VPN client drops with Wireless Connection

Unanswered Question
Apr 22nd, 2009

We have been getting a number of users complaining about their connection dropping when using the VPN over a wireless connection. After the drop, the client is unable to reconnect without doing a "repair" or rebooting the machine. Anyone experience anything similar?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 04/22/2009 - 09:47

Any particular log on the vpn client? Somem complain on it (log) regarding an ip address change? are those hosts vista PCs or XP?

mszoke Wed, 04/22/2009 - 10:52

Log mentions the client lost its IP address. I'll have to get the exact verbiage to be accurate though. All are XP clients now.

Ivan Martinon Wed, 04/22/2009 - 10:54

Yeah heard that before, it should say something like SADB changed... try to get a log so we can confirm this. Anyways you can look for the registry key Automatic IP addres Update on the XP, it causes the XP to try to renew the ip address continuously and that is known to cause problems. Look for it on google.

mszoke Fri, 04/24/2009 - 05:35

OK. I'll grab a log file as soon as I can replicate the problem again. Thanks for the tip.

craig.eyre Tue, 05/05/2009 - 09:59

Did you get this resolved? Let me know as I may have a fix for you.


craig.eyre Wed, 06/10/2009 - 07:18

Hi Miles,

I noticed with our clients that the wireless users were connecting as a straight IPSEC vpn connection without NAT-T. Check on your concentrator or ASA and see if they connect without NAT-T.

I came to the conclusion that our edge firewall (non cisco) has a UDP connection timeout of 180 seconds and is non changeable.

To work around this I added the line below to the vpn profile files under c:\programs files\cisco systems\vpn client\profiles and whatever your profile is .pcf. Open with wordpad and add this line.

ForceNatT=1 (case sensitive)

This will force the vpn client to use NAT-T regardless of internet connection.

This introduces another keepalive mechanism that will keep the connection alive past the 180 second UDP timeout.




This Discussion