VPN Client & Concentrator 3000 DHCP Renewal Problem
I have a strange problem when using the VPN Client over a WLAN. A customer runs a public WLAN and allows its users to establish connections with the VPN Client to a 3000 series concentrator. The customer is a university and has a lot of mobile device movement joining and leaving the infrastructure throughout the day. This is why he limited the DHCP lease time (of the WLAN subnet over which the VPN runs) to a short five minutes.
Now the scenario:
The WLAN and VPN connection processes finish successfully and data can be exchanged. Now at the half of the DHCP lease time (2.5 mins), the NIC attempts to renew its DHCP lease, according to the DHCP standard. This will fail in the sense that the client doesn't send out any DHCPREQUEST at all (not even encrypted through the tunnel). Half a minute before the actual lease expiry time Windows takes another attempt to renew the address (clear text on the WLAN NIC), will even get an ACK (can be sniffed with another machine using Wireshark over WLAN), yet the client won't process the answer (no sniffer output on the affected client). In process, the VPN connection fails upon DHCP lease expiry. After the VPN client has disconnected, IP address renewal will succeed.
In general, if the VPN client is not in use, the process of the DHCP renewal works without problems.
I've tried different split tunneling settings, including "tunnel all" to "tunnel all except local LAN".
See the attachment for a sniffer output of the additional machine sniffing the WLAN media during a DHCP renewal failure.
Does anybody know the root of this problem? Any help is greatly appreciated!
Re: VPN Client & Concentrator 3000 DHCP Renewal Problem
Thanks for your post. Can't verify the routing table right now...but there are no problems with Windows Vista, Mac and Unix clients. Do you think Windows XP needs a special configuration on the concentrator?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...