Solved

Celestix Router: Configuring Firewall for VPN

Posted on 2001-07-10
11
282 Views
Last Modified: 2013-11-29
Hi all,

We have a celectix router, Aires withing our building. Recently, some quests tried to access their VPN from within our network. It appears that the ports which their VPN uses is blocked by our firewall (UDP 2233, etc.). I'd like to know if anybody has configured firewalls, hopefully on the same router before. Our router is running on a Linux platform.

Thanks for you help.
0
Comment
Question by:Kelvin_King
  • 6
  • 5
11 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6273164
Your Linux router is probably running NAT and their VPN does not support clients running behind NAT.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6275391
Any thing I can do about that ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6277581
Probably not.  You would either have to get them outside the Linux box or have them change their type of VPN.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6279185
I'm sorry, I think I made a mistake, the firewall is on the server, which is running Linux. The server functions as the local DNS server as well. The router is a seperate device, which has limited configuration capailities.

So you don't think that by opening the ports which their VPN uses will solve the problem ?

I'm not really sure if we are using a NAT, how do I check that ?

Thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6281067
What is your IP addressing scheme?  192.168.x.x, 172.16.x.x, 10.x.x.x?  
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283404
It is 192.168.1.1
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283405
By the way, could u explain to me how come u knew the the addressing scheme would be 192.168.x.x, 172.16.x.x, 10.x.x.x?  
Is it some kind of international addressing ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6284089
Those address ranges are considered private according to the RFC.  If you are using them, you must be using some sort of address translation.  Most firewalls or NAT devices will default to one or the other of those schemes.  The ranges will generally not be routed or forwarded by internet routers.  T
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6284319
I see, so what is translating the internal address to be used over the internet ? Is it the firewall, router ?

Anyway, back to the main issue, do u think there's any way to unblock the ports in the firewall ? I'm not sure if all firewall files are the same, if you want I could copy it out or maybe send it to u.

Thanks.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
ID: 6286278
The Linux box is almost certainly doing the address translation.  A lot of VPN's simply will not work if the source IP address is being translated.  You need to find out what kind of VPN they are using.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6293247
You were right about the server using NAT. I was told by one of the engineers that the server only allows 1 VPN connection at any one time, due to the fact that there is only 1 IP address for the entire network.

Anyway, thanks for your help and answering my other questions.

Cheers !
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now