Re: VPN OK Over Broadand. Problems over Dialup?

hwalters · ‎06-07-2003

Hi,

We are using PIX 515(version 6.3), and Cisco VPN Client 3.6.3. The system works beautifully over broadband connections. However, when we use diaup, we can connect but cannot ping anything inside the network; however, on about one in four dial up attempts we can ping.

I have tried to encapsulate the tunnel in UDP, but this does not appear to make any difference. Could it be something to do with the ISP modems, and which one you authenticate to? This may explain the sometimes work sometimes not work. I cant see how the PPP encapsulation form the PC modem to the ISP modem would affect the connection, but I could be wrong.

The only other thing I can think of is different routes accross the ISP network (hence different router images) depending upon which modem you authenticate to.

Anyone who can cast any light on the problems I'm having would be much appreciated!

Many Thanks

Hywel

hadbou · ‎06-12-2003

The usual problem taht you will encounter in this scenario would be the MTU size issue, by reducing the MTU size generally the VPN over dial up works.

May be you can check for some compatibilty issues using the bugtool kit.

Phillip Remaker · ‎06-24-2003

It would be interesting to know if the dialup connection without VPN has a lot of errors. If there are error control problems (no V.42) or flowcontrol problems (corrupt characters on modem) that would wreak havoc on the VPN which relies on uncorrupted data streams.

The other question is if the dialup ISP uses NAT on some of the modems. Check to see if the address you get from the ISP is RFC1918 (10.x.x.x 172.16.x.x, 192.168.x.x. A way around that is to use NAT-T on the PIX and the 4.x VPN client which supports NAT-T.