One person reports to me that he can no longer connect to the 5505 certificate based VPN.
I got him to send me his VPN client log file for 2 attempts, one with Connection Entry Property - Transport set to UDP, the other with it set to TCP. (Both these settings work for multiple other people.)
In the log file for the UDP attempt I find a point where client sends
"ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_INITIAL_CONTACT)",
then client sends 3
"ISAKMP OAK MM (FRAG)"
After that, he just retransmits the 4 messages shown above, till he gives up. Successful connection logged on another machine shows the client receiving an "ISAKMP packet", then 3 "ISAKMP OAK MM (FRAG)".
His log file for the attempt using TCP for the transport shows 4 TCP SYN packets sent from the client, but no SYN-ACK is received back by the client.
This happens when he attempts connecting from home, where his ISP is Comcast.
The same machine, on our enterprise unsecured wireless connects successfully.
So there must be an issue in his home network, or with Comcast. Something that could conceivably have changed between Thursday and Friday last week...
Can anyone suggest what I might tell him to check for, or to ask Comcast about?