09-07-2007 07:13 AM
Hi, after upgrading to the latest version of the VPN software, some of my clients who use either a Linksys, D-Link or Bell speedtream 6520 router, can no longer connect or get disconnected after a short perioed of time. Anyone else have issues or know what we can check? MTU size??? FYI, they all worked fine with the previous version of the client.
09-13-2007 05:56 AM
This sounds like the "failing to learn DNS info" issue. I think if you manually set DNS servers instead of learning them from DHCP, this problem would occur. Make sure you enable DNS in the network control panel TCPIP bindings. Another problem could be with the MTU size but since it is with various platforms I think this may not be the issue. However check by lowering the MTU size.
09-13-2007 11:55 AM
Do you have the ISAKMP nat traversal enabled and also the ISAKMP keepalive?
It could be that the spontaneous disconnect has to do with a nat-translation that gets lost..
10-12-2007 12:01 PM
Had a similar problem as the individual above: I could take a laptop and connect for hours at some places, but other places would only stay connected for a few minutes before disconnecting. It was probably the issue of whether I was going through a NAT box or not (or more likely, which NAT box I was traversing and how well it handled it).
Following your suggestion, turning on the ISAKMP nat traversal/keep-alive has seemed to fix the problem for me so far. Although I have not put it through extensive testing yet; but so far so good.
Thanks.
10-12-2007 12:09 PM
Hi Willie, can you give me more information on the command you applied? Just to update, I am running a VPN blade in a 6500 switch and all my clients terminate there. There is a "crypto isakmp nat keepalive" command I can apply but that is a global command and will affect everyone.
10-12-2007 12:16 PM
The command which enabled nat-traversal with a 20 second keep alive for me:
isakmp nat-traversal 20
I am running a PIX 506e firewall.
As far as I know (which isn't much), it does have to enable it for all your clients, but I don't have any reports of it breaking clients that previously worked. Perhaps someone a little more knowledgeable can comment in that regard.
10-12-2007 12:20 PM
Thanks for your speady reply. Hopefully someone will be able to answer me about the 6500 commands.
10-12-2007 12:11 PM
Hi, no, I do not have it enabled. I am running a VPN blade on a 6500 switch where all my clients terminate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide