SA520W and QuickVPN constant problems

Unanswered Question
Jun 15th, 2010

We purchased a Cisco SA 520W a little more than a month ago and after configuring it we have had nothing but constant headaches with users trying to utlize the QuickVPN software.

SA520W firmware is at 1.1.42 and was one of the first thigns I did before configuring the rest of the device.

All users are using QuickVPN ver 1.4.0.5 as that is the version that I emailed out along with their usernames and passwords

Problem #1 - Unable to login with username even though I know for a fact that their username and password is correct, the only workaround once this happens is to create a brand new username, I'm getting very sick of creating a new user every 1-3 days.

Problem #2 - Once they are connected, if they can connect they will get the "Remote gateway not responding" thing pop up and sometimes if they wait long enough it will work again, however sometimes this leads to them getting kicked off and then leading to problem#1

I've looked through the forums and have found no answers other than people echoing the same problem, I was thinking about trying th shrewsoft solution but didn't want to waste my time as someone else had posted they weren't able to get it to work correctly with the 520.

Any help would be appreciated.

Allen

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mpyhala Tue, 06/15/2010 - 10:08

I saw a case with very similar symptoms recently. After some troubleshooting I looked at the router logs and saw something about "fragmentation". I did a fragmentation test and found that the proper MTU for the cable internet connection was 1472. (The default was "Auto", which is 1500) After changing the MTU all users were able to connect and stay connected. Please try this and give us an update.

allenyeh79 Thu, 06/17/2010 - 06:37

Thanks for the reply and I changed the settings to 1492 on the evening of the 15th and have been keeping an eye on things to see if it has helped at all.

allenyeh79 Thu, 06/24/2010 - 07:53

It's been over a week and still no good:

Today I just had this user being locked problem and posting while it's still fresh in my mind.

1. Setup account for user and quickvpn on client machine, connects and works like it's supposed to

2. User reboots PC and brings back quickVPN and I get the connection Error pop-up - Failed to establish connection...blah blah blah

3. Tried to login with other username that I know work(i.e. my test cases) and I get the Connection Error pop-up

These are some logs:

2010-06-24 15:03:26: INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=34b46c441a362c56:bbb07d9c53d76fab.

2010-06-24 15:03:27: INFO:  ISAKMP-SA deleted for XXX.XXX.XXX.XXX[4500]-75.77.22.66[20875] with spi:34b46c441a362c56:bbb07d9c53d76fab
2010-06-24 15:25:46: ERROR:  Failed to load the configuration
2010-06-24 15:26:37: ERROR:  Failed to load the configuration
2010-06-24 15:27:15: INFO:  Adding IPSec configuration with identifier "slayton"
2010-06-24 15:27:15: ERROR:  parse error is nothing, but yyerrorcount is 27.
2010-06-24 15:27:55: ERROR:  Failed to load the configuration
2010-06-24 15:28:57: ERROR:  Failed to load the configuration
2010-06-24 15:30:38: INFO:  Adding IPSec configuration with identifier "nanawaggie"
2010-06-24 15:30:38: ERROR:  parse error is nothing, but yyerrorcount is 29.
2010-06-24 15:32:14: ERROR:  Failed to load the configuration
2010-06-24 15:32:38: ERROR:  Failed to load the configuration
2010-06-24 15:35:43: ERROR:  Failed to load the configuration
2010-06-24 15:39:12: INFO:  Adding IPSec configuration with identifier "nanatwaggie"
2010-06-24 15:39:12: ERROR:  parse error is nothing, but yyerrorcount is 32.

3. I created a new user and it works. It seems to me that the SA520 gets stuck with usernames and then it will "lock" for lack of a better term older accounts but new accounts work???

allenyeh79 Fri, 06/25/2010 - 03:23

I've only ever run the newest firmware with clients so it's not an issue of some setting that wasn't changed when I upgraded.

Anything else? I know I'm not the only person to have issues with this QuickVPN client.

David Hornstein Fri, 06/25/2010 - 06:28

Hi Allen,

I am sitting behind a cisco infrastructure, heavily protected.

I just tried and failed to quickVPN to my RVS4000 at home and got the following error;

2010/06/25 09:08:33 [STATUS]Remote gateway was reached by https ...

2010/06/25 09:08:33 [STATUS]Provisioning...

2010/06/25 09:08:43 [STATUS]Success to connect.

2010/06/25 09:08:43 [STATUS]Tunnel is configured. Ping test is about to start.

2010/06/25 09:08:43 [STATUS]Verifying Network...

2010/06/25 09:08:47 [WARNING]Failed to ping remote VPN Router!

2010/06/25 09:08:48 [WARNING]Failed to ping remote VPN Router!

2010/06/25 09:08:49 [WARNING]Failed to ping remote VPN Router!

2010/06/25 09:08:50 [WARNING]Failed to ping remote VPN Router!

2010/06/25 09:08:51 [WARNING]Failed to ping remote VPN Router!

2010/06/25 09:08:53 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

I found that log in my quick VPN directory; C:\Program Files\Cisco Small Business\QuickVPN Client  ,   in a file called 'log.txt'

I sort of expected that  behaviour, so i am not concerned that, i could not use the quickVPN or EZ vpn client from the cisco office I am in at the moment.

It would be interesting to see your log, but do you think it is time to hit the guys at the Small Business Support center (SBSC)  with this problem?

Their contact details can be found by clicking on the following URL.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards Dave

Actions

This Discussion