Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Anchored (Guest) break over VPN

Im often answering questions here but I hit an odd issue I wanted to toss out there ...

When connected to a guest network which is anchored in the DMZ we have no issues, until we VPN over guest. The guest traffic is all happy of course considering all the timers.

When connected to a guest network which is anchored in the DMZ and the guest kicks off a VPN we observed random, but consistent drops. The guest user will fall back into WebAuthREQ state at random for no reason.

Ive tested four laptops on anchor A, for example,  two laptops connected via VPN and two without VPN. The VPN breaks like every 2 hours while the guest without vpn is fine. By break, I mean client falls back to WebAuthReq.

I also manually disconncted the VPN several times thinking it was some how tied to the WebAuthReq. But no problem at all. I can disconnect from VPN and still stay connected to guest and pass traffic.Reconnect to VPN with no problems.

There was no roaming, all clients were stationary during testing.

Code is 7.0.98.0 on both foreign and anchor ..

Anyone else having this issue ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
2 REPLIES
Silver

Anchored (Guest) break over VPN

Ok, so the problem is not that VPN doesn't ever work, but that randomly the VPN dies (because the client is in a webauth_reqd state)?

So I'd be asking "Why did the client go to webauth_reqd" (makes no sense for VPN to be a contributing factor to that).

Could you run client debug on the anchor and foreign to see at least what the WLC says happened when it through it back to webauth_reqd state?

Now, since you're talking 7.0.98.0  it wouldn't surprise me one bit if this is some known issue but nothing comes to mind.  I'd just start with the client debug to see WHY it went to webauth_reqd, and from there maybe we can find the reason.

Anchored (Guest) break over VPN

Its random, ONLY when you use VPN over the anchor you lose ALL connectivity and the client drops right into WEBAUTHREQ. I dont want to share the debug in public, due to IP addresses etc . I will send in email.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
618
Views
0
Helpful
2
Replies
CreatePlease login to create content