Hi All,
I have a 'work around' for this problem that works for me - perhaps it will help you...
Long story short: try somehow disrupting the port that PulseSecure/Ivanti is using - in my case it is port 4500, and I disrupted it in my router settings. This forced the connection to fall back to more stable protocol - it's not perfect, but does lead to connections that generally last up to 8 hours.
For the more complete story, keep reading, but please note that I am not a computer/network expert so don't flame me if I get anything technical wrong - the stuff below is just what I've been forced to learn over the last six months whilst trying to solve my connection problems!
_________________________________
Background: I have had exactly the issues as described by the original poster @Three5GVPN - I am using my company laptop which uses Ivanti (previously Pulse Secure) and I use a 4G router with a Three SIM. I was losing connection every three minutes (e.g. if using SAP, or remotely controlling another computer, or connected to a database, I would momentarily lose connection every three minutes and would have to log back on again - basically it was not possible to do my work!).
When I say three minutes, I mean almost exactly three minutes, predictable to within a second or two.
I also found that:
- I had the same issue when using my phone's hotspot (using a Smarty SIM - Smarty also use the Three network)
- I had no issues when I used a Lebara SIM - Lebara use the Vodafone network.
Additionally: I found that I did occasionally get a good stable connection which lasted much longer than three minutes - from a few minutes to eight hours long (remember that - it's important for the story...)
When did my problems start? In the past, I was able to use Pulse Secure just fine *(see asterisk later). My problems started when the company IT dept updated Pulse Secure to a newer version, and later on, updated to Ivanti. So you see, the problem seems to be a combination of i) the Three network and ii) the update of the Pulse Secure/Ivanti software (or maybe a change in the PulseSecure/Ivanti settings).
Investigations: My company IT dept was unable to get anywhere, so after a few months, I decided to look into it myself. I trawled through the event logs that you can generate: From the Ivanti app, select File, Logs, Log Level, Detailed, then select File, Logs, Save As and save to your computer.
From the logs, I saw that the VPN usually uses a protocol called ESP - it is these ESP connections that disconnect every three minutes. However, when I investigated the occasional stable connections, I saw that these occurred when there were reports of 'missing heartbeats', presumably due to a poor mobile signal - these caused the VPN to switch from ESP to an alternative protocol called SSL.
These SSL connections are more stable - though perhaps a bit laggy - they can last just a few minutes but more often than not, over an hour. See example below, where I had a good, eight hour connection from 08:04:58 to 16:07:18 after the connection switched from ESP to SSL due to missing heartbeats:
(so ironically, it seems that maybe a poor mobile signal leads to a good connection!)
You can see what sort of connection you have without needing to save any logs. From the Ivanti app, select File, Connections, Advanced Connection Details... see examples of SSL and ESP connections below:
So, I wondered if there was a way to force the system to use an SSL connection... this is what I found:
How to kill the ESP connection, and get a stable SSL connection: During discussions with my IT dept, I found out that the ESP connection uses 'udp Port 4500', ( I contacted Three Technical Support to ask about this - they told me that there were no restrictions on port 4500...) so my plan was to try to disrupt port 4500 to force the VPN from ESP mode into SSL mode... I found a way to do this using my router settings:
Router: Huawei B593s-22
I found a security setting 'ALG' and told it to use port 4500, and then enabled it - see below:
Success! After changing the settings and restarting the router, my ESP connection always gets these 'missed heartbeats' and reverts to SSL mode after about 20 seconds. So now, using SSL mode, I am able to do my work. However, I don't think this is a fix, it's just a work around until someone figures out what the real issue is - my connections are now good enough for me to do my work, but they do seem a bit laggy and they do sometimes still disconnect after only a few minutes.
Another Option? If you can't configure your router like I did then, if you have admin rights on your PC, I think you can block Port 4500 in the computer settings - that might also work - I don't know for sure as I haven't tried it, but it's worth a shot...
(*Actually from the event logs it looks like, in the period before my problems started, before the original PulseSecure update, the connection was also disconnecting every three minutes - however, it did not cause me any noticable issues... I can't explain that, but there's a clue there somewhere... maybe something changed in Pulse Secure regarding how it handles momentary disconnections? - I do have some suspicions about a 'dynamic trust' configuration setting, but haven't really investigated it yet...)
