Solved

Celestix Router: Configuring Firewall for VPN

Posted on 2001-07-10
11
292 Views
Last Modified: 2013-11-29
Hi all,

We have a celectix router, Aires withing our building. Recently, some quests tried to access their VPN from within our network. It appears that the ports which their VPN uses is blocked by our firewall (UDP 2233, etc.). I'd like to know if anybody has configured firewalls, hopefully on the same router before. Our router is running on a Linux platform.

Thanks for you help.
0
Comment
Question by:Kelvin_King
  • 6
  • 5
11 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6273164
Your Linux router is probably running NAT and their VPN does not support clients running behind NAT.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6275391
Any thing I can do about that ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6277581
Probably not.  You would either have to get them outside the Linux box or have them change their type of VPN.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 13

Author Comment

by:Kelvin_King
ID: 6279185
I'm sorry, I think I made a mistake, the firewall is on the server, which is running Linux. The server functions as the local DNS server as well. The router is a seperate device, which has limited configuration capailities.

So you don't think that by opening the ports which their VPN uses will solve the problem ?

I'm not really sure if we are using a NAT, how do I check that ?

Thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6281067
What is your IP addressing scheme?  192.168.x.x, 172.16.x.x, 10.x.x.x?  
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283404
It is 192.168.1.1
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283405
By the way, could u explain to me how come u knew the the addressing scheme would be 192.168.x.x, 172.16.x.x, 10.x.x.x?  
Is it some kind of international addressing ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6284089
Those address ranges are considered private according to the RFC.  If you are using them, you must be using some sort of address translation.  Most firewalls or NAT devices will default to one or the other of those schemes.  The ranges will generally not be routed or forwarded by internet routers.  T
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6284319
I see, so what is translating the internal address to be used over the internet ? Is it the firewall, router ?

Anyway, back to the main issue, do u think there's any way to unblock the ports in the firewall ? I'm not sure if all firewall files are the same, if you want I could copy it out or maybe send it to u.

Thanks.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
ID: 6286278
The Linux box is almost certainly doing the address translation.  A lot of VPN's simply will not work if the source IP address is being translated.  You need to find out what kind of VPN they are using.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6293247
You were right about the server using NAT. I was told by one of the engineers that the server only allows 1 VPN connection at any one time, due to the fact that there is only 1 IP address for the entire network.

Anyway, thanks for your help and answering my other questions.

Cheers !
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question