VPN Connection Issue Via Verizon Wireless Broadband Air Card and Cisco VPN on Windows 7 X64
Total Page:16
File Type:pdf, Size:1020Kb
VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 Introduction on page 1 • Scenario 1 on page 1 • Scenario 2 on page 2 • Scenario 3 on page 2 • Scenario 4 on page 2 • Scenario 5 on page 3 • Solution on page 3 • VPN Client 5.0.07 features the following: on page 5 • IPSEC-VPN client issues with Verizon VZ4G LTE network on page 6 • Resolution on page 6 • Reference on page 7 Introduction VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN Scenario 1 Cannot access any device on the network via RDP or applications via host file - forwarded servers from the Windows 7 64 bit laptop using a Verizon wireless broadband connection and the Cisco 64 bit VPN client 5.0.7.290. Can connect easily via a DSL wired connection from home using the same laptop and VPN client and RDP. The VPN client will connect to the VPN server (Easy VPN on Cisco 2821 router) over the wireless broadband connection (Can see it in the management console on the router) but it will pass no data. Unable to ping anything in the domain, nor the outside IP. When pinging from the laptop, it drops the VPN connection (Connection terminated by the peer). Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 1 VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 Hardware and Software:- The laptop is a Dell M4500 running Windows 7 Ultimate 64 bit OS. The VPN client is as stated, rev 5.0.7.290. The internal wireless broadband card is a QualCom 5620 (EV-DO- HSPA) device (Gobi 2). Scenario 2 Same problem has been noticed with Dell Latitude E6510 with the Verizon Dell Wireless 5620 EV-DO-HSPA card. Using the latest version of Cisco VPN client (5.0.07.0290). The card appears to connect correctly and gains an internal address but can't not ping any internal devices or access any the internal network resources. Note:- The systems are running Windows 7 Enterprise x32 with the firewalls all turned off. Scenario 3 Same problem has been faced with Dell E6410. Dell Wireless 5620 EV-DO-HSPA connecting to Sprint. Version 5.0.07.0290 of the vpn client 64-bit on Windows 7 64-bit OS. Able to transmit vpn data when connected using CMU-300 Qualcomm card from the same laptop using Sprint's SmartView connection software. Scenario 4 E6400 running Windows 7 x32 and several E6410's with Windows 7 x64 using Verizon EVDO card faced same issue on the x64 but not on the x32's Is it a problem with the VPN client? Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 2 VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 Scenario 5 Same issue with the Dell AT&T card 5530. Tried it on a Dell 6410 and 4300 and with both Windows 7 32 and 64 bit but same result. Cisco client used is 5.0.07.0290. It will connect but unable to ping or get to anything on the network. Note:- • However anyconnect client works fine. • If exact same hardware and software configuration of the 5.0.07.029 client and the air card in Windows XP it works with no issues. Solution It appears to be a default setting in the Verizon Access Manager Software that does not play well with the Cisco Client. In VZAccess Manager, select Options | Preferences. Under the Connectivity options, the default setting of "NDIS Mode - Manually Connect" was selected. Changing this option to "Modem Mode - Manually connect" appears to have completely addressed the issue. We can now connect to the WWAN, establish a Cisco VPN session and have connectivity. Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 3 VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 Yes as per the release notes of the VPN Client does not support WWAN Card interface on Windows 7. Here is a little explanation why the VPN Client works when setup as Modem(Dial Up Connection) and does not work when setup as a normal connection Windows 7 introduced a new adapter type called WWAN. The traffic accepted by the NIC is controlled by an NDIS Miniport Driver. The WWAN type bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so the Client NDIS IM driver fails to receive packets that go in and out WWAN devices. The third party tool that acts as the NDIS IM driver is DNE by Citrix. The current release of Citrix DNE is an NDIS intermediate driver that is based on NDIS 5.0. However, the native Windows 7 Mobile Broadband Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 4 VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 driver(WWAN Card)is based on NDIS 6.2. Earlier intermediate drivers that are based on NDIS 4.x or on NDIS 5.x have a known compatibility issue with the native Windows 7 Mobile Broadband driver. The reason the USB WWAN card works is that it is used as a Modem (thereby bypassing the limitation of NDIS drivers) to connect to the internet whereas the internal card is used as a NIC which the VPN Client is not able to recognize Same problem on a Latitude e6510 with Windows 7 pro 32-bit and How to fix it is the following:- • Completely uninstall VZAM, Dell Mobile Broadband Utility, Qualcomm Gobi 2000. Make sure there are no references to the WWAN card in device manager. • Restart the computer and reset the bios to default settings. • Install the R2750584 Driver for the 5620 wireless • Install VZAM Note:- Don't install the Dell Mobile broadband utility or connection manager or whatever it is because that may cause some issues. VPN Client 5.0.07 features the following: •Support for Windows 7 on x64 (64-bit). This release, however, does not support WWAN devices (also called wireless data cards) on Windows 7 x86 (32-bit) Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 5 VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 and x64. For support of WWAN devices on Windows 7, please use the Cisco AnyConnect Secure Mobility client. •Support for Windows Vista on x64. •Packet LZS compression for x64 VPN Client. Note that this version does not provide online help. Some More information from VPN Standpoint IPSEC-VPN client issues with Verizon VZ4G LTE network The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem. Resolution Based on suggestions made by Verizons it seems as though the following things need to be attempted: 1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents: Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 6 VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN on windows 7 x64 a. IPSEC over NAT-T on IOS devices b. IPSEC over NAT-T on ASA 2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents: a. IPSEC over TCP on IOS devices b. Enabling IPSEC over TCP on ASA 3. Use Anyconnect rather than IPSEC 4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications. Reference This document was generated from the following discussion VPN Connection Issue via Verizon wireless broadband air card and Cisco VPN Postings may contain unverified user-created content and change frequently. The content is provided as-is and is not warrantied by Cisco. 7.