Advanced VPN configuration options

Unexpected VPN Session closure

The VPN gateway has a keep-alive heartbeat to check that the network link to your computer is still working. If you are connected with a weak or unreliable wireless signal, your VPN session may be closed if there is a short disruption to your network link.

This timeout value can be extended to a maximum value of 480 seconds.

Click to configure the Peer response timeout value

Connection Failures

The VPN service is ideal for ensuring privacy of data when using an external network.
However some ISPs do not permit IPSec packets (IP protocol 50) used by the cisco client or the GRE packets (IP protocol 47) used by the inbuilt PPTP clients found on Windows and MAC OS to cross their network. The following mechanism is also useful if there is a firewall which you have to go through to get to the VPN server and also if the ISP uses NAT to assign you an IP address (as is the case at public WiFi hostspots).

You will first need to install the cisco VPN client.

If you are using version or later then Network Translation Transparency (NaT-T) will be automatically enabled when required.
Otherwise you should configure tunnelling as described below.
Screenshots are available at

  1. Bring up the VPN dialer
  2. Click Options
  3. Click Properties
  4. Click Enable Transparent Tunneling
  5. Click Use IPSec over TCP (NAT/PAT/Firewall)
  6. Ensure that the TCP Port is 10000
  7. Click OK
  8. Click Connect

Alternatively you can click UDP tunnelling.

Port 10000 is the port which you need to have opened at your local firewall (if you have one) to ensure that this mechanism will work.

For unix based clients, configure the use of TCP Transparent Tunneling using TCP Port 10000 in the profile.

Configuring split-tunnelling on the cisco VPN client

By default a VPN session will send all your machine's traffic to the VPN gateway. It will appear to the rest of the world that your machine is physically connected to the EdLAN network.

In some circumstances, this means that you are unable to connect to machines on your local network. The work round for this is to use split-tunnelling as described below.

Privacy and cookies