We’ve recently been approached by a client to provide a remote access solution for travelling representatives. RSCC provide IT support for them in their office in Letchworth, but they needed to extend the reach of their network to travelling representatives. As they require access to a data-heavy database and had limited upstream bandwidth, VPN access itself wouldn’t cut it, so we’ve put together a solution utilising laptops with mobile 3g cards, a Cisco VPN and a Windows 2008
I’ve just spent a few happy hours this morning trying to figure out why my test laptop wouldn’t connect to the Cisco VPN when using the Vodafone dongle. It would connect and complete x-auth, but no data would pass.
The usual cause for cisco/mobile card issues is NAT Traversal – this needs to be enabled on the firewall/router for the client to work over a mobile card, however after checking and double checking, this turned out not to be the cause in this case.
I decided to bypass my prime suspect – the Vodafone Connect software, by setting up a dial-up connection using the dongle as a modem (to do so, set the dial-up number to *99# and use the username/password: web/web This instantly fixed the issue, allowing the VPN client to connect, and suprisingly snappy access to the terminal server.
A bit more research shows that the problem was not Vodafone connect, but actually Cisco’s lack of support for the new NDIS 6.2 driver model used by Windows 7. Judging by how long we had to wait for a 64-bit IPSEC client, I’m not holding my breath for an update.
On the positive side, the windows dial-up client takes only a second or two to connect, wherease the supremely bloated Vodafone client takes some 20-30 seconds to start up & connect. Unfortunately I’m going to have to find another way
of monitoring the data usage as the windows client does not do this.
This has proved to be quite a popular post, here’s a couple of other bits to look for that we see come up every now & again, which can result in the same problem, though not specific to mobile cards (ie connection but no data passing).
1. Check that your local LAN and the remote LAN aren’t trying to use same IP subnet. (quite common if the corporate network is using 192.168.0.x). This will break the routing – the solution is to change your local (client end) lan subnet to something else like for example 192.168.10.x or 172.16.1.x
2. Some low end routers have issues with passing through multiple IPSEC tunnels. Try disconnecting any other devices using IPSEC at the client end. If this fixes the issue, try a firmware upgrade for the router, or a better router.