cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
55741
Views
5
Helpful
7
Comments
Vinay Sharma
Level 7
Level 7

 

 

Introduction

VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN

Scenario 1

Cannot access any device on the network via RDP or applications via host file - forwarded servers from the Windows 7 64 bit laptop using a Verizon wireless broadband connection and the Cisco 64 bit VPN client 5.0.7.290. Can connect easily via a DSL wired connection from home using the same laptop and VPN client and RDP.

The VPN client will connect to the VPN server (Easy VPN on Cisco 2821 router) over the wireless broadband connection (Can see it in the management console on the router) but it will pass no data. Unable to ping anything in the domain, nor the outside IP. When pinging from the laptop, it drops the VPN connection (Connection terminated by the peer).

Hardware and Software:-

The laptop is a Dell M4500 running Windows 7 Ultimate 64 bit OS. The VPN client is as stated, rev 5.0.7.290. The internal wireless broadband card is a QualCom 5620 (EV-DO-HSPA) device (Gobi 2).

Scenario 2

Same problem has been noticed with Dell Latitude E6510 with the Verizon Dell Wireless 5620 EV-DO-HSPA card.  Using the latest version of Cisco VPN client (5.0.07.0290).  The card appears to connect correctly and gains an internal address but can't not ping any internal devices or access any the internal network resources.

Note:- The systems are running Windows 7 Enterprise x32 with the firewalls all turned off.

Scenario 3

Same problem has been faced with Dell E6410.  Dell Wireless 5620 EV-DO-HSPA connecting to Sprint.  Version 5.0.07.0290 of the vpn client 64-bit on Windows 7 64-bit OS.  Able to transmit vpn data when connected using CMU-300 Qualcomm card from the same laptop using Sprint's SmartView connection software.

Scenario 4

E6400 running Windows 7 x32 and several E6410's with Windows 7 x64 using Verizon EVDO card faced same issue on the x64 but not on the x32's Is it a problem with the VPN client?

Scenario 5

Same issue with the Dell AT&T card 5530. Tried it on a Dell 6410 and 4300 and with both Windows 7 32 and 64 bit but same result. Cisco client used is 5.0.07.0290.  It will connect but unable to ping or get to anything on the network.

Note:-

  • However anyconnect client works fine.
  • If exact same hardware and software configuration of the 5.0.07.029 client and the air card in Windows XP it works with no issues. 

Solution

It appears to be a default setting in the Verizon Access Manager Software that does not play well with the Cisco Client.

In VZAccess Manager, select Options | Preferences.  Under the Connectivity options, the default setting of "NDIS Mode - Manually Connect" was selected.  Changing this option to "Modem Mode - Manually connect" appears to have completely addressed the issue.  We can now connect to the WWAN, establish a Cisco VPN session and have connectivity.

 

10-8-2010 12-04-33 PM.png

 

Yes as per the release notes of the VPN Client does not support WWAN Card interface on Windows 7. Here is a little explanation why the VPN Client works when setup as Modem(Dial Up Connection) and does not work when setup as a normal connection

Windows 7 introduced a new adapter type called WWAN. The traffic accepted by the NIC is controlled by an NDIS Miniport Driver. The WWAN type bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so the Client NDIS IM driver fails to receive packets

that go in and out WWAN devices. The third party tool that acts as the NDIS IM driver is DNE by Citrix.

The current release of Citrix DNE is an NDIS intermediate driver that is based on NDIS 5.0. However, the native Windows 7 Mobile Broadband

driver(WWAN Card)is based on NDIS 6.2. Earlier intermediate drivers that are based on NDIS 4.x or on NDIS 5.x have a known compatibility issue with the native Windows 7 Mobile Broadband driver. 

The reason the USB WWAN card works is that it is used as a Modem (thereby bypassing the limitation of NDIS drivers) to connect to the

internet whereas the internal card is used as a NIC which the VPN Client is not able to recognize

Same problem on a Latitude e6510 with Windows 7 pro 32-bit and How to fix it is the following:-

  • Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000. Make sure there are no references to the WWAN card in device manager.
  • Restart the computer and reset the bios to default settings.
  • Install the R2750584 Driver for the 5620 wireless
  • Install VZAM

Note:-

Don't install the Dell Mobile broadband utility or connection manager or whatever it is because that may cause some issues.

VPN Client 5.0.07 features the following:

•Support for Windows 7 on x64 (64-bit). This release, however, does not support WWAN devices (also called wireless data cards) on Windows 7 x86 (32-bit) and x64. For support of WWAN devices on Windows 7, please use the Cisco AnyConnect Secure Mobility client.

•Support for Windows Vista on x64.

•Packet LZS compression for x64 VPN Client.

Note that this version does not provide online help.

Some More information from VPN Standpoint

 

IPSEC-VPN client issues with Verizon VZ4G LTE network

The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem.


Resolution

Based on suggestions made by Verizons it seems as though the following things need to be attempted:

1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents:

     a. IPSEC over NAT-T on IOS devices

     b. IPSEC over NAT-T on ASA

2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents:

     a. IPSEC over TCP on IOS devices

     b. Enabling IPSEC over TCP on ASA

3. Use Anyconnect rather than IPSEC

4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications.

 

New Scenario

Latitude e6510 with Windows 7 pro 32-bit

Solution

Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000.  Make sure there are no references to the WWAN card in device manager.

Restart the computer and reset the bios to default settings. Install the R2750584 Driver for the 5620 wireless Install VZAM.

George tried 3 different versions of the Qualcomm Gobi 2000 drivers.  R275082 doesn't work.  Don't install the Dell Mobile broadband utility or connection manager or whatever it is.  The Novatel one.

New Workaround 1

Recently Tim discovered that the Cisco 64 bit VPN client running on Dell Precision M6500 (Windows 7 64 bit OS) was able to connect correctly by using the wireless hotspot on iPhone 4S (Verizon Wireless). It will also connect when tethered to the laptop via USB cable. Once he discovered this, then he was able to do the same on the laptop that spawned this discussion, by tethering to the boss's Blackberry Bold after downloading and installing a new Verizon Wireless Access Manager utility that allowed us to select the device (the Blackberry) for installation. He think that this has allowed them to bypass the Gobi2 wireless cards on both laptops and the factory installed Dell Connection Manager software which was incompatible with the Cisco 64 bit VPN client software. As far as he is concerned here, this new method (Smartphone hotspot and tethering) is the way to go for them, and has resolved all issues for remote connectivity for them.

New Workaround 2

Another user just ran into this problem with clients on Verizon using the Gobi 4000 (Sierra Wireless MC 7750) and the Cisco VPN.  They could connect to the VPN but couldn't send any traffic.

Their laptops also did not support the VZAM.  We enabled NAT-T on the ASA but it still didn't work right away.  We found a post suggesting to update the DNE driver and that fixed the issue for us.  Our Windows 7 laptops are connected and working now.

The 64-bit download is here: ftp://files.citrix.com/dneupdate64.msi

Additional information on this is here: http://www.citrix.com/go/lp/dne.html

Credit to scojjac at http://community.spiceworks.com/topic/329360-verizon-lte-cisco-ipsec-vpn-issue

Latest Workaround shared by John

We just ran into this problem with users on Verizon using the Gobi 4000 (Sierra Wireless MC 7750) and the Cisco VPN.  We could connect to the VPN but couldn't send any traffic.

Our laptops also did not support the VZAM.  We enabled NAT-T on the ASA but it still didn't work right away.  We found a post suggesting to update the DNE driver and that fixed the issue for us.  Our Windows 7 laptops are connected and working now.

The 64-bit download is here: ftp://files.citrix.com/dneupdate64.msi

Additional information on this is here: http://www.citrix.com/go/lp/dne.html

Credit to scojjac at http://community.spiceworks.com/topic/329360-verizon-lte-cisco-ipsec-vpn-issue

 

Reference

This document was generated from the following discussion

VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN

Comments
StephanMC
Level 1
Level 1

I know this an old post but users on Verizon using a Gobi 5000 (Sierra MC 7355) and a Cisco VPN are running into the issue again.

The MC 7355 is not supported by VZAM and the Sierra AirCardWatcher manages the connections.

 

Any insights?

jhowison
Level 1
Level 1

Hi Stephan,

 

We just ran into this problem with users on Verizon using the Gobi 4000 (Sierra Wirless MC 7750) and the Cisco VPN.  We could connect to the VPN but couldn't send any traffic.

 

Our laptops also did not support the VZAM.  We enabled NAT-T on the ASA but it still didn't work right away.  We found a post suggesting to update the DNE driver and that fixed the issue for us.  Our Windows 7 laptops are connected and working now.

 

The 64-bit download is here: ftp://files.citrix.com/dneupdate64.msi

Additional information on this is here: http://www.citrix.com/go/lp/dne.html

Credit to scojjac at http://community.spiceworks.com/topic/329360-verizon-lte-cisco-ipsec-vpn-issue

 

Hope this helps,

John

 

StephanMC
Level 1
Level 1

John,

 

HUGE thanks for the post. Got my issues fixed and can deploy the new machines now!

 

emachac0270
Community Member

This document helped me fix my issues, had to disable Microsoft Windows® 7 Windows Mobile Broadband mode support for this modem (USB551).

http://www.vzam.net/uploadedFiles/USB551L_WMB_VPN_ReadMe.pdf

I still get 4G LTE connection, but have to use VZAccess Manager.

 

VPN issues are gone.

mike_going
Community Member

This may have been addressed but I'm trying to connect to cisco vpn for Dell using a verizon wireless USB551L, we get connected but not data comes through and we can't figure out what setting needs to be changed so that we can access anything through the vpn.  We are running cisco 5.0.07.0440.  Thanks. 

emachac0270
Community Member

Mike_going

Did you try the fix listed in this document? http://www.vzam.net/uploadedFiles/USB551L_WMB_VPN_ReadMe.pdf

 I have the same setup as you and it is working after doing the following:

Operating System Affected: Microsoft Windows® 7
Resolution:
Customers experiencing these issues should be following the instructions below to set the
default operating mode back to LAN Adapter mode.
 During the installation of the device driver, the user is presented with the option to set the
default operating mode to be LAN Adapter or WMB mode.

 

Vinay Sharma
Level 7
Level 7

John,

Many thanks for sharing your findings and workaround with community users, much appreciated. I have updated the document with your findings.

 

Many Regards,

Vinay Sharma,

Community Manager,

CCIE#44972

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: