I’ve been running the Cisco VPN Client (version 5.0.0.360) for quite some time now and have consistently had another one of those “annoying but not enough to bother doing something about it” issues the entire time.
Basically, it can often be difficult to establish a connection. Once a connection is made, it stays up quite nicely (as long as there’s a little bit of activity over it). But establishing the connection in the first place can really be an exercise in patience sometimes, often taking 10 minutes or more of repeated connection attempts before succeeding. It seemed to me to have something to do with a timeout, but I had no idea what to tune or even where to look.
I finally decided to go poking around for a possible solution this morning.
First stop was Google, looking to see if there was a new version out. There is, but only with relatively minor changes, it would appear.
But the “changes and release notes” page did have some possibly pertinent material on it.
In particular, this caught my eye:
Vista Window Auto-Tuning Feature Might Cause Network Timeout Problems
Vista introduces a new feature called “Receive Window Auto-Tuning” that continually adjusts the receive windows size, based upon the changing network conditions.
Some people reported that auto-tuning causes network timeout problems with some applications and routers.
To turn off this Auto-Tuning, just open an administrative access command prompt and enter:
netsh interface tcp set global autotuninglevel=disabled
Try it out. If it doesn’t help, you can turn auto-tuning back on by entering enabled in the above command.
At least so far for me, with it off, I’ve been able to connect immediately, every time now. A far cry from before.
*UPDATE*
There’s a little more to it than just the autotuning level, it turns out. Apparently, VMWare’s networking support can really mess with the Cisco VPN service. From what I can gather so far, Cisco’s service does not like network interfaces disappearing and reappearing. It doesn’t track them internally properly. So, even if you exit VMWare to start your Cisco VPN session, the Cisco service might still be confused.
The easiest solution is to simply restart the Cisco VPN Service (called CVPND). You can do it manually through the Services control panel, or use a batch file to restart it even more easily (check here for a nice clean little batch file that handles all the nuances of restarting a service).
Finally, it’s not just VMWare that can mess with the Cisco VPN service. Apparently, ANY application which causes network interfaces to be created or removed could cause similar problems.