07-18-2013 04:17 AM
Hi. We have 4 AP 105s. Whenever someone tries to make a VPN connection to a customer the session continually disconnects and then connects again so in other words suffers from timeouts.
When the client uses an Ethernet cable no problem.
THe SSID they are using is set to 5Ghz and allows all protocols.
Any help would be much appreciated. Thanks.
07-18-2013 06:12 AM
Is VPN the only application with problems? When did this first start happening?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
07-18-2013 06:58 AM
Yes its the only application that has issues although the access point in use has serious interference on 2.4Ghz which is why I created the 5Ghz SSID which this user is now using.
08-09-2013 10:27 AM
Im having the same problem. In this case, i have a part of a building where we have contractors and they use my guest open ssid. When they launch their VPN client to home back to base the VPN session drops constantly. This has been happening for a while. I havent done major upgrades on the network in over a year. The access point is a 105 as well and there are a few ap93's around but the clients prefer the 105; they do connect at 5GHz because they're just close enough to the AP they can do that consistantly.
The employee network seems to be stable, we have this same SSID all over the place (500+ offices) over 4 class C networks and this location of 5 to 10 users is the only place having issues. WTHeck!
I suspect that we might have some kind of MTU setting that is wierd. I remember in the cisco VPN client days the MTU had to be reduced at times to work right. I dont know what kind of VPN they have but I think that's my next place to isolate and test from.
11-22-2013 07:03 AM - edited 11-22-2013 07:39 AM
Hello. Just writing to follow up on whether you have discovered a solution to this issue. We have guest clients that share the same experience.
The client will fire up their VPN and exactly 59 seconds later the session will drop/disconnect. In troubleshooting with Aruba, their test was to setup a continuous ping while the VPN opened and subsequently dropped. They claim that the APs are not dropping the session since the extended ping remains alive during testing.
04-24-2014 02:48 PM
Actually yes, I was able to figure this one out.
I was able to fix it. I contact their tech folks and I found out that the VPN client uses standard ports to initiate communications and also to authenticate (443, 4500, 500, etc.) But when it goes into the authenticated role that the protocols uses are ESP and GRE.
I know right? So, in short the initial communication is established over the common IPSEC ports but once authenticated and in order to take advantage of the big pipe facing the internet, they must be able to communicate back to their VPN appliance over the mentioned protocols.
I hope that makes sense, sometimes my mind races with thought and ideas but my fingers write gibberish...