[vpn-help] Shrewsoft with Cisco IOS dead connections

[Kevin VPN]

On 05/24/2013 01:03 AM, Jon Seppanen wrote:
> I have tried looking around on the net and searching in various was for help with this. It is getting rather troublesome and hope to get some help.
> Whenever I connect to one of our remote sites with Shrewsoft VPN after importing our Cisco profiles, they used to connect perfectly.
> Recently, and more and more often, we have had some major issues though.
> 1: The client will show as "connected" and "tunnel enabled", however there is ZERO TRAFFIC. No ping, nothing.
> 2: Setting a static IP in the connection settings helps somewhat, but then ONLY the last user account from the last machine that connected EVER gets traffic. Everyone else has the above problem.
> 3: Even when the working client is fully disconnected and logged off, there is no traffic, even though it displays as "tunnel enabled".
>
> No changes in our config have occurred, it just stopped working.
> Now only one machine with one user account can connect, and it occasionally stops working there as well.
> When this occurs, setting a new static IP address fixes it.
>
> We are now running out of IP addresses to re-assign to the profile, and once that occurs our remote sites will be completely inaccessible. They are hundreds of kilometres away and fielded by non-technical staff who cannot be relied upon to reboot the routers (which seems to fix the issue).
> The routers are top of the line cisco 8xx series, and all the sites have the same router.
> Please, we are in desparate need of help. 		 	   		
>

Hi Jon,

Have you recently upgraded your clients from Shrew 2.1.x to 2.2.x?  Can 
you see if the Ciscos are complaining about (or dropping) fragmented 
packets coming from the VPN client machines?