WEBVPN/SSL VPN doesn't work over WLANs

Hi,
Please can someone help me establish why only wired connections (outside the network/over the internet) are able to connect to SSL VPN?
If I use a wifi connection at any location outside of my network, then I cannot connect to my SSL VPN. I can only use wired connections.
I suppose this is an MTU issue, but I don't know where and I've tried many combinations of settings. How do I calculate the correct MTU?
Many thanks in advance for your support.
~Matt

You can adjust the MTU size (from 256 to 1406 bytes) for SSL VPN connections established by the client with the svc mtu command from group policy webvpn or username webvpn configuration mode:
[no] svc mtu size
This command affects only the AnyConnect client. The legacy Cisco SSL VPN Client (SVC) is not capable of adjusting to different MTU sizes.
The default for this command in the default group policy is no svc mtu. The MTU size is adjusted automatically based on the MTU of the interface that the connection uses, minus the IP/UDP/DTLS overhead.

Similar Messages

  • VPN doesn't work

    I just switched from Cable Internet to Verizon high speed.  Internet and e-mail work fine, but my Cisco VPN doesn't work with Verizon.
     Thus I can't connect to my servers at work.
    I know my VPN works good because I travel alot and it works in every hotel I stay at, in fact I just tried it down the street through WiFi.
    Does anyone know the fix for this?

    Easy solution......
    Bridge mode is achieved by 2 easy steps:
    1) - Log into the GUI
    click the My Network Icon on top
    Click Network Connections on the left
    Click on the words "Broadband Connection (DSL)"
    Make the Protocol dropdown say "Bridge"
    Make the Bridge Mode dropdown say "Bridge"
    Save - the unit will reset
    2) Log back into the GUI
    Click the My Network icon on top
    Click Network Connections on the left
    Click the on the word "LAN"
    Remove the top checkmark (you want to not enable the DHCP Server)
    Make sure the modems ip address is not going to be the same of your router
    Save
    Exit the GUI
    I made my modem 192.168.10.1, and my routers lan network is 192.168.0.1
    The 6100F is bridged. The internet light will stay out. Whatever the next device on the network is will need to do the PPPoE connection (with your ISP username and password) ex your router
    Myk

  • Facetime, imessage and find my ipad doesn`t work over wifi but they work over 4g

    Facetime, imessage and find my ipad doesn`t work over wifi but they work over 4g, please help me

    Are you sure?
    According to Apple Facetime will only work over WiFi. IOS 6 will bring feature that you can make Facetime call over 3g-4g

  • My VPN doesn't work ever since I upgraded to iOS7

    My VPN doesn't work ever since I upgraded to iOS7, pls help?

    It's been a problem with ios 7, for now try using your apple id for it. Apple is supposed to be putting out a fix for it soon.

  • [solved] SSH doesn't work over PPTP VPN with pptpclient

    I just got set up with access to my work's PPTP VPN. Using pptpclient I can establish a connection and ping servers. I can use telnet to confirm ports 22, 80 etc are accessible and I can access web services in my browser, but SSH doesn't work.
    When I try and SSH to a server it just hangs for a minute and then "Connection closed by 10.70.11.10". Wondering if SSH was using my default route rather than the appropriate tunnel, I tried setting my default route to use the VPN, and ping, telnet, nmap etc still seem to function and return expected results, but SSH still hangs and closes. There are no entries in the sshd log on the servers that I attempted to get access to. I have both Arch and CentOS servers and I cannot get to either via SSH.
    My colleague connected to the VPN on his mobile phone and managed to SSH to a server, so it doesn't seem that the VPN is blocking this... any ideas?
    Thanks
    [update]
    Solved! I found that in /etc/ppp/options, un-commenting -mru fixed this for me:
    # Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
    # 1500).
    -mru
    [/update]
    Last edited by jsteel (2014-08-10 20:06:31)

    targetbsp wrote:
    summit48 wrote:
     Windows10 has hijacked the back end believing every Laptop and Desktop PC is a Smartphone. What do you mean by that?Windows 10: Microsoft under attack over privacyhttp://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings In the "one size fits all" philosophy of Microsoft there is no distinction between a smartphone and a PC. You might turn some of these privacy setting on for a smartphone but not on a PC. 

  • ACE SSL Terminator doesn't work

    Hi,
    I should implement a balancing HTTP and for HTTPS an  SSL terminator on my ACE.
    Public IP 22.235.121.6 port 80 --> balanced on 192.168.250.165-166 on port 8889
    Public IP 22.235.121.6 port 443 --> my ace terminate ssl and balance the traffic in clear text to 192.168.250.165-166 on port 8889
    This is the configuration:
    probe http EXAMPLE_IT_HTTP
    port 8889
    interval 5
    faildetect 2
    passdetect interval 10
    passdetect count 2
    request method get url /probe/probe.html
    expect status 200 206
    expect status 300 307
    open 1
    serverfarm host example_IT_HTTP
    failaction reassign across-interface
    predictor leastconns
    probe example_IT_HTTP
    fail-on-all
    rserver H-192.168.250.165 8889
    inservice
    rserver H-192.168.250.166 8889
    inservice
    serverfarm host example_IT_HTTPS-HTTP
    failaction reassign across-interface
    predictor leastconns
    probe example_IT_HTTP
    fail-on-all
    rserver H-192.168.250.165 8889
    inservice
    rserver H-192.168.250.166 8889
    inservice
    sticky ip-netmask 255.255.255.255 address both example-IT-HTTPS-HTTP
    timeout 60
    replicate sticky
    serverfarm example_IT_HTTPS-HTTP
    ssl-proxy service SSL_example_IT
    key example_it.key
    cert example_it.cert
    chaingroup SSL_CHAIN_example_IT
    crypto chaingroup SSL_CHAIN_example_IT
    cert example_it.ca
    class-map match-all example_IT_HTTP
    2 match virtual-address 22.235.121.6 tcp eq www
    class-map match-all example_IT_HTTPS-HTTP
    2 match virtual-address 22.235.121.6 tcp eq www
    policy-map type loadbalance first-match example_IT_HTTP-l7slb
    class class-default
    serverfarm example_IT_HTTP
    policy-map type loadbalance first-match example_IT_HTTPS-HTTP-l7slb
    class class-default
    sticky-serverfarm example-IT-HTTPS-HTTP
    policy-map multi-match int41
    class example_IT_HTTP
    loadbalance vip inservice
    loadbalance policy example_IT_HTTP-l7slb
    loadbalance vip icmp-reply active primary-inservice
    class example_IT_HTTPS-HTTP
    loadbalance vip inservice
    loadbalance policy example_IT_HTTPS-HTTP-l7slb
    loadbalance vip icmp-reply active primary-inservice
    ssl-proxy server SSL_example_IT
    the balancing on http work properly, but doesn't work the ssl termination, when I try to connect from my client in https I don't see request on the server 192.168.250.165-166 coming.
    Some show:
    balancer# sh crypto certificate all
    example_it.cert:
    Subject: /C=GB/ST=United Kingdom/L=London/O=XXXXXXXX/OU=XXXXXXXXX/CN=*.xxxx.com
    Issuer: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
    Not Before: Apr 11 00:00:00 2014 GMT
    Not After: Apr 12 23:59:59 2015 GMT
    CA Cert: FALSE
    example_it.ca:
    Subject: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Not Before: Nov  8 00:00:00 2006 GMT
    Not After: Jul 16 23:59:59 2036 GMT
    CA Cert: TRUE
    balancer# sh crypto session
    SSL Session Cache Stats for Context
    Number of Client Sessions: 0
    Number of Server Sessions: 0
    balancer#
    balancer# sh crypto files
    Filename File File Expor Key/
    Size Type table Cert
    cisco-sample-cert 1082 PEM Yes CERT
    cisco-sample-key 887 PEM Yes KEY
    example_it.ca 7444 PEM Yes CERT
    example_it.cert 1812 PEM Yes CERT
    example_it.key 1675 PEM Yes KEY
    balancer#
    balancer# crypto verify example_it.key example_it.cert
    Keypair in example_it.key matches certificate in example_it.cert.
    balancer#
    the show stats crypto client/server give me all 0
    Someone can help me to understand why is not working ?
    for further information please ask me
    Thanks a lot

    Hi,
    The problem is here:
    class-map match-all example_IT_HTTPS-HTTP
      2 match virtual-address 22.235.121.6 tcp eq www
    You should change it to 443 instead of WWW which means port 80.
    You will never match this class "example_IT_HTTPS-HTTP".
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful.

  • VPN doesn't work anymore after 10.6.2 update

    Hello to all,
    I've a MacPro with 10.6 SnowLeopard server, and until yesterday all was great with 10.6.1.
    After update to 10.6.2 plus some airport update, VPN dooesn't work.
    Could someone help me?
    I use the firewall on Airport extreme (the latest model) and automatically forward VPn setting from SLServer Firewall.
    Why it don't go anymore?
    thank you to all for help
    Marco
    Italy

    so, I'm trying from home to use VPN:
    - if I try from usual user, doesn't work
    - if I try from Server Administrator credentials (user + password) it works
    Of course I need to use VPN from "normal" client users, not with Administrator credentials
    Another strange issue is: in VPN netwotk configaration (client, preferences, network) if I put name and password about one user the 2 field become locked and I must erase that VPN connection and create it again.
    If I put the administrator name+psw, the 2 field remaining accesible and unlocked.
    I think in Apple they made a very bad job with 10.6.2 and VPN!
    has someone any suggestion?
    Marco

  • VPN doesn't work since I reset permissions

    Hi .
    Recently I reset my permissions via disk utility app, Since I did that, VPN doesn't connect on my mac. it works with same VPN information on my iPad & iPhone so the problem is not from VPN.
    I'll be glad if you could help me.

    Try:
    - Reset the iOS device. Nothing will be lost
    Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
    least ten seconds, until the Apple logo appears.
    - Reset all settings      
    Go to Settings > General > Reset and tap Reset All Settings.
    All your preferences and settings are reset. Information (such as contacts and calendars) and media (such as songs and videos) aren’t affected.
    - Restore from backup. See:                                 
    iOS: How to back up                                                                
    - Restore to factory settings/new iOS device.             
    If still problem, make an appointment at the Genius Bar of an Apple store since it appears you have a hardware problem. Other users have had the same problem.
    Apple Retail Store - Genius Bar                                      

  • PPTP VPN doesn't work on iOS 6

    I just tried to set up my iPad 2 (on iOS6) for an already working PPTP VPN server on my DD-WRT and found out that it doesn't work anymore (apparently somethings changed after iOS 4.3 according to tons of blogs on the net) There seems to be a few solutions about adding a couple entries to /tmp/pptpd/options.pptpd but none of these worked for me on iOS 6. Is there anyone knows a solution to this problem?
    Note: nopcomp, noaccomp, default-asyncmap, mru 1400, mtu 1400 options do not work nor doesn't seem to help a bit at all, by looking at the dd-wrt log output. Most people claim these options make it work for iOS 5, but didn't work for me.

    Yeah, resurrecting old thread here...
    I was having similar problems with iOS6 and my DDWRT running on Buffalo WZR-600DHP.  After I changed the mtu & mru to 1400, it worked.  It was driving me nuts before.

  • Changed the Shared Secret, and now VPN doesn't work...

    Hello all. So our VPN was working fine. I changed the Shared Secret, and it stopped working. Seems like any Shared Secret now that I use doesn't work, and I've been triple-checking it on both the server and clients to make certain that it's not miss-typed.
    It seems to connect OK, but then it fails to authorize. I've got the proper ports open, and again, it worked just fine with the first Shared Secret I used.
    Is there something I'm missing about Shared Secrets here? You should be able to change them when you need too, right?
    Message was edited by: Jeffrey McGrew

    Looking at the logs I'm seeing something strange that I don't understand. It appears that one part of the authorization is succeeding, and another part failing:
    "DSAuth plugin: Could not authenticate key agent for encryption key retrieval."
    Then, two lines later:
    "CHAP peer authentication succeeded for USER"
    "DSAccessControl plugin: User 'USER' authorized for access"
    But then the client never shows that it's authorized. So is this a problem with the client configuration, since the server is showing an authorized session starting, or is there something wrong with the DSAuth Plugin?
    (going to read more PDFs)

  • Verizon messages app doesn't work over wifi....

    Hello, all,
    Until recently, I used the verizon messages app to send/receive texts over wifi on my gs3 when I had no cellular/data reception.  Now it will only send/rec when there's cell reception.
    But...the app does still work over wifi onmy galaxy tab 2 7.0.
    Why could this be?  Did a recent app update break txt over wifi for the gs3?
    Thanks!
    Abe

    This does NOT work on the Galaxy S3.
    Airplane mode ON, Wifi ON, No network mode is available in Airplane mode.  So...only wifi is available.  When I try to send a text with only wifi available I get "Network not available.  The message will be sent when the network is available"
    BUT...On my Galaxy Tab 2 (non-verizon), This DOES work.  On the tab 2 with only wifi available, I CAN send text messages using Verizon Messages.
    So....again...
    On Galaxy Tab 2 with only WiFi available...texting with Verizon messages DOES work.
    On Galaxy S3 with only WiFi available...texting with Verizon messages DOES NOT work.
    Please fix Verizon Messages to work over WiFi using Galaxy S3.
    Thanks,
    Abe

  • Officejet 4500 doesn't work over ethernet connection

    My Officejet 4500 is recognized by my router but not by anything else.  Tablet doesn't see it nor does the desktop.  Your also supposed to be able to set it up as sort of a cloud printer...but that doesn't work either.  System is Vista Home Basic 32 bit SP2.
    HP= Good hardware + terrible software
    Dell= Bad hardware + good support

    Hi Tim,
    I would like to confirm the exact model of your printer.  Is this the G510h or a different model? 
    The list of printers and the ePrint (Cloud) support list is here:
    http://h10025.www1.hp.com/ewfrf/wc/document?docname=c03722645&tmp_task=prodinfoCategory&cc=us&dlc=en...
    Is the desktop also connected Ethernet to the network?  Does the printer network status page show a network IP address?
    Which tablet do you have?
    I was an HP employee.
    Please mark the post that solves your problem as "Accepted Solution"

  • Client VPN doesn't work until reload; all other services are fine

    We have a 1800 router running 12.4.x that is acting up.  Every week or 2, client vpn connectivity stops working on it (clients receive a ' reason 412; the remote peer is no longer responding' when trying to connect).  All other traffic running through that router continues to work fine (site to site, nat, etc).  If we run a 'clear ip nat translation', then ONE client can reconnect, but any subsequent clients cannot.  So, basically one at a time.  the only 'fix' is a reboot of the router.  any suggestions on where to start troubleshooting?
    thanks!                  

    Matt,
    Did you disable NAT-T on this device?
    http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution01
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Incoming VPN doesn't work with PAT over DHCP

    I have an 1841 that uses PAT for outbound traffic.  External Fe0/0 port gets its IP via DHCP. 
    ip nat inside source route-map NAT-MAP interface FastEthernet0/0 overload
    I have an internal server that runs SSH so I have a port forwarding rule on the router:
    ip nat inside source static tcp 172.16.32.3 22 interface FastEthernet0/0 22
    Now I added VPN pool, but VPN clients cannot reach the server on port 22. 
    The statement below would fix the problem:
    ip nat inside source static tcp 172.16.32.3 22 <STATIC IP> 22 route-map NO_NAT-MAP extendable
    If I understand correctly this statement is only available for STATIC IPs, in my case I get the IP from DHCP.  Anyone knows a workaround?
    thanks!

    Resolved!
    It appears that he Scientific Atlantic modem than RCN provides needs a hard reset when switching routers. The way to do this is a careful sequence:
    1. unplug ethernet to old router
    2. unplug coax
    3. power off for at least 60 seconds
    4. plug in coax
    5. power up and check for status lights
    6. plug ethernet cable between the Time Capsule and the modem
    This time it picked up the DHCP settings and hence works just fine. Phew! So, the problem was not with Apple but with RCN.
    Jonathan

  • Song-Radio doesn't work over different (Spotify Connect) devices at same time (anymore)

    In current Versions of the Clients (Android, Windows, Spotify Connect Device (Yamaha CD-N301)) the Song-Radio function doesn't sync the Song-Radio List* (not the playlist!) correct over different devices. For example, if I start a Song-Radio on Android, the correct screen is shown on my Android Device, but in the Windows Client, I see only "a normal playlist" without the thump up/down buttons, but with the (in Radio-Modus not allowed) back button. In the other direction (starting Song-Radio in Windows and look it on Android) it also do not work. It's possible a bug - not only that it worked in older Versions - starting a Song-Radio on Windows with a Spotify Connect Device currently being the speaker (Android or Yamaha CD-N301) results in a "working" Radio Screen in Windows, but the current playing Song isn't that shown on the Radio Screen, but the Speaker Symbol on the Song in front is shown! (see attached screenshot)Starting the Song-Radio in Windows with Windows is the Speaker works. It looks like that it works also when it's switched to another device as speaker after the Song-Radio was started with Windows as the Speaker. Starting the Song-Radio in Android Device shows the correct Song on all devices - even with other devices as the speaker - but it's not shown as Radio on Windows. Possible it's just a problem with the Windows Client - but without more devices to test, I couldn't say, and when starting the post, I noticed it while listening to my Yamaha CD-N301. *: The Radio Screen where I'm able to see the current and last played songs and where I'm allowed to like/unlike (thumb up/down) the current song, and where I'm also only allowed to forward to the next song - not go back to the last ones, so the backward arrow is missing. Well, you possible know what screen I mean - it's that one called Radio :D

    emeres wrote:
    schizo-ri wrote:When I try to pair it shows it failed. Is this normal, it doesnt have to be paired? In Gnome bluetooth settings it also shows DS3 as connected but not paired.
    Wiki wrote:Now you will need to pair it with bluez.
    Are there any additional messages in dmesg or journalctl?
    Yes, from journalctl:
    bluetoothd[267]: No agent available for request type 0
    bluetoothd[267]: device_request_pin: Operation not permitted
    emeres wrote:
    Wiki wrote: Next time you hit the Playstation button it will connect without asking anything else.
     Does it do that?
    Yes, it connects.
    kernel: input: PLAYSTATION(R)3 Controller as /devices/pci0000:00/0000:00:12.0/usb3/3-4/3-4:1.0/bluetooth/hci0/hci0:3/0005:054C:0268.0006/input/input17
    kernel: sony 0005:054C:0268.0006: input,hidraw1: BLUETOOTH HID v1.00 Joystick [PLAYSTATION(R)3 Controller] on 00:15:83:15:a3:10
    bluetoothd[267]: sixaxis: compatible device connected: PLAYSTATION(R)3 Controller (054C:0268)
    upowerd[501]: (upowerd:501): UPower-Linux-WARNING **: no valid voltage value found for device /sys/devices/pci0000:00/0000:00:12.0/usb3/3-4/3-4:1.0/bluetooth/hci0/hci0:3/0005:054C:0268.0006/power_supply/sony_controller_battery_00:24:33:54:94:fb, assuming 10V

Maybe you are looking for