Solved

Celestix Router: Configuring Firewall for VPN

Posted on 2001-07-10
11
289 Views
Last Modified: 2013-11-29
Hi all,

We have a celectix router, Aires withing our building. Recently, some quests tried to access their VPN from within our network. It appears that the ports which their VPN uses is blocked by our firewall (UDP 2233, etc.). I'd like to know if anybody has configured firewalls, hopefully on the same router before. Our router is running on a Linux platform.

Thanks for you help.
0
Comment
Question by:Kelvin_King
  • 6
  • 5
11 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6273164
Your Linux router is probably running NAT and their VPN does not support clients running behind NAT.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6275391
Any thing I can do about that ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6277581
Probably not.  You would either have to get them outside the Linux box or have them change their type of VPN.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6279185
I'm sorry, I think I made a mistake, the firewall is on the server, which is running Linux. The server functions as the local DNS server as well. The router is a seperate device, which has limited configuration capailities.

So you don't think that by opening the ports which their VPN uses will solve the problem ?

I'm not really sure if we are using a NAT, how do I check that ?

Thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6281067
What is your IP addressing scheme?  192.168.x.x, 172.16.x.x, 10.x.x.x?  
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283404
It is 192.168.1.1
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283405
By the way, could u explain to me how come u knew the the addressing scheme would be 192.168.x.x, 172.16.x.x, 10.x.x.x?  
Is it some kind of international addressing ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6284089
Those address ranges are considered private according to the RFC.  If you are using them, you must be using some sort of address translation.  Most firewalls or NAT devices will default to one or the other of those schemes.  The ranges will generally not be routed or forwarded by internet routers.  T
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6284319
I see, so what is translating the internal address to be used over the internet ? Is it the firewall, router ?

Anyway, back to the main issue, do u think there's any way to unblock the ports in the firewall ? I'm not sure if all firewall files are the same, if you want I could copy it out or maybe send it to u.

Thanks.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
ID: 6286278
The Linux box is almost certainly doing the address translation.  A lot of VPN's simply will not work if the source IP address is being translated.  You need to find out what kind of VPN they are using.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6293247
You were right about the server using NAT. I was told by one of the engineers that the server only allows 1 VPN connection at any one time, due to the fact that there is only 1 IP address for the entire network.

Anyway, thanks for your help and answering my other questions.

Cheers !
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now