- Cisco Employee,
When a Mobile 3G or WWAN Card is used for internet connection along with CISCO IPSec VPN Client, the issue faced is that the users are able to connect to the tunnel to the headend but no traffic passes through the tunnel,the Encrypted counters do not increase on the VPN Client.
- Windows 7 introduced a new adapter type called WWAN. The traffic accepted by the NIC is controlled by an NDIS Miniport Driver. The WWAN type bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so the Client NDIS IM driver fails to receive packets that go in and out WWAN devices. The third party tool that acts as the NDIS IM driver in case of the Cisco IPSec VPN Client is DNE by Citrix.
- The current release of Citrix DNE is an NDIS intermediate driver that is based on NDIS 5.0.However, the native Windows 7 Mobile Broadband driver(WWAN Card)is based on NDIS 6.2. Earlier intermediate drivers that are based on NDIS 4.x or on NDIS 5.x have a known compatibility issue with the native Windows 7 Mobile Broadband driver.
- The solution is to update your NDIS intermediate driver to NDIS 6.x-based Light Weight Filter (LWFdrivers are a combination of NDIS intermediate drivers and a miniport driver. The Beta version shipped out by is though known to have cause BSOD on systems.
Workaround and Explanation
Use the WWAN card as a dial up connection or use AnyConnect
- The Dial Up Connection works and the USB WWAN card works because in these cases the card is used as a Modem (thereby bypassing the limitation of NDIS drivers) to connect to the internet
- The AnyConnect works because it does not require any such driver.