Saturday, May 12, 2012

Wireless Data Cards (Sierra Wireless 313U) and Cisco AnyConnect VPN - Solved!!

Just got a brand new AT&T USBConnect Momentum 4G LTE data card by Sierra Wireless. Setup was straight forward and i was connected in no time. The ATT Communications Manager application installs by itself (MAC/Win7).


I started playing with the card and the first thing i tried was my corporate VPN via Cisco AnyConnect. What do i find???? No matter what i tried, restart, reinstall, Sierra Wireless Air Card Watcher, nothing would work. It would go as far as the last step and give me the following error


"The VPN client was unable to modify the ip forwarding table...."
"AnyConnect was not able to establish a connection to the specified secure gateway..."


There was no way for me to connect to the Cisco VPN using the data card. So i tried investigating online. People talk about various ways they have tried but no luck. There is an inherent problem with the security in Cisco and the way the data is handled via a wireless card using WWAN. After wasting a lot of time and effort, i stumbled across few posts which talk about using the Native Interface for connection or have some sort of NDIS drivers. Being a MAC user, it was a nightmare to find any drivers.. let alone the setups and configuration instructions. I even called AT&T and got the usual answer about the lack of support for VPN and especially MAC OSX (Hope APPLE is listening...) and was asked to contact my local cop orate IT.


Started playing around and finally got VPN to work on my data card. I think the approach is device agnostic so should work with any data card on probably any operating system as long as you know how to go about creating a Dial-Up Networking (DUN) interface. I am mentioning the steps for MAC OSX LION 10.7.4 but same steps can be followed for WIN7 or LINUX.

  1. The first and foremost thing is that you make sure that your initial install of the card doesn't have issues and installs the following network interfaces
    • direct IP (Its just the name of the interface at least on my MAC) - This is the basic network interface required by the AirCard Watcher or ATT Communications Manager.
    • The second but most important is the "AirCard 313U" interface which is basically a USB modem network interface. This is what we will use for setting up the DUN.
  2. One important thing that i noticed is that the drivers that came on the card are actually the only ones (at least for MAC OSX) which install the USB Modem driver and are embedded into the ATT Communications Manager that it installs. If you download a version of ATT Communications Manager from AT&T's website, you may be out of luck and you may not get the Modem Driver installed.
  3. Now if you don't wanna do VPN, you can continue to use the ATT Communications Manager utility to connect.
  4. For VPN, you need to go to Mac OSX Network Preferences. You will use the same approach for any OS. All you need to do is to identify the USB Modem Network Interface.
  5. Once you have located the USB modem network interface, enter the following settings on the Network Interface.
    • Telephone Number - *99#
    • User Nam & Password - Optional. If your network provider has provided you one, please use it otherwise leave it blank.
    • Under Advanced Settings
      • Select the Modem Driver - Sierra Wireless (or your specific vendor)
      • Model - GSM or CDMA
      • APN - broadband or ISP.CINGULAR (These are only for ATT. You can find your network provider APN from the AirCard Settings)
      • CID = 1
    • Proxy - You can setup proxies if required by your corporate.
  6. Save the settings and make sure that the ATT Communications Manager is not running and is not connected using the "direct IP" interface.
  7. Click connect and you will be connected to the internet via DUN (Dial-Up Networking).
  8. Start Cisco AnyConnect VPN and try connecting to your corporate VPN and there you have it.. A working VPN with no degradation of speed ( i validated using speedtest) on a wireless 4G LTE Data Card.

14 comments:

  1. I'm extremely inspired together with your writing skills as smartly as with the structure for your blog. Is this a paid topic or did you modify it your self? Either way stay up the nice high quality writing, it is uncommon to see a nice weblog like this one these days..
    My web page: Recovery contact exchange

    ReplyDelete
  2. These GSM Modems are supposed to work with VPN seamlessly.. You'd think they test essential applications such as VPN with these modems..

    ReplyDelete
  3. Great write up. This worked like a charm. Thanks!!!!

    ReplyDelete
  4. Thank you Nitesh. This article has been immensely useful to me and I have finally resolved a problem that I have been trying to work out since last 2 months....Great work and very helpful!!!

    ReplyDelete
  5. I have the same problem using a PC with Windows 7 and support is saying LTE will not work with Cisco VPN IPSEC client or AnyConnect. The card works fine until you try to establish a VPN connection (same connection error). Has anybody been able to get the 313U to work under this platform using Cisco VPN?

    ReplyDelete
  6. I have the same problem using a PC with Windows 7 and support is saying LTE will not work with Cisco VPN IPSEC client or AnyConnect. The card works fine until you try to establish a VPN connection (same connection error). Has anybody been able to get the 313U to work under this platform using Cisco VPN?

    ReplyDelete
  7. Hi Nitesh,
    i'm having a Sierra Wireless AT&T USBConnect Aircard which is fully unlocked.
    it was working until a couple of days back and when i updated the ACM with 9.2.444.7, it doesn't detect the device at all. I tired the same thing on my MacBook Air running OS X 10.8.4, no luck. the ACM says No Device is Detected.
    any fixes that you suggest?

    Thanks
    Shashank

    ReplyDelete
  8. Shashank,

    I would recommend completely uninstalling the ACM. Look at the CD version that came with the device and install that disabling the auto update. Lemme know if it works.

    Thanks
    -Nitesh

    ReplyDelete
  9. Jeff, I believe if you follow the steps in my post you should not get the CISCO error. I have it working on both MAC and WINDOWS 8 in VMWare.

    ReplyDelete
  10. Its really a nice information.. I searching for this a log time.. Thanks for sharing this.

    reliance 3g data card in chennai | reliance data card in chennai

    ReplyDelete
  11. For anyone interested - I was having a similar problem getting my cisco vpn client to connect using the ATT 313U. I solved it by connecting using the aircard watcher generic download from sierra wireless and disabling the "windows mobile broadband" under the General section in "options".

    ReplyDelete
  12. thanks anonymous, that worked great and easy. I downloaded the aircard watcher from netgear site, and then switching that option and my cisco vpn works great.

    ReplyDelete
  13. Hi all!

    Thanks anonymous for that! This worked like a charm! It was a headache trying to figure this out with little to nothing working as per the requirements. SO thank you so much!!

    ReplyDelete