Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
John_Getzke
Champion - Level 1

TDC,

I can confirm for you that VPN connections do work on the 4G LTE network, even when a public IP address is not provided.  We use both the Cisco IPSec and Cisco SSL VPN's with no issues.  Everthing is the same for us as it was on the 3G only devices.

You, or your administrators, should be able to configure your VPN clients to work with the VZW network.  Another Cisco VPN user commented that he needed to enable a feature called NAT-Traversal to get his VPN to work. 

MiFi - Cisco IPSec VPN connection blocked once connected:

https://community.verizonwireless.com/thread/771300

Feel free to share which VPN client you are using so we can document any new limitations.

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
tdc20009
Newbie

John,

Thank you. Using the built-in Mac OSX Lion Cisco client. If you can figure out how to configure that client to work properly with your network let me know.

Until then, like the others on this discussion, I can confirm that VPN clients like this one do not work with this adapter, and they work with every other adapter I use, including T-Mobile's 4G laptop stick (that's my backup for the Verizon LTE device).

I am not a VPN administrator and I do not have access to configure NAT-Traversal, and it's not clear to me why I need to be one to use this device when I don't need to reconfigure anything for your competitors adapters. They just work.

I have been hoping to have a resolution so I can make the jump to LTE, if you can provide guidance I would definitely appreciate it.

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
John_Getzke
Champion - Level 1

tdc20009 wrote:

I am not a VPN administrator and I do not have access to configure NAT-Traversal, and it's not clear to me why I need to be one to use this device when I don't need to reconfigure anything for your competitors adapters. They just work.

Unfortunetly this is the nature of the beast with Verizons 4G LTE network.  NAT interferes with many of the services which we have taken for granted on the old non-SIM/3G only network.  Other wireless providers will work because they are not hiding behind a NAT firewall, or thiers happen to not interfere with the VPN connection.

Start a ticket with your IT admins and have them resolve the issue for you.  You wont be able to do this on your own.  Point them to this thread and the other one I linked you to for more details.  Once they know where the problem is they should be able to resolve it or open a ticket with Cisco to configure around the problem.

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
tdc20009
Newbie

John,

Thank you. I will try.

Does this affect all Macintosh users globally, i.e. any of them who choose Verizon LTE will not be able to use the service to connect to VPN without bringing their IT department to fix something on their end?

Are there no options on Mac clients to make this work with your version of LTE where it does work with your competitors?

Are there any other Macintosh users out there who are experiencing similar problems?

I think this is a strange thing to discover only after using the network (ie. it is not advertised as "doesn't work with VPN out of the box"), and also on this forum, after going through many levels of technical support.

Last Q, it sounds like this is not just an issue for Macintosh users. How are PC users faring with this problem?

I think users are trying to understand the difference in friction between using this LTE versus another that doesn't have this built-in issue. Anything you can do to lessen that will make the choice to stay easier. Thank you for any additional information.

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
John_Getzke
Champion - Level 1

Before I say too much lets isolate your issue a little more.  A simple test would be to visit a VZW store and try out another mobile broadband device. 

If your problem is re-createable with another 4G LTE device then the problem is with your Cisco VPN configuration.  Tell your IT admins to look into it as they should be able to reproduce the problem on thier own.  If the VPN cannot be configured around new devices then you know for sure that VZW will not work for you.   

If you cannot re-create the problem on another device then there is an issue with the UML290.  Have VZW swap out the device with a replacement or different model of equal value for free.  Should no other device meet your requirements except the UML290 then you can feel confident leaving VZW for technical reasons. 

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
John_Getzke
Champion - Level 1

Here are some other solutions posted to the forums which may apply to your situation.

Shrew Soft VPN wont connect through 4G LTE:
https://community.verizonwireless.com/message/537358#537358
- Need to check version and possibly downgrade the firmware

4G LTE and cisco AnyConnect VPN
https://community.verizonwireless.com/message/533690#533690
- No solution except swap devices

UML290 USB Modem 4G
https://community.verizonwireless.com/message/369742#369742
- Enable VPN passthrough on the UML290

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
tdc20009
Newbie

Hi John,

I followed up on the internal IT ticket and as expected, they are not going to make the change just to accommodate the Verizon network issues. Their workaround is to use the modem only in 3G mode, which of course defeats the purpose of LTE in the first place.

I think your assessment that " then you know for sure that VZW will not work for you.   " is probably correct for myself and others in this situation. I'll leave my links up so others can understand this problem as it is common.

I did receive a callback from Verizon tech support and they understand the problem and will be following up with Cisco. Of note, the Cisco tech note advises that another workaround is to use Sprint 4g -> https://supportforums.cisco.com/docs/DOC-17314

If this is fixed in the next 30 or 60 days please post here, thank you!

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
John_Getzke
Champion - Level 1

We'll it is comforting to know that everyone has agreed on the same problem and solutions.  The responses seem to be consistent between VZW, Cisco and the forum users.  Its funny that Cisco suggests using Sprint as a possible work around.  I wouldn't put any salt behind VZW's promise to resolve the issue on thier side. 

Its too bad your IT Admins are not willing to reconfigure thier VPN device for you.  Your company must have a very specific reason as to why they do not want to enable NAT-T or any of the other configuration work arounds.  If that is thier decision then we will have to respect it for now.

I can tell you that switching your device to 3G only will not correct the problem anyways.  Your UML290 has a SIM card which means it will always be on the new network, despite which mode it is in.  Only an old GSM/Non-SIM device can serve as a true work around when it comes to VZW devices and your VPN issue.   

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
tdc20009
Newbie

John,

You've been very helpful, I appreciate it. Do you work for Verizon? You've provided the best information I have received so far.

I think it's too bad that Verizon wouldn't look at this and say, "every other adapter our potential customers use with our competitors networks work, ours is the only one that doesn't, maybe we should conform to the rest of the world."

From the corporate IT perspective, it doesn't make sense that they would potentially compromise their setup to accommodate just one vendor, because switching costs are so low, it's just easier to move people to the other 95% of vendors who don't exhibit this problem. I have to say I'm sympathetic to their situation.

The comment I received in my help ticket is that "this is new technology" which means I assume it will be ironed out over time. It's a reminder that sometimes things marketed as fully baked are really not. And, in the era of social media, nice that we can discuss it here so people can learn and fix things.

Thanks for the heads up about 3G as well.

0 Likes
Re: MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
John_Getzke
Champion - Level 1

I am not associated with Verizon in any way.  Contributing to the VZW forums simply fills a passion of mine to troubleshoot networking problems and learn about new technologies.  It is certainly in VZW's best interest to supply us with a forum so that we can resolve issues on our own and get real answers from time to time. 

0 Likes