Archer A20 - Work VPN not working. How to enable VPN Passthrough
Hello, I have been trying to connect to my work via the Cisco VPN client they installed on my work laptop. The VPN appears to connect, but then constantly drops. There are help articles on enabling VPN Passthrough on older routers (https://www.tp-link.com/us/support/faq/558/), but the screens on my router do not look like the ones in the article.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You can find the settings under Advanced > NAT Forwarding > ALG
Are you able to bypass the router and have your computer directly connected to the modem to test to see if the issue stays with the router or with the computer?
- Copy Link
- Report Inappropriate Content
I finally got a chance to try this & it did not fix my problem. I will try plugging directly into the modem tomorrow & see if that has the same effect.
Thanks for the reply.
- Copy Link
- Report Inappropriate Content
@Tony Well, it looks like you sent me on the right path. I hook up straight to the modem & I can't get it to stay connected there either.
It looks like I've been barking up the wrong tree, blaming the TP-Link router.
Now to look into my wireless from AT&T to see why IT can't keep my VPN connection up.
Thanks again!
- Copy Link
- Report Inappropriate Content
No worries, if you do get it working, but yet you come across the same issue introducing the Archer A20, please let us know.
- Copy Link
- Report Inappropriate Content
Try other VPN services, here's a Hola VPN review, this is what I find the best from my experience, but you can experiment with other VPNs from the site.
- Copy Link
- Report Inappropriate Content
I think I know what your problem is, but I'm not sure there's a fix. I rely on AT&T LTE for my home internet (netgear cell modem) and also use my phone's hotspot, and both have the problem. However I'm fairly certain the problem lies with AT&T blocking UDP port 443 at the carrier level. A bunch of us have been pulling our hair out over this on the AT&T forums (links below), but out of the many "fixes" suggested, the only consistent workaround is to have the UDP port used by the DTLS protocol changed to something other than port 443 - if you're lucky enough to have your company agree to do it. I've had no problems for years until early October (Portland, OR area). It's also been reported that AT&T U-verse uses the same port, so it may be related.
A little background - cisco anyconnect VPN requires two connections, DTLS (UDP 443) for main traffic, and TLS/SSL (TCP 443) for status check, maintenance, and as a backup if DTLS fails. If a DTLS connection cannot be established, the VPN will typically stay connected and transfer data over TLS, but the traffic flow will be very slow and unstable. For me, at worst it stops passing traffic several times a minute leading to constant remote desktop disconnects, stopped file transfers, etc. This explains why it's intermittent while still showing "connected." I know you mentioned you're disconnecting, but does your actual VPN session disconnect or some other program?
To verify, check this:
- Go to Cisco AnyConnect Secure Mobility Client
- On left, click the settings option
- Go to VPN tab and select the Statistics Tab
- Scroll down to Transport Information
My connection will show DTLS at first until the client gives up after a few minutes then permanently shows TLS. the logs show a DTLS connection is never established. This does not happen on ANY other ISP, cellular provider, etc. AT&T did something recently to block UDP443, but it's impossible to know who or how many are impacted and where, and AT&T won't acknowledge it. I just know changing the port fixes it. Also I have a personal VPN service that uses other UDP ports, and it works just fine. Hope this helps.
Go to last pages:
- Copy Link
- Report Inappropriate Content
@cchanor Thanks for the info, sorry it took me so long to get back to you. It's been a busy couple months. This seems to be the issue, but it doesn't seem like my IT people will be changing the VPN for me connect in to. Luckily I have a company phone with Mobile Hotspot that isn't on AT&T, so it looks like I'll be using that for the interim.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 7378
Replies: 7
Voters 0
No one has voted for it yet.