Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
7
Replies

Problems after upgrade to the latest VPN client 4.x and 5.x leaves

m.saunders
Level 1
Level 1

‎09-07-2007 07:13 AM

Hi, after upgrading to the latest version of the VPN software, some of my clients who use either a Linksys, D-Link or Bell speedtream 6520 router, can no longer connect or get disconnected after a short perioed of time. Anyone else have issues or know what we can check? MTU size??? FYI, they all worked fine with the previous version of the client.

Labels:
0 Helpful
7 Replies 7

didyap
Level 6
Level 6

‎09-13-2007 05:56 AM

This sounds like the "failing to learn DNS info" issue. I think if you manually set DNS servers instead of learning them from DHCP, this problem would occur. Make sure you enable DNS in the network control panel TCPIP bindings. Another problem could be with the MTU size but since it is with various platforms I think this may not be the issue. However check by lowering the MTU size.

0 Helpful

nefkensp
Level 5
Level 5

‎09-13-2007 11:55 AM

Do you have the ISAKMP nat traversal enabled and also the ISAKMP keepalive?

It could be that the spontaneous disconnect has to do with a nat-translation that gets lost..

0 Helpful

willie.gillespie
Level 1
Level 1
In response to nefkensp

‎10-12-2007 12:01 PM

Had a similar problem as the individual above: I could take a laptop and connect for hours at some places, but other places would only stay connected for a few minutes before disconnecting. It was probably the issue of whether I was going through a NAT box or not (or more likely, which NAT box I was traversing and how well it handled it).

Following your suggestion, turning on the ISAKMP nat traversal/keep-alive has seemed to fix the problem for me so far. Although I have not put it through extensive testing yet; but so far so good.

Thanks.

0 Helpful

m.saunders
Level 1
Level 1
In response to willie.gillespie

‎10-12-2007 12:09 PM

Hi Willie, can you give me more information on the command you applied? Just to update, I am running a VPN blade in a 6500 switch and all my clients terminate there. There is a "crypto isakmp nat keepalive" command I can apply but that is a global command and will affect everyone.

0 Helpful

willie.gillespie
Level 1
Level 1
In response to m.saunders

‎10-12-2007 12:16 PM

The command which enabled nat-traversal with a 20 second keep alive for me:

isakmp nat-traversal 20

I am running a PIX 506e firewall.

As far as I know (which isn't much), it does have to enable it for all your clients, but I don't have any reports of it breaking clients that previously worked. Perhaps someone a little more knowledgeable can comment in that regard.

0 Helpful

m.saunders
Level 1
Level 1
In response to willie.gillespie

‎10-12-2007 12:20 PM

Thanks for your speady reply. Hopefully someone will be able to answer me about the 6500 commands.

0 Helpful

m.saunders
Level 1
Level 1
In response to nefkensp

‎10-12-2007 12:11 PM

Hi, no, I do not have it enabled. I am running a VPN blade on a 6500 switch where all my clients terminate.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents