We use a Cisco 3030 (stand alone) for VPN access (vpn3000-4.7.2.F-k9.bin).
We have Cisco 1240 AP's and are running VPN client 4.9.00.0050 (latest one
for Intel/PPC) and have not heard of any issues. I just booted up two
Macs (Intel and PPC) and did a software update. Both of them seem to be
going fine so far. So no news here. If I find something out I will email
this list.
On Wed, 30 Aug 2006, Scott Smith wrote:
I was wondering what other Universities use a Cisco VPN 3000 for their
Wireless Authentication? We at SIUC do.
For over two years we have been using 2 Cisco 3030's in Load Balancing mode
and requiring our Wireless users to Authenticate to these for any Network
connectivity, including surfing the web. It has been working very well, and
most people like the system.
Recently there has been an issue with Macintosh VPN Clients. Until the last
few months the only option for Macintosh computers was to use the Cisco VPN
Client for Macs. I recently worked to get the Native (Built-in) VPN Client
with L2TP option as well. So over the summer we updated the Online docs and
the new students were suppose to use the Native client instead of the Cisco
client. The main reason for this was that the Cisco client had several
little issues that most of the customers were annoyed with. The
functionality was fine, at least that was what was told to me. We did not
have any Macintosh computers to test with or work with, we relied on our
Colleges to provide the feedback and most of the documentation on how to
install and use.
Apparently several people noticed an issue but never reported it. The issue
was if the Macs would start a file download, it would kick off the VPN
tunnel. They would immediately have to disconnect and reconnect and then
they could start downloading again. However, after only a few minutes it
would kick them off again. This is only happening with Macintosh computers.
Windows, Linux, and Solaris can download just fine. All of which use the
same Cisco VPN Profile. Macs were the only one we got working with the L2TP.
We found out that this download issue also exists in the Native client as
well as the Cisco VPN Client. If the users only surf the web and IM all day
long, they seem to stay connected fine. It's only when they start a
download, like a System Update. Even a small download during a system update
will cause this.
I have a Cisco TAC case currently open for this and they are claiming that
this is the only known report according to their database. Now they are
pushing stating it's a Macintosh issue, which I tend to think it's more of a
Cisco 3000 config issue. However, if that was the case why doesn't the other
OSes do it? I don't know.
We have several packet captures, of which simply show me that the packets
start off going through the tunnel and then magically stop. The traffic then
goes normally through the network instead of through the VPN tunnel. To make
things even more complicated, the Client shows it as still being connected
(and it won't disconnect), the VPN 3030 shows the client still connected as
well. However, they really aren't and are passing 0 packets.
If you are using a Cisco 3000 for your VPN please reply and I'd be interested
in if you have experienced any of these issues and if so what the status of
them are.
--
Scott Smith
Network Engineering Services
Southern Illinois University Carbondale
[EMAIL PROTECTED]
**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
-- Walter Reynolds
University of Michigan
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
