passes through the router.

Does that clarify the issue?

I'm a bit surprised it doesn't work- how would I fault find this? I can't see any evidence of the RV180 dropping any packets (in either direction) but I suspect this must be what is happening.

Do you think an appropriate firewall rule would help?

Kind Regards,

Andy.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to Andrew Bailey

‎09-18-2012 12:36 PM

In this case, you should be able to port forward or make a firewall rule pointing to a destination. If that fails, I'd run a WAN/LAN pcap from the rouer under the Diagnostics section to see if it makes it through the router then see if the LAN is receiving correctly.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents