cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3743
Views
0
Helpful
7
Replies

VPN client drops with Wireless Connection

mszoke
Level 1
Level 1

We have been getting a number of users complaining about their connection dropping when using the VPN over a wireless connection. After the drop, the client is unable to reconnect without doing a "repair" or rebooting the machine. Anyone experience anything similar?

Thanks!

7 Replies 7

Ivan Martinon
Level 7
Level 7

Any particular log on the vpn client? Somem complain on it (log) regarding an ip address change? are those hosts vista PCs or XP?

Log mentions the client lost its IP address. I'll have to get the exact verbiage to be accurate though. All are XP clients now.

Yeah heard that before, it should say something like SADB changed... try to get a log so we can confirm this. Anyways you can look for the registry key Automatic IP addres Update on the XP, it causes the XP to try to renew the ip address continuously and that is known to cause problems. Look for it on google.

OK. I'll grab a log file as soon as I can replicate the problem again. Thanks for the tip.

craig.eyre
Level 1
Level 1

Did you get this resolved? Let me know as I may have a fix for you.

Craig

Hi Craig

We have a user with the same problem - have you got a fix?

Cheers

Miles

Hi Miles,

I noticed with our clients that the wireless users were connecting as a straight IPSEC vpn connection without NAT-T. Check on your concentrator or ASA and see if they connect without NAT-T.

I came to the conclusion that our edge firewall (non cisco) has a UDP connection timeout of 180 seconds and is non changeable.

To work around this I added the line below to the vpn profile files under c:\programs files\cisco systems\vpn client\profiles and whatever your profile is .pcf. Open with wordpad and add this line.

ForceNatT=1 (case sensitive)

This will force the vpn client to use NAT-T regardless of internet connection.

This introduces another keepalive mechanism that will keep the connection alive past the 180 second UDP timeout.

HTH

Craig

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: