Jump to content

Cisco VPN client and DW6000


presleyhome

Recommended Posts

Hello All. The company I work for uses a VPN client from Cisco (version 4.0.5). I use it with DSL, No problems other than the typical performance hit. I even used it through Verizon's 1X broadband wireless connection with no problems either. I will indeed have a talk with our IT group, but here is the problem I am having. When I run the VPN client app, it opens a screen with various company server locations around the world. I select the closest one (San Francisco bay), and hit enter. It then opens a login window with My employee ID, and a place to enter a random code generated by a card I have (from Secure Computing Corp). I do that, and it goes out to authenitcate with the server. It never connects. Looking at the log, I see it returning that the "packet size is larger than header". It thinks something is wrong, so it just keeps retrying. No need to answer what it is doing, I'll get that from the IT and Cisco folks. But has anyone here had a similar problem and solved it? Would save me alot of time.

Thanks all!

Jim P

Link to comment
Share on other sites

From the Direcway support KB

Virtual Private Networking (VPN) overview and FAQs

Solution

What is VPN?

A Virtual Private Network (VPN) is a secure data tunnel between two computers over public networks like the internet. A VPN is created by special software that authenticates users, establishes a temporary connection between two computers, and encrypt data on one side while decrypting it on the other. This process creates a secure conduit between the two computers and allows them to pass data back and forth privately even over public resources.

Does VPN work with DIRECWAY?

Yes, but DIRECWAY works better with some VPN solutions than others. V-One, for example, has provided satisfactory results for some DIRECWAY customers. However, there are alternatives to client/server VPNs which allow high speeds over DIRECWAY, such as a DIRECWAY private network (whether it's a dedicated backhaul or router-to-router VPN). Often alternatives such as web-enabled mail servers, file servers, etc. encrypted with SSL are an even a better way to do the same thing for which customers might have used a VPN while allowing high speeds over DIRECWAY. Most VPNs require a static, routable public IP address; this is available with DIRECWAY Business Edition; see http://be.direcway.com/ for details.

How will a VPN client affect my DIRECWAY Performance?

A VPN clients performance on an FTP download will vary, but typical rates can vary from approx. 1/8 to of the standard DIRECWAY speeds. The majority of client/server VPN connections cannot take advantage DIRECWAY performance-enhancing technologies because packets are tunneled by the VPN application from end to end. One exception is V-One SmartGate, which is compatible with DIRECWAYs acceleration technology and thus can offer increased performance. Typically, all applications that work without a VPN client will work with a VPN client, however often with some decrease in speed.

Have VPN solutions been tested with DIRECWAY?

The following VPN clients have been tested with the Hughes Model DW4000 (DIRECWAY two-way terminal):

    Note:  Only the versions below have been tested with DIRECWAY DW4000. Any additional versions/software titles will require further testing.

Microsoft Windows VPN (PPTP)

Cisco VPN CVPN-CLNT-30-K9

Nortel Extranet Access Client.V02_62.33

CheckPoint VPN-1 SecuRemote 4.1

V-One SmartGate (does not require Static IP)

AT&T Netclient v5.03 (AT&T proprietary software)

Does Hughes Network Systems provide technical support to VPN customers?

No. HNS does not provide any technical support for setup or troubleshooting for any VPN products. Support for these applications should be acquired from the respective vendor.

Frequently Asked Questions

Q:  Are there any parameters that I can tune to speed up my client/server VPN service?

A:  There is usually nothing that you can tune to speed up the service using a VPN client/server application. Some VPN client installations change the RWIN value of the Microsoft TCP/IP stack. DIRECWAY requires that the RWIN value remain at 200,000.

Q: Can I use a client/server VPN to access my network drives on my corporate network?

A: The inherent latency in satellite networks makes disk sharing difficult but not impossible. Each type of network would have to be evaluated and tuned by the enterprise user to work over the DIRECWAY network.

Q: Can I contact HNS for support and or troubleshooting the VPN Client software?

A: No. Support should be offered by the VPN Client software.

Q: Where can I purchase DIRECWAY Business Edition?

A: DIRECWAY Business Edition can be purchased via the network of Value Added Resellers or from Hughes Network Systems directly for large enterprise applications. See the Business Edition page at http://be.direcway.com/ for details. The Value Added Resellers provide local sales support, installation, and personalized attention to your DIRECWAY services.

Q: Can I use a client/server VPN to access my email on my corporate network?

A: Most enterprise email solutions such as Lotus Notes and Microsoft Exchange have several ways for remote users to access their email. The most popular are direct server/database access, Web based email, synchronized mail, and POP3/ SMTP mail. Synchronized mail, POP3 and Web based mail work reasonably well over a VPN connection. On the other hand, directly accessing the database or server with the email client either may not work at all or performance is severely limited.

Q: Can I share my DIRECWAY connection with other computers on a home LAN (e.g. with Microsoft Internet Connection Sharing) and have them connect to my corporate network through a VPN?

A: In most cases, the answer is yes. The VPN client should be installed on the computer that also has the DIRECWAY software. Once the VPN connection is established from the DIRECWAY computer, the computers on the LAN can then share the connection.

Q: My DIRECWAY system shows an error message that TCP/IP is not correctly bound to the Satellite Adapter every time I start the Navigator.

A: The DIRECWAY client performs essential startup diagnostics when Navigator starts. The installation of some VPN clients (for example Checkpoint) interferes with these diagnostic checks. These diagnostics include such things as: verifying the TCP/IP stack is installed, properly configured, only one adapter is installed and the adapter is responding to simple commands, etc. If you are experiencing problems with one particular VPN client, try using a different client.

HNS-25054

Link to comment
Share on other sites

I use the same VPN client. Set your MTU to 1300. Check your device manager under Network adapters and make sure you are using the deterministic network enhancer, ie, make sure it is enabled  for your lan card that is connected to the dw6000.

Before you change the mtu, do this:

1. The following ping command will tell you what  the mtu should be set to:

ping -f -l 1432 <ip address for your vpn concentrator you connect to>

If the ping works without seeing a message about the packet needing fragmented, then add 28 to the 1432 above and this means your mtu should be set to 1460.

Keep increasing the number after the '-l' switch in the command until you see the packet needs fragmented message then back off 1. Once you find the mtu that won't get fragmented, then add 28 and that is where your mtu should be set. This is the mtu for any internet connection when you are not using vpn. If using vpn, the deterministic network enhancer will change yoru mtu. If you are not using the dne, just set your mtu to 1300 and see if it works. If not, try 1200.

VPN needs a lower mtu to work reliably.

Hope this helps.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...