VPN problems with MiFi 4620 - help!

soaringdude
Member

I just got my MiFi 4620 and it is absolutely amazing how fast it is. I tested it at home and got on the network, VPN to work and connected with no problems. I hit the road and now I realized that while the VPN connection works and it establishes the VPN session, I can't access anything on my work network (as a matter of fact after VPN is setup, I can't even connect to the MiFi admin page locally).  I have been tweaking things and looking over all configuration and everything seems to be correct.  Any ideas?

BTW, I am running the native VPN client on a Mac.  MTU is set to auto (1500), VPN passs through is enabled, port filtering is off.  And if I switch to a local WiFi (e.g. starbucks), VPN works just fine.

Re: VPN problems with MiFi 4620 - help!

eppie
Member

I just posted the same issue with my Mifi, except that its the 4510. Internet while connected to Mifi works good, but no functionality when I connect to my work Cisco VPN. No internet, nothing.

Please tell me you have found a solution for this!!

0 Likes

Re: VPN problems with MiFi 4620 - help!

evdotech
Novice

Make sure when configuring for VPN you set the following:

Phase1
EA: 3DES
IA: SHA1
DH: Group 1
28800 Seconds

Phase 2
EA: 3DES
IA: SHA1
3600 Key
No PFS

0 Likes

Re: VPN problems with MiFi 4620 - help!

eppie
Member

evdotech, thanks for your help and excuse my ignorance, but are these VPN settings or Wifi Device settings? Where would I locate these configurations to change them? I do not see these config settings to change in either my Cisco or Wifi settings/preferences. Sorry to bother you but that would really help me out.

Thanks

0 Likes

Re: VPN problems with MiFi 4620 - help!

John_Getzke
Leader

MiFi's should be compatible with Cisco VPN's.  I use both the 4510L and the 4620L with 2 flavors of Cisco.  No extra configuration is necessary for any of them.  Not sure about the default Mac VPN, never had a chance to confirm that one.

A little tidbit about VPN's.  When you enable a VPN tunnel back to your work you are effectively removing yourself from your local network.  That means that any local network devices like webcams, printers or router admin pages will not be accessible while the VPN is engaged. 

Given the tidbit from above your regular internet traffic should be working fine while VPN connected.  If your VPN is up and wordking but your traffic is not flowing through then there is most likely a proxy setting getting in the way.  In other words your machine is shooting its requests to an area that does not likely exist while on the VPN.  I'd suggest contacting the owner of your VPN to see what settings need to be enabled on your machine in order to communicate over the VPN.  Once you have the right settings configured everything should work.

0 Likes

Re: VPN problems with MiFi 4620 - help!

asoroudi
Member

I have been having the same issues, but with all my companies Windows XP/7  laptops. We have15 4510 mifi units, accessing VPN through Cisco VPN ipsec; no issues

We bought 2 new 4620L Mifi, both of them with the same issue; won't connect through the Cisco ipsec VPN. We were told a firmware update is coming to fix the issue for 6 months, & firmware 3.20.11 was recently released. We updatde both Mifi 4620L units, neither works.

This is the exact line from the release notes for firmware 3.20.11; so there obviously is a known issue, which even though it says it fixes, it hasn't (for over 8 months now!!!!)

"-Now able to connect to a VPN server when using IPSec over TCP"

Verizon tech support has no clue & they keep putting me transferring me to the manufacturer of the mifi, which is Novatel. They keep telling me Verizon will release a new firmware & pass me back to Verizon.

We can't be the only ones having this issue. Anyone else with ipsec VPN issues with the 4620L? Again, on the same exact laptops, the 4510L's work fine.

I don't recommend anyone buy the 4620L mifi from Verizon until they have resolved their issues.

0 Likes

Re: VPN problems with MiFi 4620 - help!

John_Getzke
Leader

What error messages are you recieving from Cisco IPSec VPN?  Perhaps those errors will shed some light about what is going on.  Cisco might be able to help you isolate the error message to a few possible causes too.

Something that I bump into from time to time is the Win7 network detection process.  If Win7 has multiple network adapters enabled at the same time it might be making a wrong decision about its connection status and send requests to the wrong location.  I would try shutting down any extra adapters on one of your machines and try again.  All you should need enabled is the wireless and the cisco adapter.

Re: VPN problems with MiFi 4620 - help!

John_Getzke
Leader

Another thread mentioned this link by Cisco:

https://supportforums.cisco.com/docs/DOC-17314

Its worth a look, share it with your Network Admin if you do not have the permissions necessary to complete the steps. We happen to have our Cisco ASA configured correctly to allow the VPN traffic through Verizon. 

0 Likes

Re: VPN problems with MiFi 4620 - help!

asoroudi
Member

Thx for the replies John;

However, this is not a Cisco nor Windows 7 issue. Please see my previous post. All of our other Verizon, including other Novatel Mifi 4510 devices work fine. On the 4620, it doesn't even connect (you get a normal Cisco VPN client message saying unable to connect). On the same exact laptop, 4510 connects just fine. I have tested this on 15 laptops - same exact issue (I am the CIO).

It is a known issue on Verizon's side. They actually released a firmware a couple of weeks ago trying to fix it, which they didn't. In the release notes, it specifcially says:

"-Now able to connect to a VPN server when using IPSec over TCP"


Anyone else with any help or having the same issue (the issue is that it doesn't connect at all, not that it connects but has issues with the network resources).

Thx

0 Likes

Re: VPN problems with MiFi 4620 - help!

John_Getzke
Leader

asoroudi wrote:

They actually released a firmware a couple of weeks ago trying to fix it, which they didn't. In the release notes, it specifcially says:

"-Now able to connect to a VPN server when using IPSec over TCP"

I agree. I haven't seen any firmware updates for the 4510L or 4620L.  Can't seem to find the firmware notes for this device anymore but what you posted sounds familliar. 

This wouldn't be the first time that the new VZW NAT network and devices has blocked legacy technology.  There are tons of complaints about anyone who needs unique IP's that are just out of luck.  If reconfiguration of your Cisco ASA is not an option then this will have to be chalked up as a limitation.  It will be interesting to see how the next MiFi device behaves.

Like I said before, we use Cisco IPSec (V5.0.0.7) and it works fine with both the Mifi 4510L and 4620L.  However, we happen to be using that client on Win7 over UDP.

0 Likes