× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

ptigad
Aspirant

Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

Hello,

 

I've tried searching through the discussions/faq's and can't seem to find a solution to my VPN issue.

 

I have a work laptop with Cisco Anyconnect VPN software installed and it can connect to work just fine if I use my old N600 wifi router.  However, my XR500 is blocking something and doesn't allow the laptop to connect.  I grabbed wireshark captures and can't seem to figure out why the newer XR500 won't work.

 

I've tried setting NAT to Open, disable/enable UPnP, enable ping on internet side, all to no avail.  I also just updated to the latest firmware, but it still has no effect. 

 

Anyone have similar issues or know of a solution?

 

Thanks in advance

Model: XR500| Nighthawk Pro Gaming Router
Message 1 of 16
Netduma-Fraser
NetDuma Partner

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

Hello, could you try disabling QoS from Anti-Bufferbloats' 3 line menu please and see if that resolves the issue?
Message 2 of 16
ptigad
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

I've got to wait until this weekend before putting the XR500 back into service and testing it out.  I'll let you know how it goes.

Model: XR500| Nighthawk Pro Gaming Router
Message 3 of 16
BanditMask
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

I had the same problem. I found that the Hybrid VPN was switched on with no config. I turned it off and also turned off all QOS and could connect.

Message 4 of 16
ptigad
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

Well, it seems to be fixed now.  Not quite sure what exactly fixed it.  I went through a number if iterations since it didn't want to pick up an IP from my cable modem.  The steps I took were (mostly):

 

    - Turn off all QOS

    - Disable all Hybrid VPN

    - Enable ping from outside

    - Backup settings

    - Reset to factory

    - Restore settings

 

Along the way, I had to do multiple power cycles of both the XR500 as well as my cable modem and it finally picked up an IP.  I can now connect to my work VPN using Cisco AnyConnect 🙂

 

Thanks for all the help

Model: XR500| Nighthawk Pro Gaming Router
Message 5 of 16
FURRYe38
Guru

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

What is the Mfr and model# of the ISP modem the NG router is connected too?


@ptigad wrote:

Well, it seems to be fixed now.  Not quite sure what exactly fixed it.  I went through a number if iterations since it didn't want to pick up an IP from my cable modem.  The steps I took were (mostly):

 

    - Turn off all QOS

    - Disable all Hybrid VPN

    - Enable ping from outside

    - Backup settings

    - Reset to factory

    - Restore settings

 

Along the way, I had to do multiple power cycles of both the XR500 as well as my cable modem and it finally picked up an IP.  I can now connect to my work VPN using Cisco AnyConnect 🙂

 

Thanks for all the help


 

Message 6 of 16
Netduma_Jack
NetDuma Partner

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

I suspect it was disabling QoS. Good to hear you fixed it though.

Message 7 of 16
ptigad
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

I can't provide a model number at the moment, but it's also a Netgear.

Message 8 of 16
FURRYe38
Guru

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

Please let us know. Will be  C, D, or a CM####


@ptigad wrote:

I can't provide a model number at the moment, but it's also a Netgear.


 

Message 9 of 16
ptigad
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

Hello,

 

I just checked the model number of my cable modem and it is a CM400.

 

Thanks

Message 10 of 16
bschollnick
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

I'm having the same issue with Cisco AnyConnect VPN not working with the XR500, and Firmware v2.3.2.56?

 

I've connected Netgear, and they are looking into it, but it's strange that I can find quite a few threads regarding NetDuma OS not working nicely with Cisco AnyConnect...

 

One observation in my case, Cisco AnyConnect (Macintosh) works fine.  Cisco AnyConnect (Windows 10-64bit) does not work.

 

The Windows version reports:

  • Connection Attempt has failed (error in response data)
  • The AnyConnect Client service is not responding.  A VPN Connection Cannot be established.

If I bypass the router, and go directly to the cable mode, AnyConnect Windows works fine.

 

From this thread, we know this has been investigated at least as early as 2019-03-14?  Any chance that NetDuma has some better information or a more updated Firmware that Netgear hasn't released yet?

Model: XR500|Nighthawk Pro Gaming Router
Message 11 of 16
Netduma_Alex
NetDuma Partner

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

No sadly not. I imagine this issue has something to do with UPnP not facilitating the connection correctly. Maybe some manual port forwarding is required?

Message 12 of 16
bschollnick
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work


@Netduma_Alex wrote:

No sadly not. I imagine this issue has something to do with UPnP not facilitating the connection correctly. Maybe some manual port forwarding is required?


Well, turning off QOS immediately resolves the issue, and allows Cisco AnyConnect to work fine.  The UPNP settings appear to have no affect, regarding this issue. 

 

By Turning off QOS, I mean turning off QOS, Hamburger Menu, Turn off QOS.

 

I have tried setting up Triggers, etc for Port 443, which is the only port that Cisco AnyConnect needs, and had no resolution (other than turning off QOS).

 

And to stress again, this applies only to the Windows version of Cisco AnyConnect.  The Macintosh version worked fine, even with QOS enabled.

 

So as mentioned above in this thread, QOS Appears to be the culprit, for a Pro Level router, QOS shouldn't be breaking a work related function such as VPN.

 

When is this going to be investigated, and resolved?  This was reported 6 months ago, and disabling QOS to be able to use a VPN, doesn't seem like a acceptable long term solution.

 

Why should VPN users not be able to use QOS?

 

This is especially a concern for me, since I purchased this specifically for the NetDuma OS.  I was impressed by the LTT coverage of it, and specifically stepped up to this model because of it.

That being said, it's now a liablity since I can't throw an alternative firmware up onto the unit.

 

Sorry, this turned a bit ranty, but I'm having flashbacks here to the Portal Router, which I backed, and wasn't supported with decent firmware upgrades.  When it worked, it was great, but I bought NetGear because I expected that issues like this wouldn't happen, and if they did, they would be resolved in a timely manner.

 

Not being able to use QOS & a external VPN, seems like a problem that should be fixed in a timely manner.

Model: XR500|Nighthawk Pro Gaming Router
Message 13 of 16
Netduma_Alex
NetDuma Partner

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

I agree that this is a problem but in my experience most of our customers use Hybrid-VPN instead of a VPN on their devices. The advantages to this are obvious, especially when it comes to gaming performance. Not to mention, Hybrid-VPN works with consoles.

 

As a gaming focused product, our primary concern is with Hybrid-VPN rather than the compability of desktop based business VPNs. That said, as you know, we are aware of this problem and we will be working to fix it.

Message 14 of 16
bschollnick
Aspirant

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work


@Netduma_Alex wrote:

I agree that this is a problem but in my experience most of our customers use Hybrid-VPN instead of a VPN on their devices. The advantages to this are obvious, especially when it comes to gaming performance. Not to mention, Hybrid-VPN works with consoles.

 

As a gaming focused product, our primary concern is with Hybrid-VPN rather than the compability of desktop based business VPNs. That said, as you know, we are aware of this problem and we will be working to fix it.


While this is a Professional and Gaming router, I don't see how the Hybrid VPN solves or helps the most normal situation where a single user needs to VPN into Work.

 

If there is a way that could assist here to, then please elaborate, I'm always open to learning more about my hardware....

 

But Hybrid VPN, as I understand solves the issue of splitting your traffic between the VPN and non-VPN traffic (eg. Gaming is non-vpn and routed outside of the VPN, whereas email maybe in the VPN).

 

But in this case, I have to use this specific software for work.  If I can't make a VPN connect while I am primary on-call then I'm not doing my job.

 

A Professional grade router, should support this functionality. 

 

And you do.  There is no issue with the Macintosh version of the AnyConnect software.  I've seen notes where it did have an issue, and it was patched/fixed.  Someone just didn't test with the Windows version, I suspect.

 

The Hybrid VPN is a nice idea, but I have to use an endpoint that is on *my* computer, not the router. 

 

Professionals use your hardware as well as gamers...

Model: XR500|Nighthawk Pro Gaming Router
Message 15 of 16
Netduma-Fraser
NetDuma Partner

Re: Cisco Anyconnect VPN - WNDR3700 works - Nighthawk XR500 doesn't work

Could you enable QoS again but then disable Traffic Prioritization - removing any manual rules and disable DumaOS Classified Games please as this may be dropping packets.
Message 16 of 16
Discussion stats
  • 15 replies
  • 4546 views
  • 0 kudos
  • 7 in conversation
Announcements

Orbi WiFi 7