Monthly Archives: October 2013

AppleTVs losing connection on Cisco Wireless Controller

Problem:

Recently, I saw an issue with AppleTVs disconnecting from our Cisco Wireless Network. No matter what we did, the AppleTV would just lose its IP Address and Wireless Signal. This was actually happening at two separate location- both had a Cisco Wireless Controller. After about 60 seconds – the AppleTV would connect again. Then, after a very short amount of time, it would disconnect again.

The AppleTV would work just fine with a wired connection and it worked using an old Airport Extreme Basestation.

The Fix

The Apple TVs were tripping the IP Theft or IP Reuse Client Exclusion Policy on the Cisco Wireless Controller. If you have access to your wireless controller – you can search the “Most Recent Traps” section for excluded clients. This fix will only work if you see the mac addresses for your AppleTVs in this log and it should say excluded next to it.

Example:
Apple TV IP Excluded

 

All of our Apple TVs were being excluded for some reason due to that policy. There was also a rule that would unexclude after 60 seconds – which is why the AppleTV wireless connection would work and then disconnect.

Unchecking the IP Theft or IP Reuse setting under Security -> Wireless Protection Policies -> Client Exclusion Policies has solved this issue for us.

Windows 7 Can’t Connect to Mac OS X VPN Server

How To Connect Windows 7 To Mac VPN Server behind Firewall

Background of problem:

I had a Mac OS X VPN Server set up at a school district that was behind a firewall. It was set up with a static 1 to 1 NAT so that it could be reached publicly. I was able to connect to the Mac VPN with all of my mac devices and had no issues. However, my boss – a windows user – wanted access. Her Windows 7 machine was not able to connect to the VPN Server. No matter what settings we tried it just would not connect.

I spend hours googling and searching the internet for a solution to my problem. I figured that it must be something incompatible between the Mac server and Windows 7. As it turns out – it really had nothing to do with the fact that it was a Mac server. According to Microsoft, Windows by default does not support IPSec over NAT. What this means is that no matter how hard your try to connect to an IPSec VPN that is behind NAT – Windows is not going to connect.

How To Fix:

  1. Log on to the Windows Vista client computer as a user who is a member of the Administrators group.
  2. Click Start Start button, point to All Programs, click Accessories, click Run, type regedit, and then click OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, clickContinue.
  3. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
     Note: You can also apply the
    AssumeUDPEncapsulationContextOnSendRule
    DWORD value to a Microsoft Windows XP Service Pack 2 (SP2)-based VPN client          computer. To do this, locate and then click the following registry subkey:     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
  4. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
  5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
  6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
  7. In the Value Data box, type one of the following values:
    • 0
      A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
    • 1
      A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
    • 2
      A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
  8. Click OK, and then exit Registry Editor.
  9. Restart the computer.