Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN client drops with Wireless Connection

We have been getting a number of users complaining about their connection dropping when using the VPN over a wireless connection. After the drop, the client is unable to reconnect without doing a "repair" or rebooting the machine. Anyone experience anything similar?

Thanks!

7 REPLIES

Re: VPN client drops with Wireless Connection

Any particular log on the vpn client? Somem complain on it (log) regarding an ip address change? are those hosts vista PCs or XP?

New Member

Re: VPN client drops with Wireless Connection

Log mentions the client lost its IP address. I'll have to get the exact verbiage to be accurate though. All are XP clients now.

Re: VPN client drops with Wireless Connection

Yeah heard that before, it should say something like SADB changed... try to get a log so we can confirm this. Anyways you can look for the registry key Automatic IP addres Update on the XP, it causes the XP to try to renew the ip address continuously and that is known to cause problems. Look for it on google.

New Member

Re: VPN client drops with Wireless Connection

OK. I'll grab a log file as soon as I can replicate the problem again. Thanks for the tip.

New Member

Re: VPN client drops with Wireless Connection

Did you get this resolved? Let me know as I may have a fix for you.

Craig

New Member

Re: VPN client drops with Wireless Connection

Hi Craig

We have a user with the same problem - have you got a fix?

Cheers

Miles

New Member

Re: VPN client drops with Wireless Connection

Hi Miles,

I noticed with our clients that the wireless users were connecting as a straight IPSEC vpn connection without NAT-T. Check on your concentrator or ASA and see if they connect without NAT-T.

I came to the conclusion that our edge firewall (non cisco) has a UDP connection timeout of 180 seconds and is non changeable.

To work around this I added the line below to the vpn profile files under c:\programs files\cisco systems\vpn client\profiles and whatever your profile is .pcf. Open with wordpad and add this line.

ForceNatT=1 (case sensitive)

This will force the vpn client to use NAT-T regardless of internet connection.

This introduces another keepalive mechanism that will keep the connection alive past the 180 second UDP timeout.

HTH

Craig

2410
Views
0
Helpful
7
Replies
CreatePlease to create content