Re: VPN problems

dmearsiii · ‎01-29-2007

Running WLAN with PIX 506E, WLC 2006, and five 1242 AP's. Everything is working great except for VPN access.

WLC is handing out DHCP, only running web passthrough, and have roughly 200-250 people running through it. I use this setup at different hotels for week long meetings and have a direct WAN line seperate from the hotels. All these users are from different companies and use different VPN software.

Weird thing is about 90% of people have no problem with their VPN's, but about 10% just will not work when using the wireless network. Weird thing is though, if I take that 10% and plug them in on a wired conneciton bypassing the AP's and WLC, and let them pull DHCP from the PIX, their VPN's work great.

So its seems I'm missing something between the PIX and the WLC maybe, but I'm tapped out on ideas.

dmearsiii · ‎01-30-2007

.

acomiskey · ‎01-30-2007

What kind of address are they pulling from pix? Public or private?

dmearsiii · ‎01-30-2007

private

acomiskey · ‎01-30-2007

Are there any similarities in the 10% that are failing? Same vpn client, same endpoint device etc.? I asked about addressing because some people cannot vpn without public address, or they don't support nat traversal.

dmearsiii · ‎01-30-2007

I was having a problem with alot of Nortel Contivity VPN's but when I started putting the WAN appliance (ie. modem, router, etc....) in bridged mode and let the PIX handle the PPPoE, routing, etc.. the majority of those problems went away. I think that was due to the double natting.

Right now though, the vpn clients that won't work, range from Nortel, a few Cisco and few of these companies have programmed their own. But they all work when bypassing the wireless network.