Solved

Celestix Router: Configuring Firewall for VPN

Posted on 2001-07-10
11
299 Views
Last Modified: 2013-11-29
Hi all,

We have a celectix router, Aires withing our building. Recently, some quests tried to access their VPN from within our network. It appears that the ports which their VPN uses is blocked by our firewall (UDP 2233, etc.). I'd like to know if anybody has configured firewalls, hopefully on the same router before. Our router is running on a Linux platform.

Thanks for you help.
0
Comment
Question by:Kelvin_King
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6273164
Your Linux router is probably running NAT and their VPN does not support clients running behind NAT.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6275391
Any thing I can do about that ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6277581
Probably not.  You would either have to get them outside the Linux box or have them change their type of VPN.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 13

Author Comment

by:Kelvin_King
ID: 6279185
I'm sorry, I think I made a mistake, the firewall is on the server, which is running Linux. The server functions as the local DNS server as well. The router is a seperate device, which has limited configuration capailities.

So you don't think that by opening the ports which their VPN uses will solve the problem ?

I'm not really sure if we are using a NAT, how do I check that ?

Thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6281067
What is your IP addressing scheme?  192.168.x.x, 172.16.x.x, 10.x.x.x?  
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283404
It is 192.168.1.1
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283405
By the way, could u explain to me how come u knew the the addressing scheme would be 192.168.x.x, 172.16.x.x, 10.x.x.x?  
Is it some kind of international addressing ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6284089
Those address ranges are considered private according to the RFC.  If you are using them, you must be using some sort of address translation.  Most firewalls or NAT devices will default to one or the other of those schemes.  The ranges will generally not be routed or forwarded by internet routers.  T
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6284319
I see, so what is translating the internal address to be used over the internet ? Is it the firewall, router ?

Anyway, back to the main issue, do u think there's any way to unblock the ports in the firewall ? I'm not sure if all firewall files are the same, if you want I could copy it out or maybe send it to u.

Thanks.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
ID: 6286278
The Linux box is almost certainly doing the address translation.  A lot of VPN's simply will not work if the source IP address is being translated.  You need to find out what kind of VPN they are using.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6293247
You were right about the server using NAT. I was told by one of the engineers that the server only allows 1 VPN connection at any one time, due to the fact that there is only 1 IP address for the entire network.

Anyway, thanks for your help and answering my other questions.

Cheers !
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Let’s list some of the technologies that enable smooth teleworking. 
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question