VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN

Answered Question
Jul 21st, 2010

I cannot access any device on my network via RDP or applications via host file - forwarded servers from my Windows 7 64 bit laptop using a Verizon wireless broadband connection and the Cisco 64 bit VPN client 5.0.7.290. I can connect easily via a DSL wired connection from home using the same laptop and VPN client and RDP.

The VPN client will connect to the VPN server (Easy VPN on Cisco 2821 router) over the wireless broadband connection (I can see it in the management console on the router) but it will pass no data. I cannot ping anything in the domain, nor the outside IP. When I try to ping from the laptop, it drops the VPN connection (Connection terminated by the peer).

The laptop is a Dell M4500 running Windows 7 Ultimate 64 bit OS. The VPN client is as stated, rev 5.0.7.290. The internal wireless broadband card is a QualCom 5620 (EV-DO-HSPA) device (Gobi 2).

What must I do to get this configuration to perform and connect as the wired connection does?

Tim Carlisle

Systems Manager

Message was edited by: Timothy Carlisle Recently I discovered that the Cisco 64 bit VPN client running on my Dell Precision M6500 (Windows 7 64 bit OS) was able to connect correctly by using the wireless hotspot on my iPhone 4S (Verizon Wireless). It will also connect when tethered to the laptop via USB cable. Once I discovered this, I then was able to do the same on the laptop that spawned this discussion, by tethering to the boss's Blackberry Bold after downloading and installing a new Verizon Wireless Access Manager utility that allowed us to select the device (the Blackberry) for installation.  I think that this has allowed us to bypass the Gobi2 wireless cards on both laptops and the factory installed Dell Connection Manager software which was incompatible with the Cisco 64 bit VPN client software. As far as I am concerned here, this new method (Smartphone hotspot and tethering) is the way to go for us, and has resolved all issues for remote connectivity for us. Thank you to all that contributed to this discussion.   Tim Carlisle

The Solution provided in the Discussion has been captured in this Document:-

https://supportforums.cisco.com/docs/DOC-18721

I have this problem too.
0 votes
Correct Answer by gmdtechnologies about 3 years 4 months ago

I had this problem on a Latitude e6510 with Windows 7 pro 32-bit.

The short story to how I fixed it is the following:

Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000.    Make sure there are no references to the WWAN card in device manager.

Restart the computer and reset the bios to default settings.

Install the R2750584 Driver for the 5620 wireless

Install VZAM

Of course it took me a large amount of troubleshooting to get to this point.   I tried 3 different versions of the Qualcomm Gobi 2000 drivers.  R275082 doesn't work.  Don't install the Dell Mobile broadband utility or connection manager or whatever it is.  The Novatel one.  I think that messes things up.

Correct Answer by RobButler about 3 years 6 months ago

We fought with the same issue for quite some time before finding that it appears to be a default setting in the Verizon Access Manager Software that does not play well with the Cisco Client.

In VZAccess Manager, select Options | Preferences.  Under the Connectivity options, the default setting of "NDIS Mode - Manually Connect" was selected.  Changing this option to "Modem Mode - Manually connect" appears to have completely addressed the issue.  We can now connect to the WWAN, establish a Cisco VPN session and have connectivity.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (7 ratings)
johnkylen Wed, 08/18/2010 - 14:19

Having this same problem.  I have Dell Latitude E6510 with the Verizon Dell Wireless 5620 EV-DO-HSPA card.  Using the latest version of Cisco VPN client (5.0.07.0290).  The card appears to connect correctly and gains an internal address.  But I can not ping any internal devices or access any the internal network resources.

The systems are running Windows 7 Enterprise x32 with the firewalls all turned off.

mcm832795 Thu, 08/19/2010 - 12:34

Same problem here on a Dell E6410.  Dell Wireless 5620 EV-DO-HSPA connecting to Sprint.  Version 5.0.07.0290 of the vpn client 64-bit on Windows 7 64-bit OS.  I have been able to transmit vpn data when connected using CMU-300 Qualcomm card from the same laptop using Sprint's SmartView connection software.

kmiller1634 Thu, 08/19/2010 - 12:40

I have an E6400 running Windows 7 x32 and have several co-workers running E6410's with Windows 7 x64 we all use the Verizon EVDO card. we have had some problems on the x64 but not on the x32's I believe it was a problem with the VPN client itself.

timothy.carlisle Thu, 08/19/2010 - 13:23

I gave up on the 64 bit client VPN WWAN connection on the Dell Precision M4500 Verizon EVDO 5620 card. What I am doing to affect the vpn connection I need, is to install the XP virtual machine (XP mode available from windows on Windows 7 Pro and Ultimate). On the XP virtual machine, install the Cisco VPN client 5.0.00.0340. Then you can run that from the XP mode Application on the windows 7 desktop, which starts the VM, and allows connection on the 32 bit client. It is not consistent however, and experiences dropped connections in some locations (Albany, Georgia) but runs fine in Columbus, GA. I think that is a Verizon issue however (cell resource allocation). I would really like for Verizon, Sprint, AT&T, et al to get together with Cisco, Qualcom, Dell, HP etc to work up a good WWAN connection solution for the 64 bit OS platform. They are not there yet, obviously.

timothykrebs Wed, 09/15/2010 - 09:20

I am having issues exactly like this as well but it is with the Dell AT&T card 5530.  I have tried it on a Dell 6410 and 4300. I have tried running both Windows 7 32 and 64 bit both with the same result.   The cisco client i am using is the 5.0.07.0290.  It will connect but i can't ping or get to anything on the network.  If i try the anyconnect connect client it will work just fine.  Unfortunately only one of our 5 ASA’s is currently setup to use anyconnect, hence the need for the full client.  If I use the exact same hardware and software configuration of the 5.0.07.029 client and the air card in Windows XP it works with no issues.  It almost seems to be an issue with the cisco client.  If anyone finds a solution to this issue please let us know.

Tim Krebs

Network Administrator

johnkylen Wed, 09/15/2010 - 09:39

Just wanted to put in a quick follow-up for anyone who can get the help.  After speaking with our Verizon rep I was put in touch with a technician who had the answer in the simplest form.  The Dell system ships with a program to manage the device.  This default software is used to activate and run the broadband card and is needed for that activation.  BUT --- Verizon has an enterprise class application (VZAccess) which fixes the issue.  Using this program to connect to the Verizon network will allow the Cisco software to properly bind and now once a user has connected to the VPN they are given an internal IP address, bind correctly and can access the network properly.

Not sure if this problem will move to any other vendor (AT&T, Sprint) but I can only say for now we have a fix for our Verizon problem and I hope that I wont see it come back again.

Jeff.Hartke Tue, 10/05/2010 - 12:25

Has anyone else experienced this problem?

I installed and verified that the VZAccess Manager was the correct version for the Chipset/OS (Dell 5620 / Win7 x32), the VZAM allows non-VPN surfing, but no access (as it shouldn't) to internal resources, the CISCO VPN client starts up, and nothing else happens.  As described earlier in the thread.  However once the Cellular Signal improves (starting at 1 bar of strenght: rated poor, improving to 4 bars: rated good) the VPN connection allows for access to internal resources.

Even with 1 bar of Cellular strength the VPN client is able to connect and stay connected.  I need to give a definative answer to the boss that is a Cellular signal problem and not an IT/VPN problem.

Thanks

timothy.carlisle Tue, 10/05/2010 - 13:07

John,

When I was first working this issue, I contacted both Dell and Verizon for issue resolution. At that time, neither one could offer one. Is it possible that Verizon has produced something new that will address the 64 bit Cisco VPN client/Verizon wireless connection issue? I was hoping that they would release something soon, so that I can get a 64 bit connection going on my boss's Windows 7 Ultimate laptop, and stop all of the XP virtual machine hoop jumping, and latency issues. What exactly is the name and version number of the Verizon Access Manager that allows this improvement?

namiagar Thu, 10/07/2010 - 09:24

Hi ,

Please try and setup the WWAN Card connection as a Dial Up connection and try the VPN once more.

I hope this helps

Thanks,

Namit

Correct Answer
RobButler Fri, 10/08/2010 - 09:08

We fought with the same issue for quite some time before finding that it appears to be a default setting in the Verizon Access Manager Software that does not play well with the Cisco Client.

In VZAccess Manager, select Options | Preferences.  Under the Connectivity options, the default setting of "NDIS Mode - Manually Connect" was selected.  Changing this option to "Modem Mode - Manually connect" appears to have completely addressed the issue.  We can now connect to the WWAN, establish a Cisco VPN session and have connectivity.

namiagar Fri, 10/08/2010 - 16:58

Hi,

Yes as per the release notes of the VPN Client does not support WWAN Card interface on Windows 7. Here is a little explanation why the VPN Client works when setup as Modem(Dial Up Connection) and does not work when setup as a normal connection

Windows 7 introduced a new adapter type called WWAN. The traffic accepted by the NIC is controlled by an NDIS Miniport Driver. The WWAN type bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so the Client NDIS IM driver fails to receive packets

that go in and out WWAN devices. The third party tool that acts as the NDIS IM driver is DNE by Citrix. 
          The current release of Citrix DNE is an NDIS intermediate driver that is based on NDIS 5.0. However, the native Windows 7 Mobile Broadband
driver(WWAN Card)is based on NDIS 6.2. Earlier intermediate drivers that are based on NDIS 4.x or on NDIS 5.x have a known compatibility issue with the
native Windows 7 Mobile Broadband driver.  


the reason the USB WWAN card works is that it is used as a Modem (thereby bypassing the limitation of NDIS drivers) to connect to the
internet whereas the internal card is used as a NIC which the VPN Client is not able to recognize 

Hope that helps

Thanks,

ikeeickholdt Sun, 10/16/2011 - 13:10

Thanks !

I was not very happy with Verizon's Tech Support in that they kept trying to

push this issue off somewhere else and had no resolution, nor did they seem

as though they wanted to work towards one. Great stuff !!!

On Sun, Oct 16, 2011 at 12:54 PM, vinashar <

mcarnahan Wed, 10/13/2010 - 08:57

Totally solved my problem....great post.  Thanks for your help!!!!  Saved me hours of time!!!

timothy.carlisle Thu, 06/09/2011 - 09:17

Rose,

In response to your issues, every since we have been using the different versions of the Cisco VPN client in conjunction with the Verizon Wireless connection, we have had connection drops of varying frequency. As a turnkey systems manager responsible for all aspects of the netowrk, I was able to review the router logs when that would happen, and this is my theory about the drops, and what I did to alleviate the pain.

I noticed that when the drops would occur, the router logs would report a half open syn packet error or condition. THat ususlly could be timelined and correlated with an idle connection condition (no activity) on the client side (remote device). Now, what I believe is the cause of the drop, is that the Cisco SDM on the router identifies that half open syn packet as a maliscious attempt, and drops the connection. I could be wrong about that, but as I said that is my theory.

The work-around that made life better was to use Task Scheduler to schedule a job to run a .bat file on the client laptop that would ping a server or pc on the remote network every five minutes, through the VPN tunnel, thus keeping the connection alive. I hope that makes sense, because it worked for us.

Tim

rebelwarrior Thu, 10/28/2010 - 12:46

I've been dealing with this issue for almost two months.  Verizon broadband had worked with Cisco VPN for years for me.  Then, about September 6, 2010, I started having a problem of getting connected to the Cisco VPN and staying connected.  I thought it was my set up as I checked with my client and was told no one but me was having this problem.  I had used the Verizon USB727 for 2 or 3 years and upgraded to the USB760.  I used the 760 for a month before the problems started happening.

After working hours with Verizon and Dell techs, I was at the point of completely reformating my hard drive and starting all over....still thinking it was me.  My Dell tech suggested contacting my client first to make sure it wasn't on their end.  It turns out, they were now aware of the problem and were working on it. Reformatting would not have solved the issue.

After all this time, the issue is still not resolved for me.  I've applied every solution I can find and nothing works.  I will note here that I can use AT&T without fail to connect to Cisco VPN and I can still work.  However, the sudden failure of Verizon to work with the VPN is still baffling to me.

I can connect to the VPN, but within 30 seconds the connection to the VPN is lost as it takes down my Verizon WWAN connection.   The IT department for my client hasn't solved the problem. I have the latest verison of the Cisco VPN software, too.

Has anyone else come up with any other solutions that seem to allow Verizon broadband to stay connected to Cisco VPN and work?

mcarnahan Wed, 10/13/2010 - 08:58

Totally solved my problem....great post.  Thanks for your help!!!!  Saved me hours of time!!!

Sorry...Don't know why the double post...

Message was edited by: mcarnahan

Correct Answer
gmdtechnologies Fri, 12/10/2010 - 12:15

I had this problem on a Latitude e6510 with Windows 7 pro 32-bit.

The short story to how I fixed it is the following:

Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000.    Make sure there are no references to the WWAN card in device manager.

Restart the computer and reset the bios to default settings.

Install the R2750584 Driver for the 5620 wireless

Install VZAM

Of course it took me a large amount of troubleshooting to get to this point.   I tried 3 different versions of the Qualcomm Gobi 2000 drivers.  R275082 doesn't work.  Don't install the Dell Mobile broadband utility or connection manager or whatever it is.  The Novatel one.  I think that messes things up.

timothy.carlisle Thu, 06/09/2011 - 09:30

George, Rob,

I finally gave up on the XP mode work-around with its untenable latency and just purchased a yearly subscription to LogMeIn for the Trustee. I am going to try your uninstall and reinstall software and drivers solution one day whenever I can wrest the laptop away from the boss long enough. As for Rob's solution, the version of Dell Controll Point - Connection Manager software loaded on her laptop, does not even have the VZAM software that we are accustomed to in earlier renditions, available to make the changes you describe. Instead there is an awful Dell/Verizon software mashup that has no access to that which you describe as well as access to the miniport connection tweaks that Namit describes.

I think the best solution would be to uninstall everything DCP and Gobi drivers and then reinstall just the VZAM and the new gobi drivers. I am still reluctant to do that, because the DCP on this particular laptop is so integrated into so much other stuff. I need to wait until I get an opportunity to have a week or two when she is not using the laptop, in case I have to wipe and reload it from bare metal. That would be in the late this summer when she goes to Europe on vacation.

Thanks to all. I think there are solutions to this issue here.

I still think that they (glittering generality) should all get on the same page.

Tim

edwardlassotovitch Fri, 09/30/2011 - 09:12

Also look at this:

https://supportforums.cisco.com/docs/DOC-17314

Issues with IPSEC-VPN client and Verizon VZ4G LTE network
VERSION 2  
Introduction
Core Issue
Resolution


Introduction
This document explains why IPSEC VPN clients don't work on Verizon 4g network.


Core Issue
The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem.


Resolution

Based on suggestions made by Verizons it seems as though the following things need to be attempted:

1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents:

     a. IPSEC over NAT-T on IOS devices

     b. IPSEC over NAT-T on ASA

2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents:

     a. IPSEC over TCP on IOS devices

     b. Enabling IPSEC over TCP on ASA

3. Use Anyconnect rather than IPSEC

4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications.

edwardlassotovitch Thu, 10/06/2011 - 08:50

We built a new PIX and added NAT traversal. It fixed the problem using a UML290 aircard over Verizon's network.

ikeeickholdt Tue, 10/11/2011 - 08:51

[11-OCT-2011]
Issue: Laptop not able to synchronize Act! over Verizon aircard using Cisco VPN 5.0 Client.

The Aircard connects to the internet and allows internet access. Then, you start the VPN either through VZ Access Manager '7.6' or externally and successfully connects. However I cannot access internal resources.

Checking the logging using ASDM, I can see that tthe card is allowing authentication however, once authenticated, no traffic is being passed.

Notes: After working many hours trying to figure out if this was a system build issue I decided to do some research on the internet. Turns out that there are a lot of folks experiencing this same issue. Techies higher up in Verizon stated that the new 4G devices are having problems with VPN compatibility. The configuration used is: Windows XP SP2, VZ Access Manager 7.6, Aircard Model USB551L.

Going back to the older aircard though requires that you uninstall the 7.6 Access manager and download the compatible version of VZ Access Manager which is the 7.1 version. Check Verizons website at: http://www.vzam.net/download/supported.aspx

Also, if you have activated the newer aircard, and have Verizon de-activate the new one and re-activate the old one, you may experience an authentication problem at first. Still working on this one but it seems that there is an issue with their systems when re-activating to an older aircard.

jparker36 Thu, 03/08/2012 - 06:19

What if you lock the 4G card in HDR(EVDO) mode only. Will the VPN work correctly?

ccordes Wed, 03/14/2012 - 11:38

I just ran into this issue on Win7 64-bit with the latest Cisco IPSec vpn client and the Verizon 4G Pantech UML290 usb device.  The vpn client connects but won't pass traffic.

The fix is to make sure the user is running the latest version of the VZAccess Manager [currently v7.7.1 (2730h)] and then follow this link ( http://vzam.net/download/download.aspx?productid=921 ) and download the “UML290 VPN Connection Issues – ReadMe” zip file.  It contains a readme file with instructions and a tool to change the LAN mode setting for the device.   Fixed the issue without a reboot.

khalid.ibrahim Wed, 03/28/2012 - 16:46

HI guys,

i don't know if this can assist you or not, i'm having same the same problem with HUAWEI 3G USB and found that even,

i'm running VM workstation 8 on my laptop and seems that is not supported (cisco VPN client start giving error 412 - remote peer not responding, connection terminated localy).

--------------------------

the work around was like this; install 3rd party VPN client (cisco compatible) where i was able to import my pcf file

and work flawlessly.

Shrew VPN client or any out there VPN client you can use to finish this headach, i hope cisco guys by that time correct what in the CVPND making these errors

shrew.net/download/vpn

good luck

lovullo Thu, 08/23/2012 - 12:36

After trying everything in this post with no success, I have finally found a fix for this problem. I have a Dell E6420 laptop with a dw5800 broadband card installed. I am running windows 7 64-bit with the latest Cisco VPN client, VZacces manager, and boradband drivers. Dell service pointed me to the following website:

http://www.citrix.com/lang/English/lp/lp_1680845.asp

where I downloaded and ran the ftp://files.citrix.com/dneupdate64.msi for 64-bit located in the "Other DNE Problems" section of the document. After running the MSI file my VPN connection worked perfectly over the broadband card.

barry.brown2006 Mon, 02/18/2013 - 08:08

Lovullo has helped me fix my problem. I have a Leveno T410 and ever since I installed the Soft VPN Token Cisco 5.0.07.0410, I had the same problem. I could connect to the vpn but as soon as I do, I lost the internet connection and could not connect to any of my companies sites. No one at my help desk had helped so far.

I can use my comcast network and the vpn works like it should. I just doesn't work with the Verizon 4GLte usb device. It is a USB551L.

After using the link Lovullo had listed above, I tried the Citrix program for the DNE and it is working now.

BTW, I used the ftp://files.citrix.com/dneupdate.msi for 32-bit since this laptop has Win7 32.

Thank you very much.

Actions

Login or Register to take actions

This Discussion

Posted July 21, 2010 at 1:03 PM
Stats:
Replies:30 Avg. Rating:5
Views:113349 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard