cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1334
Views
0
Helpful
4
Replies

Problems with VPN on SA520-K9

runar
Beginner
Beginner

A customer are experiencing problems/unstability using QuickVPN on Win7, together with SA520.

Here are one of his emails to Cisco support (you can watch the entire case on: SR 616890081, closed by Cisco, but problem still exists)

Can we do anything to help him?

Eh,

As I have said, I can connect to the SA, the configuration is in order. The problem is that the SAs is very unstable. Sometimes you get a connection sometimes you don't.

I experience this problem with 4 SA520s that I have configured for 4 separate customers. Sometimes when you don't get connection it helps restarting the SA, but sometimes it dosen't. Sometimes after waiting a few hours you are able to connect again, but sometimes a full reconfig of VPN is neede.

This problem seem to be "initiated" randomly by Win 7 logons,but when this happens no computer regardless of which OS they run can get in.

To me this seems to be a huge incompatibility problem with the quickvpn feature and Win 7.

I need a solution to this problem!

Regards

Kjetil Hagman

VeloCom AS

4 REPLIES 4

juliomar
Participant
Participant

Hi Runar,

I would strongly suggest that the client alternatively use Cisco VPN Client if his SA520 has firmware  version 2.1.18 and above. Here is a document how to set it up:

http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/technote/note/SA500_vpnclient_appnote.pdf

Cheers,

Julio

Good morning Julio

But then he will have to buy the Cisco VPN clients?

When he bought the SA520, he expected to be able to use the bundled QuickVPN software.

Is there a incompatibility with Win 7, especially x64?

But is it possible to set up the built-in VPN client in Win 7 against SA520?

Hello Julio

Now my customer have tried the Cisco VPN client, but this won't work correctly either...

Here is his comments to this VPN client.

He really need a solution to this.

Hey, we've now tried with Cisco's VPN client. It works almost. It's just that the DNS is notpassed on.
It simply lacks the option to specify this in SA 520
You can put a dynamic ip range that will be handed out to VPN clients as they connect .
This they get assigned, and one can eg. ping the server and run up against thisconnection (located at this ip address 192.168.1.11).

I you on the other hand write SERVER1, DNS lookup does not work . And it also lacksto be able to specify where to get DNS from the config for dynamic ip range.
This seems to be a major blunder from Cisco .
A workaround is to add SERVER1 in the hosts file on each PC that will use the solution.However, this is not good enough.

Hi Kjetil,

Good news, we have just released a release candidate for MR4.  This release has many enhancements to the Cisco VPN Client supportability.  You now can do either split tunnel or ful tunnel.  You can also specify Secondary DNS/WINS servers to help in name resolution.  To request the release candidate, please send an email to sa500-mr4@cisco.com and please include  your Cisco.com User ID in the subject line of the email.

The link for the announcement is here:

https://supportforums.cisco.com/docs/DOC-16365

Best regards,

Julio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: