Re: Netgear D6400 not working with cisco anyconnect VPN

RiaanStols · ‎2015-10-21

I work from home and use cisco anyconnect VPN to get into my company’s network

I recently upgrade to a Netgear D6400 form a Netgear N300

For some reason when connecting using my new router via VPN it works for +-5min then the connection speeds drops to 0, does not disconnect the client though. This does not happen when swapping back to old Netgear N300.

I also have a second private PC connected to my home network that does not connect via VPN. I have not noticed any drop in connection/speeds on my private PC when the VPN on my work PC starts dying.

I have tried the following:

Reinstalling anyconnect on my work PC

Restarted the router

Enable/Disabled QoS

Disable/Enable Port Scan and DoS Protection

Respond to Ping on Internet Port On/Off

Disable/Enable IGMP Proxying

Switched NAT Filtering to both Secured and Open

Disable/Enable SIP ALG

Upgraded to Firmware V1.0.0.34_1.3.34

I’m running out of ideas, can someone please help.

The best solution I have found so far when searching through other posts on this subject was to return the router and get an Asus.

This is not an option for me as I bought it online and to return it would just be a pain.

Please help!

Babylon5 · ‎2015-10-21

You could try lowering the router MTU, VPN often requires a lower MTU setting e.g. 1400 or 1350 might be worth a try.

Is there any time relative information in the router log when the issue occurs?

RiaanStols · ‎2015-10-27

Thanks for the reply,

changing the MTU setting unfortunatly did not fix the problem, i was also asked by support to reset the router to its default setting which also did not help.

i dont see any usefull information in the log,

[LAN access from remote]
[UPnP set event: Public_UPNP_C5]
[DHCP IP: (192.168.0.5)]
[DHCP IP: (192.168.0.4)]
[Time synchronized with NTP server] Wednesday, Oct 28,2015 05:07:24
[Internet connected] IP address:
[DSL Event] DSL: Up Wednesday, Oct 28,2015 05:07:13
[Initialized, firmware version: V1.0.0.34_1.3.34] Wednesday, Oct 28,2015 05:07:07
[DHCP IP: (192.168.0.5)]
[DHCP IP: (192.168.0.4)]
[DSL Event] DSL: Up Wednesday, Oct 28,2015 05:05:36
[Initialized, firmware version: V1.0.0.34_1.3.34] Wednesday, Oct 28,2015 05:05:31

RiaanStols · ‎2015-10-28

update..

when enabling DDOS protection i see the following log

[DoS attack: Teardrop] attack packets in last 20 sec from ip [196.*.*.*], Wednesday, Oct 28,2015 08:51:18

[196.*.*.*] is my companies VPN server.

If i disable DDOS protection i don't see this log, but the issue remains the same.

I have also now connected my work laptop via LAN and WIFI, but the issue remains the same.

also,
1.The default MTU size on both routers are 1492, so im sure that's not the issue
2.My VPNconnection is DTLS over IPv4

note that on my crappy DGN2200v3 router i have none of these issues no matter if i disable or enable DDOS protection

Babylon5 · ‎2015-10-28

Unfortunately I haven’t got an answer for you but I was wondering if this kind of issue has been reported before and it seems it has, here’s a couple of examples;

https://community.spiceworks.com/topic/110461-cisco-vpn-client-disconnects-every-5-minutes-or-so

https://community.netgear.com/t5/R6000-Series-AC-WiFi-Routers/D6300-VPN-drops-out-after-5-minutes/td...

I will contact Netgear engineers when I get home from work this evening (8 hours from now) to see if they are aware of this problem and hopefully have a solution.

There is an article here about the MTU setting for Anyconnect;

https://supportforums.cisco.com/document/12318216/anyconnect-mtu

And something you might consider trying, for investigation purposes, is setting the DMZ in the router settings to point at the PC in question.

RiaanStols · ‎2016-01-18

does anyone have any new info/answers to this?

thanks for your reply “Babylon5"

Up and till this morning my high-end router home was sitting in my cupboard gathering dust. I decided to give it another try, but after updating to the latest firmware and rebooting the problem is still there.

Searching the web again, the only solution i could find was to buy an assus router.

KeithReardon · ‎2016-04-04

I have the same issue. Same router. In my case the issue is with Cisco VPN phone. The phone reconnects about every 6 minutes when it is idle. I am using Cisco any connect on laptop but have not noticed the issue there. Perhaps the laptop VPN connection does not become idle.

gEdie · ‎2016-05-17

Exact same issue here as well.

Blew the dust my older Billion 7800N and Cisco Anyconnect just works perfectly.

I have tried playing around with all the settings I can think of in the D6400 (DOS, respond to ping, port forwarding UDP 443, tweaking MTU a little) but the connection still keeps resetting every 5 mins.

Is there any debug info I can collect (such as wireshark trace) that might help (I won't be able to get any logs from the server-side corporate network)

sreerajks · ‎2017-07-23

Hi friends,

Is this issue solved? I am facing the same issue for

NETGEAR Nighthawk AC1750 - R6700

Please help!

romuald · ‎2017-08-24

I have the same problem with Netgear D6400 (v1.0.0.60_1.0.60) & CiscoAnyConnect VPN (v. 3.1.05187).
When I use my new Netgear D6400, then I have the same problem as described in this topic.
I use CiscoAnyConnect for the VPN to the company and it stops workinfg after some minutes.
Actually the CiscoAnyConnect shows the status as still connected, nothing in the log, however no new TCP connections are being established through D6400.
The is no such problem via my old Netgear DG834 (just tried as well).

It's a pitty, that spend some money and time on Netgear D6400, trying to renew my home network, and it turned out to be a bad choice.
Sounds lile Netgear did not provide any solution to the other users , who reported this issue since 2015.

By the way:
When I connect to the company via CheckPoint VPN client, then there is no such problem.

Does anybody know the solution other than finding a better router ?

romuald · ‎2017-08-27

I think I've found a solution:

I setup mu company laptop's IP as a "Default DMZ Server" under Advanced/Setup/WANsetup.
After this - seems my CisciAnyConnect VPN to the company stays stable.
You can try it.
What was strange in this case - when I tried to use the Netgear WEB-GUI to update this field via Firefox (v.53.0) - it did'nt work (the change was refused).
When I used InternetExplorer (v.11.540.15063.0), then it worked - the change was accepted), so sounds like a problem with GUI,
on my PC I have WIN10.

mocharules · ‎2018-02-22

Unfortunately changing that setting did not help me! "Default DMZ Server" What other modem/router do you guys recommend? Or any other settings to try??