MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
norfdungal
Newbie

So, my vpn connections work if I use my UML290 on windows using verizon access manager

 

I am now using the new verizon access manager on my mac, and my VPN connections do NOT work. It tries to connect then immediately stops the attempt at connecting and fails (i can access other websites etc OK, I have connectivity!)

 

This is a huge problem for me

 

 

Labels (1)
0 Likes
Reply
19 Replies
rutiger
Newbie

same here which makes it useless as i only need mobile access for work.

0 Likes
Reply
rutiger
Newbie

i called vz support.  tech claimed vpn hasn't worked with the lte cards since day one.  i can't confirm or deny that as i don't remember if i ever tried vpn or not since i got the card.  because the connectivity under the manual setup was so bad i just put the card away and never used it.  i got vzam in osx to connect once today and the speed was great (no vpn though).  i've never been able to get it to reconnect in osx or windows since.  vz is sending me a new uml290 and sim.  doubt that will help, but what the heck.  if they don't fix the vpn issue soon i'm just going to reactivate my old um150 or cancel service altogether and find another solution.

0 Likes
Reply
norfdungal
Newbie

Yeah its frustrating.

 

a) Earlier today I can't connect at all with my vpn client when connected to 3g/1x

 

b) Tonight, (in a different part of town), I can connect, but only for 5 seconds before the vpn client kills the connection. It consistently dies after 5 seconds

 

Who knows, my VPN works fine when I am on a WIFI or ethernet connection, but once I connect to verizon, its game over

0 Likes
Reply
willzzz99
Contributor - Level 3

The problem has to do with the IP address and the eHRPD gateway VZW is using. If it works in Windows then in Mac with VZAccess (make sure it's UPDATED to the latest version + LATEST firmware version, if in doubt make sure you have the latest version of VZAccess on Windows installed and it will make sure the firmware is updated to the latest.). Then reboot into Mac. Make sure the IP address you are receieving is a PUBLIC WAN IP address. If you are getting a NATed 10.x.x.x address then call tech support and ask for a public FQDN WAN IP address. 

0 Likes
Reply
rutiger
Newbie

could be a total fluke, but i was just running in osx with 3g connected to vpn and it was all working.  i updated vzam in windows and it also prompted to update the card firmware.  after that in windows it connected fine with 3g and vpn worked.  i then shutdown windows and connected in osx.  it failed to connect the first couple of times, but once it did connect vpn worked fine.  and in both windows and osx i was getting a 10.x address.  so the 10.x address statement doesn't appear to be accurate nor does the vz tech's statement to me that the lte cards don't work with vpn.

0 Likes
Reply
rutiger
Newbie

in a 4g area now.  it connects everytime with good speed in windows/fusion and vpn works.  in osx it rarely connects.  it actually shows as connected, but drops within a few seconds and never gets an ip.  the couple of times it did connect i got an ip, but couldn't ping anything.  i have a new card coming today to see if that resolves anything.

0 Likes
Reply
rutiger
Newbie

got new card and sim.  all i get now in windows is wmc604.  i'm going to give this about 15 more mins then i'm returning both cards and canceling service altogether.  i've wasted far too many hours with this crap.

0 Likes
Reply
Rosettamm
Newbie

Have there been any updates on a resolution for this issue?  I am encountering the same problem.

0 Likes
Reply
tdc20009
Newbie

Hello,

I have been having the same problems. When not connected to VPN, things work fine. When VPN connects, all traffic stops passing, even though there is a successful connection. When I disconnect VPN, all traffic resumes.

I have gone through this with technical support even to the point of doing a trace during the problem and they confirm that the traffic drops, but do not feel it is a network issue. This problem does not happen with any other network adapter I use (Wi-Fi, T-mobile 4G laptop stick).

I've put together links of articles I have found online describing this problem and probable cause - which I think is an IP address conflict in the 10.x.x.x space. No resolution has been offered to me. I hope these articles help others or if they are having the same experience they might post here.

http://delicious.com/stacks/view/SL8rGb - "Verizon LTE problems with VPN using Pantech UML 290" - Link Stack

If anyone comes across a resolution or knows if there will be an update of any kind to fix this, I would appreciate it, thank you.

0 Likes
Reply
John_Getzke
Champion - Level 1

TDC,

I can confirm for you that VPN connections do work on the 4G LTE network, even when a public IP address is not provided.  We use both the Cisco IPSec and Cisco SSL VPN's with no issues.  Everthing is the same for us as it was on the 3G only devices.

You, or your administrators, should be able to configure your VPN clients to work with the VZW network.  Another Cisco VPN user commented that he needed to enable a feature called NAT-Traversal to get his VPN to work. 

MiFi - Cisco IPSec VPN connection blocked once connected:

https://community.verizonwireless.com/thread/771300

Feel free to share which VPN client you are using so we can document any new limitations.

0 Likes
Reply
tdc20009
Newbie

John,

Thank you. Using the built-in Mac OSX Lion Cisco client. If you can figure out how to configure that client to work properly with your network let me know.

Until then, like the others on this discussion, I can confirm that VPN clients like this one do not work with this adapter, and they work with every other adapter I use, including T-Mobile's 4G laptop stick (that's my backup for the Verizon LTE device).

I am not a VPN administrator and I do not have access to configure NAT-Traversal, and it's not clear to me why I need to be one to use this device when I don't need to reconfigure anything for your competitors adapters. They just work.

I have been hoping to have a resolution so I can make the jump to LTE, if you can provide guidance I would definitely appreciate it.

0 Likes
Reply
John_Getzke
Champion - Level 1

tdc20009 wrote:

I am not a VPN administrator and I do not have access to configure NAT-Traversal, and it's not clear to me why I need to be one to use this device when I don't need to reconfigure anything for your competitors adapters. They just work.

Unfortunetly this is the nature of the beast with Verizons 4G LTE network.  NAT interferes with many of the services which we have taken for granted on the old non-SIM/3G only network.  Other wireless providers will work because they are not hiding behind a NAT firewall, or thiers happen to not interfere with the VPN connection.

Start a ticket with your IT admins and have them resolve the issue for you.  You wont be able to do this on your own.  Point them to this thread and the other one I linked you to for more details.  Once they know where the problem is they should be able to resolve it or open a ticket with Cisco to configure around the problem.

0 Likes
Reply
tdc20009
Newbie

John,

Thank you. I will try.

Does this affect all Macintosh users globally, i.e. any of them who choose Verizon LTE will not be able to use the service to connect to VPN without bringing their IT department to fix something on their end?

Are there no options on Mac clients to make this work with your version of LTE where it does work with your competitors?

Are there any other Macintosh users out there who are experiencing similar problems?

I think this is a strange thing to discover only after using the network (ie. it is not advertised as "doesn't work with VPN out of the box"), and also on this forum, after going through many levels of technical support.

Last Q, it sounds like this is not just an issue for Macintosh users. How are PC users faring with this problem?

I think users are trying to understand the difference in friction between using this LTE versus another that doesn't have this built-in issue. Anything you can do to lessen that will make the choice to stay easier. Thank you for any additional information.

0 Likes
Reply
John_Getzke
Champion - Level 1

Before I say too much lets isolate your issue a little more.  A simple test would be to visit a VZW store and try out another mobile broadband device. 

If your problem is re-createable with another 4G LTE device then the problem is with your Cisco VPN configuration.  Tell your IT admins to look into it as they should be able to reproduce the problem on thier own.  If the VPN cannot be configured around new devices then you know for sure that VZW will not work for you.   

If you cannot re-create the problem on another device then there is an issue with the UML290.  Have VZW swap out the device with a replacement or different model of equal value for free.  Should no other device meet your requirements except the UML290 then you can feel confident leaving VZW for technical reasons. 

0 Likes
Reply
John_Getzke
Champion - Level 1

Here are some other solutions posted to the forums which may apply to your situation.

Shrew Soft VPN wont connect through 4G LTE:
https://community.verizonwireless.com/message/537358#537358
- Need to check version and possibly downgrade the firmware

4G LTE and cisco AnyConnect VPN
https://community.verizonwireless.com/message/533690#533690
- No solution except swap devices

UML290 USB Modem 4G
https://community.verizonwireless.com/message/369742#369742
- Enable VPN passthrough on the UML290

0 Likes
Reply
tdc20009
Newbie

Hi John,

I followed up on the internal IT ticket and as expected, they are not going to make the change just to accommodate the Verizon network issues. Their workaround is to use the modem only in 3G mode, which of course defeats the purpose of LTE in the first place.

I think your assessment that " then you know for sure that VZW will not work for you.   " is probably correct for myself and others in this situation. I'll leave my links up so others can understand this problem as it is common.

I did receive a callback from Verizon tech support and they understand the problem and will be following up with Cisco. Of note, the Cisco tech note advises that another workaround is to use Sprint 4g -> https://supportforums.cisco.com/docs/DOC-17314

If this is fixed in the next 30 or 60 days please post here, thank you!

0 Likes
Reply
John_Getzke
Champion - Level 1

We'll it is comforting to know that everyone has agreed on the same problem and solutions.  The responses seem to be consistent between VZW, Cisco and the forum users.  Its funny that Cisco suggests using Sprint as a possible work around.  I wouldn't put any salt behind VZW's promise to resolve the issue on thier side. 

Its too bad your IT Admins are not willing to reconfigure thier VPN device for you.  Your company must have a very specific reason as to why they do not want to enable NAT-T or any of the other configuration work arounds.  If that is thier decision then we will have to respect it for now.

I can tell you that switching your device to 3G only will not correct the problem anyways.  Your UML290 has a SIM card which means it will always be on the new network, despite which mode it is in.  Only an old GSM/Non-SIM device can serve as a true work around when it comes to VZW devices and your VPN issue.   

0 Likes
Reply
tdc20009
Newbie

John,

You've been very helpful, I appreciate it. Do you work for Verizon? You've provided the best information I have received so far.

I think it's too bad that Verizon wouldn't look at this and say, "every other adapter our potential customers use with our competitors networks work, ours is the only one that doesn't, maybe we should conform to the rest of the world."

From the corporate IT perspective, it doesn't make sense that they would potentially compromise their setup to accommodate just one vendor, because switching costs are so low, it's just easier to move people to the other 95% of vendors who don't exhibit this problem. I have to say I'm sympathetic to their situation.

The comment I received in my help ticket is that "this is new technology" which means I assume it will be ironed out over time. It's a reminder that sometimes things marketed as fully baked are really not. And, in the era of social media, nice that we can discuss it here so people can learn and fix things.

Thanks for the heads up about 3G as well.

0 Likes
Reply
John_Getzke
Champion - Level 1

I am not associated with Verizon in any way.  Contributing to the VZW forums simply fills a passion of mine to troubleshoot networking problems and learn about new technologies.  It is certainly in VZW's best interest to supply us with a forum so that we can resolve issues on our own and get real answers from time to time. 

0 Likes
Reply