FlyerTalk Forums - VPN Access On-the-road

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)

- Travel Technology (https://www.flyertalk.com/forum/travel-technology-169/)

- - VPN Access On-the-road (https://www.flyertalk.com/forum/travel-technology/316806-vpn-access-road.html)

macguy

Apr 27, 2004 7:07 pm

VPN Access On-the-road

I'm a consultant with several small accounts and two large ones. Both of my large clients have Cisco network equpment and provide access for me to their corporate resources using a VPN.

With client one, who use a Cisco 3000 series appliance, the IPSec connection is over TCP and it works like a champ. Client two, a large technology company, uses a Cisco 7000 series router and provides IPSec over UDP. That connection seems to time out after about 15 minutes. I've talked to the companies internal Cisco guy, and have had long conversations with a router SE at Cisco. There claim is that UDP is an "industry standard" and that because most hotel networks and access points provide services through NAT/DHCP, there is no way to reliably connect to the VPN. This sounds like an excuse to me.

Any traveling net geeks amoung the faithful who can offer advice on this one?

Regards,
Dave

NickP 1K

Apr 28, 2004 4:43 pm

We're using TCP and we have a very secure implementation...

Has your IT team considered using TCP + a cypher key... The CISCO VPN client supports them pretty well

winkydink

Apr 28, 2004 5:07 pm

You can point out to them that UDP does not guarantee delivery of the packets, unlike TCP. When you lose UDP packets, they're gone. TCP retransmits.

GadgetFreak

Apr 28, 2004 8:12 pm

Im not exactly sure what the question is. But I can say that we have a Cisco 3000 and I use Win2K, MacOSX, and PPC2002 VPN clients on WiFi and wired connections on the Win2K and MacOSX without any trouble most places I go. Im almost certain they all use DHCP. I have run into a few places where wireless would work but I couldnt get VPN to work. These are a great minority in my experience.

stimpy

Apr 29, 2004 7:44 am

Some NAT devices can handle UDP automatically, and some have to be programmed to do the portmapping. Also it depends on the protocol. Some protocols like FTP have to have special NAT handling since ports are exchanged inside the data stream. I'm guessing that is your problem.

NickP 1K

Apr 29, 2004 10:22 pm

If this guy insisits on UDP... make him travel on the road... He'll change his tune...

ClueByFour

Apr 29, 2004 10:56 pm

Cisco's UDP over NAT and NAT-T implementations work pretty well in the 3000 series with a recent client.

Not that you would actually want to do it, mind you, but it does work.

NickP 1K

Apr 29, 2004 11:32 pm

The problems is many routers along the path may have issues with UDP packets... no-resend; hence you're hosed.

UDP is not good for VPN in a variable network config (e.g. someone on the road)

All times are GMT -6. The time now is 7:18 am.

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.