Cisco VPN Not Working Wirelessly

Discussion in 'Tomato Firmware' started by Stach, Jan 12, 2007.

  1. Stach

    Stach Network Guru Member

    First off, I've gotta say, like everyone else, that the Tomato firmware ROCKS!!!

    But, I've got 1 small issue that I have isolated down to the wireless portion of the router. Very simply, I can not connect to my works Cisco VPN concentrator using the Cisco VPN Client when my laptop is wirelessly connected to my WRT54G running Tomato v1.02 If I plug my laptop into the WRT54G instead, the Cisco VPN client connects flawlessly using either TCP or UDP (neither of which work wirelessly). This is the only problem that I am having, does anyone have any ideas for a fix???

    The long story is that the WRT54G was acting as only an AP running DD-WRT v23 SP1 and I was able to connect wirelessly with the Cisco VPN client at that point. I decided to make my WRT54G a router as well when I read about the Tomato firmware and demote my Vonage Router to just doing Vonage. I know this access point has been successful in connecting wirelessly with Cisco VPN client in the past using DD-WRT and even the Linksys firmware before that.

    Before finding out that it worked when connect via an ethernet cable, I tried changing the following to get it to work wirelessly with no result:

    - Placed in DMZ under "Port Forwarding -=> DMZ" (have turned it off again)
    - TUrned off "Inbound Layer 7" on "Advanced -=> Conntrack / Netfiler" (have turned it on again)
    - Turn ON "Allow Multicast" in "Advanced -=> Firewall" (have turned it off again)
    - Turn ON "Enable UPnP" under "Port Forwarding -=> UPnP" (have turned it off again)

    Thanks in advance for your help!
  2. njeske

    njeske Network Guru Member

    I use a Cisco VPN client on my laptop at home and connect to a Cisco VPN concentrator at my college without any issues. I never setup any sort of special settings to make it work. Check the settings in the Cisco VPN software. I think there's a setting in their someone where you have to tell it which network connection you're using if you have multiple adapters.
  3. Stach

    Stach Network Guru Member

    Thanks for the reply, but I can connect wirelessly via the Cisco VPN client to thru another friends Access Point with no problems, the only thing that has changed is that I put the Tomato firmware on my WRT54G and made it a router. I have also just verified that a second laptop with a completely different wireless card cannot connect using the Cisco VPN client as well through my WRT54G, while it works fine at their house.

    I wish mine would work "out of the box" as well, but this is the only issue that I have with the Tomato firmware, every other feature of this firmware is the best that I've seen!

    Please keep the suggestions coming.
  4. Stach

    Stach Network Guru Member

    Here's what I see in the Cisco VPN Client's log when I attempt to connect wirelessly.

    8 14:08:44.625 01/12/07 Sev=Info/6 IPSEC/0x63700020
    TCP SYN sent to, src port 1489, dst port 10000

    9 14:08:49.642 01/12/07 Sev=Info/6 IPSEC/0x63700020
    TCP SYN sent to, src port 1489, dst port 10000

    10 14:08:54.650 01/12/07 Sev=Info/6 IPSEC/0x63700020
    TCP SYN sent to, src port 1489, dst port 10000

    11 14:08:59.657 01/12/07 Sev=Info/6 IPSEC/0x63700020
    TCP SYN sent to, src port 1489, dst port 10000

    12 14:09:04.654 01/12/07 Sev=Info/4 CM/0x6310002A
    Unable to establish TCP connection on port 10000 with server "vpn1.*****.com"

    Port 10000 (Cisco default) never gets a's almost as if the Linksys isn't allowing the reply through wirelessly, but will when connected via an ethernet cable.

    Here's how it looks when I use a wired connection:

    30 14:14:27.128 01/12/07 Sev=Info/6 IPSEC/0x63700020
    TCP SYN sent to, src port 1513, dst port 10000

    31 14:14:27.128 01/12/07 Sev=Info/6 IPSEC/0x6370001C
    TCP SYN-ACK received from, src port 10000, dst port 1513

    32 14:14:27.128 01/12/07 Sev=Info/6 IPSEC/0x63700021
    TCP ACK sent to, src port 1513, dst port 10000

    33 14:14:27.128 01/12/07 Sev=Info/4 CM/0x63100029
    TCP connection established on port 10000 with server "vpn1.*****.com"

    34 14:14:27.659 01/12/07 Sev=Info/4 CM/0x63100024
    Attempt connection with server "vpn1.*****.com"

    35 14:14:27.669 01/12/07 Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with

    36 14:14:27.709 01/12/07 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to

    Let me know what you think.
  5. mr_infinity

    mr_infinity LI Guru Member

    I (& several other people at my company) had problems using the Cisco VPN client wirelessly. Setting the MTU down to 1000 fixed it up straight away. This was using WRT54G with both stock & HyperWRT firmware. I have since converted over to Tomato with no problems. The exact setting may vary - we got the recommendation from our networking folks.
  6. GeeTek

    GeeTek Guest

    How does it work if you disable QOS ? How fast is your internet ? I had complaints about poor VPN service once. I created 2 QOS rules to favor this ;

    TCP/UDP Port: 500,4500,1000 B "VPN"

    GRE B "Most VPN traffic"

    My class B is high priority traffic and this fixed the VPN problem. I don't know what type of system it was. I have never even heard of GRE protocol. The rules copied from Tomato across a remote desktop connection and pasted right into this site. Cool Stuffff......
  7. BeHappy

    BeHappy Network Guru Member

    Solution: Reinstall cisco vpn program, winsocks fix, now its worked w. wireless too.

    Ciso VPN doesn't work wireless for me too since my update to 1.02 version regardless of connection by udp or over tcp (port 80). Only wired cisco vpn works !
  8. mr_infinity

    mr_infinity LI Guru Member

    Just one point - I am still on 1.01 so I can't comment on any 1.02 specific issues. However, my Cisco VPN has worked with several of the earlier Tomato releases.
  9. RTSAnime

    RTSAnime Network Guru Member

    odd my cisco vpn works just fine wirelessly.

    My Settings: DMZ off
    Allow multicast off
    nat loopback on
    inbound L7 off
    upnp on
  10. dvaskelis

    dvaskelis Network Guru Member

    I use a Cisco VPN client from Windows and OS X without issues through my Tomato-based router. However, I cannot have two clients using the same VPN at the same time. So, I can recreate your scenario if I connect on a wired client, and then try to connect with a wireless client. Just the wireless client by itself has no issues.

    I assumed it had something to do with NAT and GRE, but I never looked into what settings to change to allow two simultaneous VPN connections.
  11. Stach

    Stach Network Guru Member

    Thanks for the suggestion, but after setting the MTU to 1000 on the wireless NIC (using the Cisco MTU utility) I still have no connectivity wirelessly.

    I should also mention that I have turned off QOS and that didn't help either (although that should have impacted my wired connection anyway).

    Please keep the suggestions coming.
  12. paped

    paped LI Guru Member

    I had a similar issue after upgrading to 1.02, but after the upgrade I did not reboot the router. Rebooted the router by accident and after that my vpn connection is working again. Thus if you have not done it for a while, try giving the router a reboot by unpluging at the mains and see what happens......
  13. Stach

    Stach Network Guru Member

    Thanks for the reboot idea, but it still doesn't work after trying that. I'm interested in the versions of the Cisco VPN Client that the successful people are using, maybe that could be it.

    I am unsuccessful in connecting with Cisco VPN Client v4.6.04.0043.

    Also, is anyone using a Vonage adapter behind this (I am)....I know it uses port 10000 as well....just another thought

    Thanks in advance for your help and replies!
  14. dvaskelis

    dvaskelis Network Guru Member

    4.9.01 (0030) for Mac OS X for Windows

    If you have set up a double NAT I'd definitely remove the other gateway router at least as a test.
  15. Stach

    Stach Network Guru Member


    After MANY configuration tests and MUcH reading, I finally found the 2-part solution! For me to get the Cisco VPN Client working via wireless using my builtin Dell 1350 wireless card I had to set the Tomato firmware to DISABLE (uncheck) the "Allow NAT Loopback" under "Advanced -=> Firewall" tab. The second step, which I have never had to do to connect through other wireless network (friends, hotels, etc...) was to go into the "Windows XP Device Manager" settings for my Dell Wireless card (Advanced Tab) and set the Property for "VLAN Priority Support" to DISABLED.

    I can now connect to my work's VPN wirelessly and I hope that this solution will benefit someone else in the future as it has taken a LOT of searching. Thanks to everyone for your suggestions!

  16. mr_infinity

    mr_infinity LI Guru Member

    Stach, thanks for sharing your solution.

    Seems there are pitfalls everywhere you look.

    Live and learn.
  17. scopelliti

    scopelliti Guest

    Ah ha! This is a problem with newer Dell wireless drivers. The workaround (until a fix is developed) is to set the VLAN Priority Support to Disabled. See:
    link on Dell site

    BTW... I am running the standard Linksys firmware.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice