VPN over wireless broadband

Hello,
We are trying to connect remote laptops using wireless broadband into our network through our VPN.  We are having issues with some of the laptops staying connected.  All of these laptops have identical hardware and have all been cloned from the same image.  I am guessing the problem stems from some type of temporary lost signal so the VPN disconnects the client.  Is there some type of setting on the ASA which will make it more forgiving of a client which loses a signal and doesnt communicate for a small amount of time?  We have some users who are able to stay connected for their entire 12 hour shift and others who can't stay connected for more than 5-20 minutes.  Any assistance, tips, tricks, ideas...will be greatly appreciated!

Thanks in advance
turtletraxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael WorshamStaff Infrastructure ArchitectCommented:
Who is your WWAN provider and what WWAN card are you using?
0
stuknhawaiiCommented:
Idle connections are closed after the time specified by the timeout conn command.
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0
0
turtletraxAuthor Commented:
We are using an embedded Sierra wireless card in a Panasonic Toughbook over the Verizon netwok.  

Our timeout conn command is as follows:
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

stuknhawaiiCommented:
I would double the times in the timeout conn command and see if that helps.
0
turtletraxAuthor Commented:
One other thing I should mention is when these Toughbooks are connected to a cabled connection through a different ISP (Qwest DSL or Bresnan Broadband) they are rock solid and never disconnect.  I'll try doubling the times in the timeout conn command to see if it helps.

Thanks
0
Michael WorshamStaff Infrastructure ArchitectCommented:
I found this article about the Verizon WWAN broadband service and EV-DO cards...

"Besides the steep price, the only other shortcoming is the fact that BroadbandAccess is incompatible with Ciscos VPN client. I saw nothing in the contract information that prevents VPN access. Probably because the EV-DO card is more akin to a modem than a network adapter, Ciscos VPN doesnt seem to recognize it."

http://blog.scotsnewsletter.com/2007/06/05/review-verizon-broadbandaccess-wwanwireless-service/
0
turtletraxAuthor Commented:
The part which is so baffeling to this whole situation is we had about 60 of these Toughbooks running and stable for 2 months before we started having problems.  Before the 60 we had 2 of them in place for 6 months that we used for testing and they worked perfectly.  Last Thursday is when all of the problems started.  Our tech called Verizon tech support on that day and they stated they were having issues with data cards that had static IP's (which ours do).  We also heard there were cell phone issues as they had done a big upgrade to their system.  After speaking to our Verizon reps they stated we were given bad information and they have had no problems.  It would be nice to know if they did have problems that somehow affected our access but at this point I dont think that is going to happen.

Last night we tested 4 of the Toughbooks from our home ISP's and all 4 were rock solid being on the network via cat5.  The wirelss connection is definitely what is causing the VPN to disconnect.  I am now faced with finding some type of fix to make them work again since they did work before.  

Thanks for all your comments
0
Michael WorshamStaff Infrastructure ArchitectCommented:
Have you made any changes to your VPN network infrastructure? i.e. firmware upgrades, ASA firewall settings, etc.
0
turtletraxAuthor Commented:
The only change was we removed split tunneling.  When we thought that might have been the cause we put it back but it still didn't help.  After doing alot of research on the problem we've found where Verizon doesn't support split tunneling anyway.
0
turtletraxAuthor Commented:
Cisco TAC found the solution.  THere was a previously known conflict between the Sierra Wireless card we are using and the 4.8 version of the Cisco VPN client software.  We uninstalled 4.8 and reinstalled the 4.6 version of the Cisco VPN client software and all works great now.  Thanks to all for your time.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.