Security

I assumed this was a problem with the user machine until more people started reporting the issue.  The users are able to user their VPN Client successfully for a quite a while but sometimes the connection drops and they have to re-connect with the client.  Their 4G Hotspots work fine with the VPN client as well as other wireless networks.  Any ideas?

What is the client VPN?  What is doing the natting for your guest network?

I would assume a Cisco VPN client.  I believe the Aruba Controller is doing NAT.

We need to be sure on both points as well as the VPN configuration (what port the VPN is operating on) otherwise we probably cannot help.

I will find out, thanks.

Hello Logan

The default config of the Captive portal will just let 443 and 80 port so if your client vpn uses another ports it will not work

If you got Next generation firewall license then you can add other ports to those rules.

 

 

Cheers

Carlos

I would think if this is a firewall issue, users wouldn't be able to connect at all.  That is not the case here.  Users can connect just fine, but the connection drops at random times and they have to re-establish their VPN connectivity.

I have had issues in the past with VPN products not going through an Aruba necessarily, but going through a NAT. I don't mean to point out the obvious but 'traditional ipsec' does not use TCP or UDP hence it can have issues with nat. I know some devices do sometimes use the spi index to overcome this lack of epheremal source ports on ipsec packets.

I guess you have checked the log on the controllers for packet drops right?

Most decent clients nowadays use nat-t (UDP 4500)

Check the data path session table too?

Anyone know if there is a nat timeout value?