VPN tunnel connects, but not Exchange Server

Unanswered Question
Feb 6th, 2008

I am having a problem connecting to our Exchange Server once my VPN tunnel has been created. This is only a problem on my home's wireless router. It works fine on my Verizon Aircard. Once I establish the VPN tunnel, I can browse the Internet without issue and can access network drives. However, I cannot connect to the Exchange Server through Outlook. Outlook cycles through "attempting to connect to Exchange server" and "Disconnected." As I mentioned, if I disconnect from my wireless connection and connect to my Verizon Aircard, I can connect to Exchange server without issue. I have not had access to other wireless networks to know whether it works on other wireless networks. I've read that Outlook / Exchange through a VPN tunnel is sensitive to MTU issues. As I browse the registry, I don't see any MTU values higher than 1500, some settings show 1300. I see that my wireless router has a "fragmentation threshold" setting which is the default of 2346. My wireless card on my laptop has a similar 2346 setting. Could that be related? The WAN status in my wireless router reports an MTU setting of 1500 from my ISP. I have confirmed that IPSEC, PPTP and L2TP are all enabled in my wireless router. Any thoughts on where I go from here? Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Wed, 02/06/2008 - 09:33

Hi Jeffrey

Let me understand the scenario. Your client at home is configured to use Exchange mailbox, and Exchange server is located in remote office. For establishing Exchange connection, you establish connection via Remote Access VPN client correct?

If above is correct, plus problem occurs in one router and does not in another, I would suggest the following command to be issued in VPN endpoint

crypto isakmp nat-traversal 30


jeffcarp Wed, 02/06/2008 - 09:40

Yes, the Exchange server is at corporate. I connect, using the laptop via a direct connection to the corporate LAN/WAN when I am in the office. That same laptop is used via VPN Client, to connect to the same Exchange server at corporate when traveling. This is not a VPN to WebOutlook. I use the same Outlook client that I use in the office. The laptop has a wireless 802.11g LAN card. It also has a Verizon Aircard (3G cellular data) PC card. When using the Verizon 3G card from a remote location, I have no issues. When I connect remotely through the wireless LAN at home, I cannot connect to Exchange. Other VPN clients are accessing Exchange remotely without problems. (They are using different remote networks than mine). So it would appear to be a client-side issue. And more than that, specific to the 802.11 wireless connectivity, since the Verizon 3G card connectivity works fine.

husycisco Wed, 02/06/2008 - 10:22


"Other VPN clients are accessing Exchange remotely without problems. (They are using different remote networks than mine). So it would appear to be a client-side issue."

This does not make it a client-side issue completely. Above command makes VPN clients, which are behind a NAT device like modem or router, to be resolved correctly on VPN endpoint. Other clients may not be behind a NAT device.

According to previous experiences of mine, above issue is the most encountered one. VPN passthrough disabled or incapable modems and previous VPN client version issues are the encountered ones after nat-traversal.

I would also suggest installing latest VPN client software (5.x).

What brand is your wireless access point/internet modem and its model no?


jeffcarp Wed, 02/06/2008 - 11:24

The router is a Linksys WRT54G v1.02.2. I do not know off the top of my head what the cable modem is. I believe it is an RCA model cable modem, as provided by Mediacom cable. It is at least a couple years old. It there a capability it needs to have, that I can ask Mediacom about?

husycisco Wed, 02/06/2008 - 11:42

You better uninstall your existing VPN client then install 5.x version first. If it doesnt work, make sure VPN passthrough is enabled in WRT54G (this model supports passthrough but might be disabled). Using a cable and connecting laptop directly to cablemodem and trying VPN connection will also eliminate possible Linksys oriented issues. If still no joy, most probably your cable modem does not support VPN passthrough and you should ask Mediacom.

jeffcarp Wed, 02/06/2008 - 11:46

Not sure I am following the diagnosis here. If I can establish the tunnel and browse the web through the tunnel, doesn't that mean that the Linksys box and modem adequately support VPN passthrough? Or I wouldn't have been able to establish the tunnel in the first place. My only connectivity issues relates specifically to Exchange server.

husycisco Wed, 02/06/2008 - 12:16

"Or I wouldn't have been able to establish the tunnel in the first place"

No. As I mentioned earlier, I answered lots of questions which supply the exact symptoms you have. Connected but no traffic or problems in traffic.

"browse the web through the tunnel"

Are you sure of this? To make sure, right-click VPN icon at right-bottom corner then click statistics. Click route details tab. In right-pane, if is listed, that means you browse the web, downloads etc through the tunnel when connected

Couple of questions... do you acquire the same IP from VPN pool when you connect via wireless and when you connect via verizon

What happens when you run this command while connected via wireless? telnet exchangeservername 25

jeffcarp Wed, 02/06/2008 - 16:03

I have done some more testing and this is where I am at...

I can connect to the Linksys router port with a patch cable, connect via VPN and connect to Exchange server without a problem. I connect to the same Linksys router over wireless and I can't connect to the VPN security gateway. So it seems to be something on the wireless side. Does that narrow the problem down?

husycisco Fri, 02/08/2008 - 05:35

Yes it does narrow the problem down. So 2 things left. Your access point and wireless card of computer. Do you have any other client which connects via this acccess point? Did you make sure you allowed vpn passthrough in this access point? Did you install latest version of VPN client?

jeffcarp Wed, 02/13/2008 - 04:32

When using other access points, the wireless card isn't an issue. It works with the VPN at a hotel for example. Yes, I am positive that VPN Passthrough is enabled. Checked it many times. I do not have the latest client. From what I can tell, only my IT department can download that from Cisco. I can't find a place where the average Joe can download that.

husycisco Wed, 02/13/2008 - 08:17

One more possibility, what IP (with subnetmask) do you acquire from access-point? and what IP do you acquire from VPN pool? If VPN pool is same with access-point subnet is covered by access-point, then this will raise exact connectivity problem you encounter.

If they are not the same, all hopes are on downloading new VPN client. If even new VPN client does not sort it out, you should call Linksys about the issue

jeffcarp Thu, 02/14/2008 - 07:16

Would that problem not also affect the ability to connect via a hardwired connection to the Linksys router? The problem is only on the wireless side. I am afraid that you've gone into an area that I don't know how to determine the answer. If you can tell me how to find the information you are asking for, I will look. Thank you.

jamesk1792 Sat, 02/16/2008 - 13:58

I'm by no means a guru in the networking world, but my organization sees this daily. We are required an MTU of 1300 on everything that is trying to VPN in, in order to get Outlook to function correctly. Our logon script to map network drives will fail as well without setting to 1300.

It's the tell tail sign of problems on our trip locations.

Put your MTU at 1300 on your VPN client virtual adapter and on your nic on the workstation/laptop. I wouldn't be suprised if the issue resolves.


This Discussion