July 6, 2008 03:30am pdt

1. RobWill 269,328
2. batry_boy 232,484
3. lrmoore 113,038
4. arnold 107,903
5. mwecompu... 64,924
6. dpk_wal 52,425
7. mkielar 41,600
8. ebjers 39,050
9. MrHusy 38,470
10. Cyclops3590 32,200
11. Voltz-dk 28,470
12. TechSoEasy 28,114
13. trinak96 26,165
14. keith_al... 21,046
15. stuknhawaii 20,075

1. RobWill 1,422,221
2. lrmoore 913,781
3. batry_boy 407,194
4. grblades 214,434
5. rsivanandan 145,141
6. calvinetter 112,055
7. arnold 109,903
8. dpk_wal 105,425
9. TechSoEasy 101,193
10. mwecompu... 82,724
11. tim_holman 75,964
12. keith_al... 75,885
13. MrHusy 71,744
14. ewtaylor 68,324
15. Cyclops3590 68,145

07.11.2003 at 10:09AM PDT, ID: 20675962

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.8

Cisco VPN Client through Linksys BEFSR41 router

Zone: Virtual Private Networking (VPN)

Tags: vpn, cisco, linksys, client, router

Hi all - I'm trying to connect to the company VPN using Cisco's VPN client (version 3.6.2) with my remote machine connected through a Linksys BEFSR41 router to an ADSL connection.

Access to standard web sites works fine.

I've read through many of the postings here and elsewhere and have setup the router with the latest firmware (1.44.2) and ensured that IPSec Passthrough is enabled. I've also played with Port Forwarding, etc. as described on the Linksys site and here and still no luck. It looks like the VPN client is attempting to connect to the server and is either not receiving a response or receiving some sort of error (all I get is that the "TCP Connection Failed").

Currently the client is set to "Enable Transparent Tunneling" and "Use IPSec over TCP (Port 10000)". If I change that second setting to "Allow IPSec over UDP" instead, I can connect and am authenticated but I can't seem to access any network resources.

Any thoughts or assistance are much appreciated. Technical answers are fine...networking is not my strong point, but I should be able to figure it out.

Thanks, in advance from a new member who's happy to have found the site!

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: RichNY

Solution Provided By: lrmoore

Participating Experts: 11

Solution Grade: B

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

07.11.2003 at 10:34AM PDT, ID: 8904502

Rank: Sage

lrmoore:

> Currently the client is set to "Enable Transparent Tunneling" and "Use IPSec
> over TCP (Port 10000)". If I change that second setting to "Allow IPSec over
> UDP" instead, I can connect and am authenticated but I can't seem to access
> any network resources.

Questions for you:
What is the Local IP subnet at home? 192.168.1.x?
What is the IP subnet that your client gets?
What is the IP subnet at the company on the other side of the VPN?
If that is the same as your's you will have to change one or the other. Most likely yours.

If you use the status, do you see packets going one way, not the other?

Have you tried adjusting the MTU on the workstation using the SetMTU utility that installs with the client? Adjusting for the PPPoE overhead of the DSL makes a big difference.

07.11.2003 at 10:50AM PDT, ID: 8904629

RichNY:

Thanks for the quick response! Some answers:

Local IP subnet at home - 192.168.1.x
IP subnet that the client gets - I'm not sure what to look at here. Where can I find this?
IP subnet at the company - 172.16.x.x

Regarding using status, my attempt to connect is what's failing. Is there any way to check on traffic or log stuff at this point before I'm actually connected?

I haven't tried adjusting MTU. I can't adjust right now since I'm actually at work, but will try that as a first step when I get home later this evening. I didn't initially try this because I figured that the problems caused by MTU size would manifest after connection, not during the actual connection and subsequent login process. I could have been wrong about that.

Thanks again for the quick response.

Rich

07.11.2003 at 11:16AM PDT, ID: 8904849

Rank: Sage

lrmoore:

Open the client from the systray and the Status should tell you what IP address you have.

You can start the log before you open the client, too.

Also, the newest 4.02 client is much nicer...

07.11.2003 at 06:19PM PDT, ID: 8907118

RichNY:

Update on my latest attempts:

I couldn't get the client far enough through the connection process to get anything at all in the systray and didn't have any luck with logging. The logs kept coming up empty.

I dropped MTU down to 576 and still no luck. Same result.

As a last resort, I borrowed a Netgear RT614v2 router from a friend and gave that a shot. No special setup needed. Plugged the machine into it, logged in to the VPN client and I'm on the network at full speed.

Part of me wants to keep troubleshooting the Linksys, but the part of me that's a father with a 3-month old and a wife says spend the $40 on the Netgear router and move on. It includes an SPI firewall, so it's an upgrade anyway.

Any further ideas on the subject are welcome as I'm still not sure why I'm having all of this trouble with the Linksys.

Thanks!

07.11.2003 at 06:53PM PDT, ID: 8907195

Rank: Sage

lrmoore:

How old is the Linksys? It could be defective...

07.12.2003 at 08:09AM PDT, ID: 8908787

RichNY:

The Linksys is pretty old as these things go - two or three years maybe? It has the latest firmware, but perhaps there's something it just wasn't doing. It's worked flawlessly up until now for everything else.

This morning I picked up a new Netgear RP614v2 identical to the one I tried yesterday. Works perfectly. No setup required. There isn't even a place to do any configuration of IPSec (e.g. IPSec Passthrough on the Linksys). No Port Forwarding is necessary.

Are there any known issues with the Cisco client and Linksys routers using the latest firmware? I've read everything I could find on the subject and it seems like with the latest, it should all work.

Ah, well. Thanks, again, for the assistance in helping me to ensure that I wasn't missing anything obvious or even semi-obvious. I just feel badly that this thread likely won't end with the answer that someone experiencing the same problem will want to hear.

07.12.2003 at 08:26AM PDT, ID: 8908850

Rank: Sage

lrmoore:

I have a Linksys BEFW11S4 ver 1 wireless. I did have problems with Cisco client over wireless connection, but not over wired, and only with the authentication if I was using Radius. Very odd bug. Opened a bug report w/Cisco to try to get Cisco and Linksys to work it out. Turned out a rollback to an earlier version fixed it, but then it was fixed in the later version. Running 1.44.2z now and everything works just fine.

Accepted Solution

07.12.2003 at 09:41AM PDT, ID: 8909048

RichNY:

Interesting. That's exactly the version of the firmware I was running on the Linksys. I wonder if it did have to do with a hardware difference in my older router. I'd love to find someone else at work who's using a Linksys router (BEFSR41) to connect from home. There MUST be a few at least given the popularity of that particular model. If I do find someone who got it to work, I'll post the results back here.

For now, thanks again for all of your help to date! It's been great to have someone knowledgable to walk through this with.

02.02.2004 at 10:03PM PST, ID: 10258732

TinsleyC:

I am using this same Linksys 4-port router and am having the same problem with the Cisco VPN client, v4.0.3c.

Has anyone found a solution for this? I'm running the latest firmware on the Linksys, 1.45.7, have IPSec Passthrough enabled.

I can connect and the network at my work will give me the proper DNS and WINS addresses, all looks good - but when I try to ping something, it waits awhile then returns saying it's pinging the proper address, but get Request Timed Out. Others are using the Cisco VPN Client with success, using the same settings I am.

So, I'm thinking it may be in the LinkSys. This is one of the older models, maybe 3 years old.

03.25.2004 at 04:40AM PST, ID: 10676341

Zulan:

I have the older version of the linksys 4-port rotuer and I cant connect to with my Checkpoint vpn client either.

03.25.2004 at 06:34AM PST, ID: 10677297

TinsleyC:

Removing my old Watchguard Firebox VPN client fixed it. I still had it installed. Once I removed it, the Cisco VPN client worked immediately, even without a reboot.

03.31.2004 at 02:11PM PST, ID: 10727813

AldwinM:

Cisco has acquired linksys so hopefully all the newer models will not have this problem. Hopefully firmware upgrade will also fix this issue.

04.01.2004 at 09:22PM PST, ID: 10738424

cmirving:

I have the linksys befsr41 router with firmware 1.45.6, Jun 24 2003. I am using Cisco VPN Client v4.0.3 and I have no problems whatsoever connecting to work. I purchased my router in 2000. It is very old. I don't think your problem lies with the age of your router, but the firmware. Upgrade to the latest version. Also, you would want to make sure if you are using Windows that you have the latest updates. There is a patch from Microsoft that corrects a bug with Transparent Tunneling.
My settings:

PPTP Disabled
IPSEC Enabled
MTU 1500

I have no ports forwarded and no triggers. My internal IP range is 192.168.1.X. Work IP range is 172.19.101.X. Transparent Tunneling is inactive but enabled. Local Lan Disabled. 168bit 3DES encryption/HMAC-MD5 Authentication. IPSEC over UDP.

Hope this helps someone!

04.01.2004 at 10:26PM PST, ID: 10738649

Zulan:

I have the firmware 1.45.7, Jul 31 2003. But there is another twist to my story. My VPN server at work is brand new, it might be a configuration error somewhere on the VPN server. But if I connect to the vpn server with a machine sitting on the internet there is no problem.

04.02.2004 at 05:38AM PST, ID: 10740495

cmirving:

If you have a PC connected directly to the ISP without a router and you are able to connect to the VPN successfully then the VPN should be configured correctly. What are you settings on your VPN client and what are the settings in your router? Enable PPTP and IPSEC Passthrough and if you are using Transparent Tunneling you will want to make sure you have the latest Windows updates. If you have all of this enabled and you're still not able to connect properly you might try fowarding UDP ports 500 and 4,500. That's a shot in the dark, but if you're not able to connect then anything is worth a try right?

04.08.2004 at 09:32PM PDT, ID: 10789315

blien:

I'm not sure if everyone is trying to connect to a Cisco PIX firewall or Cisco Concentrator. Two different solutions, but I will assume a PIX firewall. Rather than dealing with Linksys, Netgear, or versions of code, it might be easier to configure the Cisco PIX firewall to provide a better VPN solution. Make sure the PIX is running version 6.3 or later and configure it NAT traversal (which is not on by default):

isakmp nat-traversal

Then on the client make sure Transparent Tunneling is enabled for UDP. Not TCP, the PIX doesn't understand TCP Transparent Tunneling (only the Cisco Concentrator does). The nat-traversal command allows ESP packets to pass throught a NAT device. You know when ESP packets are not being passed when you can make a VPN connection but nothing works. I think someone had that problem. Hope this helps.

08.04.2004 at 05:19PM PDT, ID: 11722094

tncadmin:

I was having this same problem but already had the latest firmware on my Linksys router. But Cisco VPN **was** working on a wired NIC and on a Cisco wireless card, but **was not** working with a Linksys WPC11 v4 wireless card that I just bought. I downloaded and installed the latest driver (5.158.1001.2003) and setup wizard / WLAN monitor (2.2.0.5) for that card and that fixed it. Looks like the driver and config software that ships on the CD is ancient.

09.21.2004 at 10:34AM PDT, ID: 12114726

ejbarb:

I had a user that is using cable internet and the befsr41 and after about 3 and a half minutes it was disconnecting. I had her upgrade it to the latest version and it didn't help. I tried a firmware downgrade to the 1.45.6 june 2003 that cmirving suggested and it did seem to help out the problem. I called her back and talked with her on the phone for 11 minutes while she was connected to VPN and everything seemed to be good. I pinged her adddress from my machine a few times and also a few times from the VPN concentrator. So after it looked like everything was good I hung up the phone and danced around my cube in victory...Then about 3 minutes later she called back and said that just after we got off of the phone she was disconnected. I'm wondering if it might be a problem with the concentrator that it doesn't see enough of what it calls "interesting traffic" for the connection to stay alive. Maybe keeping a constant ping would help us determine if this is an issue. She went out to buy a new router though so if someone else has this router they might give that a try. Try pinging an address at the office with ping -t x.x.x.x

She was using
Cisco VPN Client 4.6.00.0045
Connected to Cisco 3015 VPN concentrator
IPSEC over UDP 500 and 10000
Split tunneling disabled
Linksys BEFSR41 firmware 1.45.6
Cable internet through Insight Broadband
IBM Thinkpad
Windows 2000
Her network is 192.168.1.x 255.255.255.0
She is connecting to a 192.168.40.x 255.255.248.0

10.19.2004 at 10:17PM PDT, ID: 12355100

jbueling:

This may help her issue ej, it seemed to have fixed some of our machines, anyway.
For version 4 cards: http://www.linksys.com/support/top10faqs/wpc11/WPC11%20V4%20and%20VPN%20connections.asp
For version 3 cards: http://www.wireless-index.com/wireless_pc_cards/linksys_wpc11_wireless-b_notebook_adapter/

08.25.2005 at 01:40PM PDT, ID: 14756321

rgagne99:

Got it working to MS VPN; Think I had the same problem LINKSYS BEFW11S4 for VPN to work :
IPSEC passthru Disabled; PPTp passthru Enabled; That made all the difference

Did not have to put machine in DMZ;
No Port Forwarding necessary (tried with port Fwd to client, with port fwd to other machine and no port fwd and it worked.

Firmware: 1.44.2z Dec 13/2002

mattulm

12.19.2007 at 09:12PM PST, ID: 20504959

I have a much newer version of the firmware on my Linksys BEFSR41 router, and all I had to enable was IPSEC passthrough, and it s working properly now. Thanks all forthe suggestions from above.

20080236-EE-VQP-29