Correct answer: Community Forums - Cisco VPN won't connect via FiOS

tech_struggler · ‎03-27-2010

Smooth sailing for years w/ my Cisco VPN and FiOS. Now, all of a sudden, I can't connect. No problems connecting VPN elsewhere. After spending a couple of hours doing some troubleshooting and research, the only thing that looks like it may be a possible solution is to switch my ONT from coax to ethernet. That seems ridiculous? Why would FiOS (or my Actiontec router, perhaps) treat an ethernet connection differently than it treats a coax connection??? Actiontec M1424-WR rev. C Firmware: 4.0.16.1.56.0.10.11.6 Does anyone have any info re: a solution? Thank you!

tech_struggler · ‎03-30-2010

Fixed! So that anyone searching for a solution finds this, I'm going to re-state the problem and the solution...

Problem: an existing FiOS installation using coax (coaxial cable) works flawlessly with Cisco VPN for two years. Then, all of a sudden, the VPN client can no longer connect. The exact error message from the Notifications tab of the VPN control panel: "Reason 412: the remote peer is no longer responding".

Router: Actiontec M1424-WR rev. C running firmware 4.0.16.1.56.0.10.11.6

Solution: re-provision FiOS service to Ethernet from coax, powercycle Actiontec.

Proof that it's a FiOS/Actiontec problem:

1) Restore Actiontec router to factory default (hard reset).

2) Connect to Internet w/o VPN. Success.

3) Connect via VPN using Actiontec provisioned for coax. Fails.

4) Technician installs Ethernet and I powercycle router. No other changes made -- didn't even re-start VPN client.

5) I click Connect button on VPN client and the VPN client connects flawlessly.

While I did not account for all variables like cosmic rays, a Verizon network specialist playing a prank on me or an intermittent hardware problem that randomly occurs (and doesn't occur) at all the right times, I'm going to posit that either FiOS Ethernet and coax behave differently, or the Actiontec behaves differently.

My (excellent) technician was equally convinced, and called his office -- no charge for the installation!

Do Verizon employees read posts on this forum? How do I get the info to Verizon tech support folks (especially the guy I talked to yesterday who was 100% sure that this wouldn't fix the problem)? I'd hate for anyone else get the bad tech support that I recv'd.

Thanks to all of you for your help and advice!

Mike

View solution in original post

Bob_Robertson · ‎03-27-2010

@tech_struggler wrote:
Why would FiOS (or my Actiontec router, perhaps) treat an ethernet connection differently than it treats a coax connection???

it should not

perhaps some more details on the issue, could possibly shed some more light on the cause....

like the error that you get, for starters..... and anything that you may have done to resolve the issue...

mahopacnymommy1 · ‎03-27-2010

I have also been having recent problems using Cisco VPN with my FiOS router (MI424WR). I have 3 PCs at home - a personal desktop using Vista, an 2 company laptops using XP. Both laptops connect via VPN using Cisco Clean Access Agent. The older laptop - a Dell is fine. The new one (HP) is the one with the issues. Other PCs including a personal laptop also are fine. On the one in trouble - the error mesages are cannot connect - the algorithim isdifferent between the client & server. Have also received messages re: HTTPS, FTTP, and firewall. On the Dell the windows firewall is disabled. On the HP it is enabled. I cannot change it - no access due to group settings. In addition - I have been having major problems with Outlook - primarily on the new laptop. Constantly - tries to receive messages from the server - locking everything else up in the process. The new laptop was just reimaged, however the problems persist.

Any ideas?

dslr595148 · ‎03-28-2010

My educated guess: Small/Tiny NAT Table of the router.

See as need be http://www.dslreports.com/faq/16233

Bob_Robertson · ‎03-28-2010

@dslr595148 wrote:
My educated guess: Small/Tiny NAT Table of the router.
See as need be http://www.dslreports.com/faq/16233

doubtful, given the circumstances... but anything is possible, and you loooove to throw that tiny NAT table link around 😛

either way.. a good thing to try.... reset the rotuer to defaults, reconfigure your any specific settings related to the VPN.. and try again

Best o luck

tech_struggler · ‎03-28-2010

dslr595148, thanks -- but it's not the NAT table. BTW, some Googling indicates that there is a new revision of the firmware available. I tried the upgrade feature, but it tells me I'm already using the latest and greatest (the one I listed above). Maybe the upgrade is being delivered regionally, or perhaps they backed off. Bob, the specific error is "Reason 412: the remote peer is no longer responding". It takes about five seconds (according to the log timestamps) to fail. Your idea re: a hard reset of the router is worth a try. I have a backup of the config, so it's relatively easy to try. Thanks much -- I'll report back. I just can't believe I have to replace my coax w/ ethernet. That's ridiculous.

spacedebris · ‎03-29-2010

If I understood correctly. You have several computers. Only one of which cannot connect. Correct?

If so, then it is something to do with that computer itself. If it was the router or network, then none of the computers would connect.

Having said that, you also said that you had no access to the HP firewall. I would suggest that is your problem. Likely an update to windows or the firewall blocked your access and you need to get into the firewall to unblock your systems.

Assuming I read your post correctly.

tech_struggler · ‎03-29-2010

The saga continues. Spoke w/ 5 Verizon employees today. They ranged from extremely, unbelievably nice -- to just plain bad.

My adventure included one dropped call after 45 mins of hold -- w/ the unbelievably nice rep, unfortunately. And, another rep abandoned my call while on hold for tech support -- though he promised to stay w/ me.

Anyway, scheduled to get ethernet tomorrow. I'll test the VPN on the coax just before -- and watch it fail.

Then, after the ethernet hookup -- and w/o touching either the laptop or my Actiontec (except for a power cycle), hopefully watch the VPN succeed.

If that's the case, I'll ask Verizon to refund my $79.99 installation fee.

I'll post back and let everyone know how it all turned out.

prisaz · ‎03-30-2010

@tech_struggler wrote:
The saga continues. Spoke w/ 5 Verizon employees today. They ranged from extremely, unbelievably nice -- to just plain bad.
My adventure included one dropped call after 45 mins of hold -- w/ the unbelievably nice rep, unfortunately. And, another rep abandoned my call while on hold for tech support -- though he promised to stay w/ me.
Anyway, scheduled to get ethernet tomorrow. I'll test the VPN on the coax just before -- and watch it fail.
Then, after the ethernet hookup -- and w/o touching either the laptop or my Actiontec (except for a power cycle), hopefully watch the VPN succeed.
If that's the case, I'll ask Verizon to refund my $79.99 installation fee.
I'll post back and let everyone know how it all turned out.

If you can get a CAT 5 cable from your router to your ONT. You do not require them to come out, thus avoiding any $79 truck roll fee. The switch of the ONT is something they can do from the fiber solutions office. It only requires a work order be entered into the system. Verizon used to do this while you were on the phone with them. Sorry you had to schedule a tech visit. Any electrician or do it your self can run the Ethernet cable. Sorry this response was a little late. Perhaps you can do this and cancle the call. If there is a work order to make the switch, call fiber solutions tell them and have them make the change. Then cancel the truck roll. The tech should call before they come. Unless you want to pay Verizon to run the Ethernet cable. If they do the work you will need to pay them.

You can also use your Cisco router as the primary and the connect the Verizon router into the LAN on the Cisco. Not supported but it works. My Verizon router is a bridge only with no WAN connection. Only lan to lan with the Verizon router set to 192.168.1.2 and DHCP turned off. Primary router is a Linux box.

I believe depending on your set up the router acting as a VPN endpoint, it needs to use the remote LAN as the default gateway. This could be an issue for MOCA and if you have a STB on the coax depending on the remote LAN. I remember when I would use VPN from my laptop it would disable any Internet access from the local lan and all would be router throught the remote lan's default gateway. I guess it all depends on the security setup.

tech_struggler · ‎03-30-2010

Thanks much for responding, prisaz. Here's the scoop:

If you can get a CAT 5 cable from your router to your ONT. You do not require them to come out, thus avoiding any $79 truck roll fee.

I can -- but I'd have to find a place to cut a custom length of Cat5 cable and terminate the ends for me. So, I decided to just pay the $80 up front and then fight over the fee once I prove (assuming I prove) that the only change to my config necessary to get this to work is an Ethernet cable and a power cycle.

The switch of the ONT is something they can do from the fiber solutions office.

Right -- they will still do this for free. After a 60 minute hold time (guess), a network person can do this for me in about three minutes (according to level 2 support).

You can also use your Cisco router as the primary and the connect the Verizon router into the LAN on the Cisco. Not supported but it works. My Verizon router is a bridge only with no WAN connection. Only lan to lan with the Verizon router set to 192.168.1.2 and DHCP turned off. Primary router is a Linux box.

I think my final config will be a Linksys WRT54G w/ the Actiontec hanging off the Linksys so I can keep the MOCA working. The level 2 guy said it should work. I've been doing the reverse up to now. When I first set it up two years ago, putting the Actiontec into bridge mode looked tricky -- so I have just been living w/ double NAT. [At 20/5, soon to increase to 25/25 for all 20/5 customers, double NAT is meaningless!]

I believe depending on your set up the router acting as a VPN endpoint, it needs to use the remote LAN as the default gateway. This could be an issue for MOCA and if you have a STB on the coax depending on the remote LAN. I remember when I would use VPN from my laptop it would disable any Internet access from the local lan and all would be router throught the remote lan's default gateway. I guess it all depends on the security setup.

My wife's work laptop (the reason for this issue in the first place) is locked down -- even her IT support person can't touch the firewall or VPN stuff (don't get me going on a rant!). I'm crossing my fingers that I don't run into any issues w/ the MOCA like you did!

Thanks again!

Discussions

Mobile

5G / LTE Home Internet

Fios

Accessories

Entertainment

Level Up

Help

Tutorials

Archives

Add thoughts to the community

Browse discussions within categories