Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

5508 WLC - VPN disconnects from Wlan guest

Strange issue that our support staff is seeing on our guest WLAN.

I have 2 wlans, 1 is production and authenticates our Domain controllers, this is working fine.

The other is a wlan that has restricted access internally, I allow http, https and VPN access out only.

It appears that on the guest wlan, after random amount of time an established VPN connection using Cisco VPN client disconnects.

Wireless connectivity doesnt appear to go down, just the vpn connection.

On this guest wlan, I have configured QOS bronze and I read a link where this may be affecting the UDP conversation between VPN client and end point.

Can anyone shed light on this ?

I just upgraded to latest and greatest code and I am still seeing same issue.

Cheers


Dave

1 ACCEPTED SOLUTION

Accepted Solutions

5508 WLC - VPN disconnects from Wlan guest

The session timeout would mean you would see a deauth every 30 minutes which could be your issue. But I had a similar problem on 7.0.98.0. When users would VPN they would disconnect randomly. While others on guest without VPN stayed up and was fine.

I moved to 7.0.220.0 and it seemed to fix the VPN guest issue for us.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
10 REPLIES
New Member

5508 WLC - VPN disconnects from Wlan guest

I noticed there is a session timeout located unded the advanced tab in WLAN config. Its enabled to 1800s. In my tests I have a continuous ping going but I am wondering if I should disable the session timeout ?

5508 WLC - VPN disconnects from Wlan guest

The session timeout would mean you would see a deauth every 30 minutes which could be your issue. But I had a similar problem on 7.0.98.0. When users would VPN they would disconnect randomly. While others on guest without VPN stayed up and was fine.

I moved to 7.0.220.0 and it seemed to fix the VPN guest issue for us.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

5508 WLC - VPN disconnects from Wlan guest

Well thats basically what we were seeing as well.. Random VPN disconnects..I have upgraded to 7.2.103.0 and I saw the same issue after the initial reboot of the wlc but havent seen it since...Its possible that I might of killed the ping on that test and got hit with a deauth at the 30 min mark.

Right now both laptops are an hour into a vpn session with no issues. So maybe it is fixed ??

I'll test them over night and see.

Cheers

Dave

5508 WLC - VPN disconnects from Wlan guest

Keep us posted. I would be interest in hearing what you see.

Also, do a client debug. What i noticed when it happen to my test clients is that the client would disconnect and fall into a DHCP_REQ state.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

5508 WLC - VPN disconnects from Wlan guest

Did you just run wireshark on the client side ? With your issue were you seeing the wireless connection drop as well ? Or was it just the VPN connection ? For us its just the VPN connection.

Cheers


Dave

5508 WLC - VPN disconnects from Wlan guest

I did a debug on the WLC for the test laptops. What I seen was the VPN drop and the test unit would get the guest accept screen. While NON vpn test devices stayed on with no issues.

Also the VPN test units would be random. Not all of them dropped at the same time. They dropped randomly.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

5508 WLC - VPN disconnects from Wlan guest

Well looks like the code update did fix the issue.. I had a building full of happy wireless customers the last 2 days since the upgrade.

Thanks for your help George

Cheers


Dave

5508 WLC - VPN disconnects from Wlan guest

Soemthing I want to make you aware of is another guest bug we hit... After fixing the VPN problem by moving to 7.0.220.0 we hit this bug!

The fix ... Reboot your WLC weekly. We have a call with Cisco BU on Monday to talk about this...

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx00942

Webauth stops redirecting after some time
Symptom:
It is seen on 7.0.220 4404 WLC that users in the webauth SSID are not redirected to the login page anymore after 1 week or so.

This message appears :
sshglue.c:7009 WebAuth HTTP Redirect rule creation failed for peer 192.168.1.8

Conditions:
webauth, 4404 running 7.0.116/220
Workaround:

A reboot solves the problem for another week or so
Status Status
Open             

Severity Severity
2 - severe

Last Modified Last Modified
In Last 7 Days        

Product Product
Cisco 5500 Series Wireless Controllers         

Technology Technology


1st Found-In 1st Found-in
7.0(116.0)
7.0(220.0)       
Interpreting This Bug
Bug Toolkit provides access to the latest raw bug data so you have  the earliest possible knowledge of bugs that may affect your network,  avoiding un-necessary downtime or inconvenience. Because you are viewing  a live database, sometimes the information provided is not yet complete  or adequately documented. To help you interpret this bug data, we  suggest the following:
  • This bug has a Severe severity level 2 designation.  Important functions are unusable but the router's other functions and  the rest of the network is operating normally.
  • Severity levels  are designated by the engineering teams working on the bug.  Severity is  not an indication of customer priority which is another value used by  engineering teams to determine overall customer impact.
  • Bug  documentation often assumes intermediate to advanced troubleshooting and  diagnosis knowledge.  Novice users are encouraged to seek fully  documented support documents and/or utilize other support options  available.
  • __________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
    New Member

    5508 WLC - VPN disconnects from Wlan guest

    Thanks for the heads up. But we arent using login pages on either WLAN..One is guest which is limited access and one uses the users domain credentials which are sent thru to our domain servers.

    Cheers


    Dave

    5508 WLC - VPN disconnects from Wlan guest

    This document was generated from the following discussion

    https://supportforums.cisco.com/docs/DOC-24094

    Thanks,

    Vinay Sharma

    Thanks & Regards
    1815
    Views
    15
    Helpful
    10
    Replies