Re: 3005 SSL VPN client disconnects

kseraphine · ‎02-15-2006

I have a client who is piloting a 3005 for remote access via the full SSL VPN client. One of the test users is repeatedly getting disconnected with the following error:

"The SSL VPN connection was terminated due to an IP forwarding table modification."

The user's IP address and routing table are not changing. The user is coming through a DSL connection but I've verified the ISP assigned IP has not changed.

I think this is a problem with this user's PC because I do not exprience it but I was hoping someone might have more information on this error. I could not find anything on CCO.

Thanks

wong34539 · ‎02-21-2006

I think the error that you are seeing is on the client side, due to a change of the PC's routing table. Could you please enter the "show webvpn pack svc status" command and let me know what svc version you are running? Also, let me know what's the operating system on those machines? and the version or ssl client and concentrator? Do you have split tunneling enable? if so, can we disable it and test it again

axfalk · ‎04-25-2006

Hi, I have an identical problem and tried to disable split tunneling, but to no avail. The VPN client is CISCO STC win2k+ 1.0.0 1,1,0,154 Mon 01/09/2006.The machine is w2K XP. Have u, by any chance, resolved this problem?

Thanks

kseraphine · ‎04-26-2006

Unfortunately I don't have any good information on this. The customer I was working with said the problem went away on its own.

blsmith · ‎10-09-2006

Little late but if anyone else runs across this post, check the MTU on the client side, We have had this problem with 2wire gateways as they can not handle fragmented packets with the VPN, we have changed mtu on client network adaptor to 1472 (Using drtcp.exe from dslreports.com) which is 1492 max mtu on dsl gateway - 30 for packet encaps etc. and it has cleared up the problem.

mr.melvin · ‎11-10-2006

Any resolution on this, I have a few clients running Windows XP SP2 that are experiencing the same problem. I have a VPN3030 with IOS 4.7.2 H and I'm running the latest SSL VPN Client 1.1.169

axfalk · ‎11-14-2006

Make sure the private addresses you client gets from the SSL VPN & his(her) ISP are not on the same subnet...

blsmith · ‎11-14-2006

So you did check the MTU on the Client side?

mr.melvin · ‎11-16-2006

Yes, I loaded DrTCP on the client's machine and set the Cisco SSL VPN Adpater to 1400 bytes. I also made sure the PMTU Discovery was disabled. I had them reboot their PC to make sure it made the changes to the registry.

mr.melvin · ‎11-16-2006

Just a side note the same user having the disconnects over the Cisco SSL VPN client, runs fine over the Cisco IPSEC VPN client. Doesn't have the disconnect issues. I've also brought up a Test VPN 3015 and the user was the only one on the VPN Concentrator, I was running the latest code 4.7.2 J and the new SSL client 169. Still got the disconnects.

axfalk · ‎11-19-2006

Are you dishing out the same addresses in IPSec as on SSL?

mr.melvin · ‎11-20-2006

Yes, Im kicking out a 192.168.236.X range from the VPN 3030