"Updated" VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64

Document

Sep 24, 2011 8:26 AM
Sep 24th, 2011


Introduction

VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN

1. Scenario 1

Cannot access any device on the network via RDP or applications via host file - forwarded servers from the Windows 7 64 bit laptop using a Verizon wireless broadband connection and the Cisco 64 bit VPN client 5.0.7.290. Can connect easily via a DSL wired connection from home using the same laptop and VPN client and RDP.

The VPN client will connect to the VPN server (Easy VPN on Cisco 2821 router) over the wireless broadband connection (Can see it in the management console on the router) but it will pass no data. Unable to ping anything in the domain, nor the outside IP. When pinging from the laptop, it drops the VPN connection (Connection terminated by the peer).

Hardware and Software:-

The laptop is a Dell M4500 running Windows 7 Ultimate 64 bit OS. The VPN client is as stated, rev 5.0.7.290. The internal wireless broadband card is a QualCom 5620 (EV-DO-HSPA) device (Gobi 2).

2. Scenario 2

Same problem has been noticed with Dell Latitude E6510 with the Verizon Dell Wireless 5620 EV-DO-HSPA card.  Using the latest version of Cisco VPN client (5.0.07.0290).  The card appears to connect correctly and gains an internal address but can't not ping any internal devices or access any the internal network resources.

Note:- The systems are running Windows 7 Enterprise x32 with the firewalls all turned off.

3. Scenario 3

Same problem has been faced with Dell E6410.  Dell Wireless 5620 EV-DO-HSPA connecting to Sprint.  Version 5.0.07.0290 of the vpn client 64-bit on Windows 7 64-bit OS.  Able to transmit vpn data when connected using CMU-300 Qualcomm card from the same laptop using Sprint's SmartView connection software.

4. Scenario 4

E6400 running Windows 7 x32 and several E6410's with Windows 7 x64 using Verizon EVDO card faced same issue on the x64 but not on the x32's Is it a problem with the VPN client?

5. Scenario 5

Same issue with the Dell AT&T card 5530. Tried it on a Dell 6410 and 4300 and with both Windows 7 32 and 64 bit but same result. Cisco client used is 5.0.07.0290.  It will connect but unable to ping or get to anything on the network.

Note:-

  • However anyconnect client works fine.
  • If exact same hardware and software configuration of the 5.0.07.029 client and the air card in Windows XP it works with no issues. 



Solution

It appears to be a default setting in the Verizon Access Manager Software that does not play well with the Cisco Client.

In VZAccess Manager, select Options | Preferences.  Under the Connectivity options, the default setting of "NDIS Mode - Manually Connect" was selected.  Changing this option to "Modem Mode - Manually connect" appears to have completely addressed the issue.  We can now connect to the WWAN, establish a Cisco VPN session and have connectivity.

10-8-2010 12-04-33 PM.png

Yes as per the release notes of the VPN Client does not support WWAN Card interface on Windows 7. Here is a little explanation why the VPN Client works when setup as Modem(Dial Up Connection) and does not work when setup as a normal connection

Windows 7 introduced a new adapter type called WWAN. The traffic accepted by the NIC is controlled by an NDIS Miniport Driver. The WWAN type bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so the Client NDIS IM driver fails to receive packets

that go in and out WWAN devices. The third party tool that acts as the NDIS IM driver is DNE by Citrix.

The current release of Citrix DNE is an NDIS intermediate driver that is based on NDIS 5.0. However, the native Windows 7 Mobile Broadband

driver(WWAN Card)is based on NDIS 6.2. Earlier intermediate drivers that are based on NDIS 4.x or on NDIS 5.x have a known compatibility issue with the native Windows 7 Mobile Broadband driver. 

The reason the USB WWAN card works is that it is used as a Modem (thereby bypassing the limitation of NDIS drivers) to connect to the

internet whereas the internal card is used as a NIC which the VPN Client is not able to recognize

Same problem on a Latitude e6510 with Windows 7 pro 32-bit and How to fix it is the following:-

  • Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000. Make sure there are no references to the WWAN card in device manager.
  • Restart the computer and reset the bios to default settings.
  • Install the R2750584 Driver for the 5620 wireless
  • Install VZAM

Note:-

Don't install the Dell Mobile broadband utility or connection manager or whatever it is because that may cause some issues.

VPN Client 5.0.07 features the following:

•Support for Windows 7 on x64 (64-bit). This release, however, does not support WWAN devices (also called wireless data cards) on Windows 7 x86 (32-bit) and x64. For support of WWAN devices on Windows 7, please use the Cisco AnyConnect Secure Mobility client.

•Support for Windows Vista on x64.

•Packet LZS compression for x64 VPN Client.

Note that this version does not provide online help.

Some More information from VPN Standpoint

IPSEC-VPN client issues with Verizon VZ4G LTE network

The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem.


Resolution

Based on suggestions made by Verizons it seems as though the following things need to be attempted:

1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents:

     a. IPSEC over NAT-T on IOS devices

     b. IPSEC over NAT-T on ASA

2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents:

     a. IPSEC over TCP on IOS devices

     b. Enabling IPSEC over TCP on ASA

3. Use Anyconnect rather than IPSEC

4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications.

New Scenario

6. Latitude e6510 with Windows 7 pro 32-bit

7. Solution

Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000.  Make sure there are no references to the WWAN card in device manager.

Restart the computer and reset the bios to default settings. Install the R2750584 Driver for the 5620 wireless Install VZAM.

George tried 3 different versions of the Qualcomm Gobi 2000 drivers.  R275082 doesn't work.  Don't install the Dell Mobile broadband utility or connection manager or whatever it is.  The Novatel one.

New Workaround

Recently Tim discovered that the Cisco 64 bit VPN client running on Dell Precision M6500 (Windows 7 64 bit OS) was able to connect correctly by using the wireless hotspot on iPhone 4S (Verizon Wireless). It will also connect when tethered to the laptop via USB cable. Once he discovered this, then he was able to do the same on the laptop that spawned this discussion, by tethering to the boss's Blackberry Bold after downloading and installing a new Verizon Wireless Access Manager utility that allowed us to select the device (the Blackberry) for installation. He think that this has allowed them to bypass the Gobi2 wireless cards on both laptops and the factory installed Dell Connection Manager software which was incompatible with the Cisco 64 bit VPN client software. As far as he is concerned here, this new method (Smartphone hotspot and tethering) is the way to go for them, and has resolved all issues for remote connectivity for them.

Reference

This document was generated from the following discussion

VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN


Average Rating: 5 (1 ratings)

Actions

Login or Register to take actions

This Document

Posted September 24, 2011 at 8:26 AM
Stats:

Related Content

Documents Leaderboard