I was wondering what other Universities use a Cisco VPN 3000 for their
Wireless Authentication? We at SIUC do.
For over two years we have been using 2 Cisco 3030's in Load Balancing
mode and requiring our Wireless users to Authenticate to these for any
Network connectivity, including surfing the web. It has been working
very well, and most people like the system.
Recently there has been an issue with Macintosh VPN Clients. Until the
last few months the only option for Macintosh computers was to use the
Cisco VPN Client for Macs. I recently worked to get the Native
(Built-in) VPN Client with L2TP option as well. So over the summer we
updated the Online docs and the new students were suppose to use the
Native client instead of the Cisco client. The main reason for this was
that the Cisco client had several little issues that most of the
customers were annoyed with. The functionality was fine, at least that
was what was told to me. We did not have any Macintosh computers to
test with or work with, we relied on our Colleges to provide the
feedback and most of the documentation on how to install and use.
Apparently several people noticed an issue but never reported it. The
issue was if the Macs would start a file download, it would kick off the
VPN tunnel. They would immediately have to disconnect and reconnect and
then they could start downloading again. However, after only a few
minutes it would kick them off again. This is only happening with
Macintosh computers. Windows, Linux, and Solaris can download just
fine. All of which use the same Cisco VPN Profile. Macs were the only
one we got working with the L2TP. We found out that this download issue
also exists in the Native client as well as the Cisco VPN Client. If
the users only surf the web and IM all day long, they seem to stay
connected fine. It's only when they start a download, like a System
Update. Even a small download during a system update will cause this.
I have a Cisco TAC case currently open for this and they are claiming
that this is the only known report according to their database. Now
they are pushing stating it's a Macintosh issue, which I tend to think
it's more of a Cisco 3000 config issue. However, if that was the case
why doesn't the other OSes do it? I don't know.
We have several packet captures, of which simply show me that the
packets start off going through the tunnel and then magically stop. The
traffic then goes normally through the network instead of through the
VPN tunnel. To make things even more complicated, the Client shows it
as still being connected (and it won't disconnect), the VPN 3030 shows
the client still connected as well. However, they really aren't and are
passing 0 packets.
If you are using a Cisco 3000 for your VPN please reply and I'd be
interested in if you have experienced any of these issues and if so what
the status of them are.
--
Scott Smith
Network Engineering Services
Southern Illinois University Carbondale
[EMAIL PROTECTED]
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
