Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Celestix Router: Configuring Firewall for VPN

Posted on 2001-07-10
11
Medium Priority
?
306 Views
Last Modified: 2013-11-29
Hi all,

We have a celectix router, Aires withing our building. Recently, some quests tried to access their VPN from within our network. It appears that the ports which their VPN uses is blocked by our firewall (UDP 2233, etc.). I'd like to know if anybody has configured firewalls, hopefully on the same router before. Our router is running on a Linux platform.

Thanks for you help.
0
Comment
Question by:Kelvin_King
  • 6
  • 5
11 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6273164
Your Linux router is probably running NAT and their VPN does not support clients running behind NAT.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6275391
Any thing I can do about that ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6277581
Probably not.  You would either have to get them outside the Linux box or have them change their type of VPN.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 13

Author Comment

by:Kelvin_King
ID: 6279185
I'm sorry, I think I made a mistake, the firewall is on the server, which is running Linux. The server functions as the local DNS server as well. The router is a seperate device, which has limited configuration capailities.

So you don't think that by opening the ports which their VPN uses will solve the problem ?

I'm not really sure if we are using a NAT, how do I check that ?

Thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6281067
What is your IP addressing scheme?  192.168.x.x, 172.16.x.x, 10.x.x.x?  
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283404
It is 192.168.1.1
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6283405
By the way, could u explain to me how come u knew the the addressing scheme would be 192.168.x.x, 172.16.x.x, 10.x.x.x?  
Is it some kind of international addressing ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6284089
Those address ranges are considered private according to the RFC.  If you are using them, you must be using some sort of address translation.  Most firewalls or NAT devices will default to one or the other of those schemes.  The ranges will generally not be routed or forwarded by internet routers.  T
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6284319
I see, so what is translating the internal address to be used over the internet ? Is it the firewall, router ?

Anyway, back to the main issue, do u think there's any way to unblock the ports in the firewall ? I'm not sure if all firewall files are the same, if you want I could copy it out or maybe send it to u.

Thanks.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 800 total points
ID: 6286278
The Linux box is almost certainly doing the address translation.  A lot of VPN's simply will not work if the source IP address is being translated.  You need to find out what kind of VPN they are using.
0
 
LVL 13

Author Comment

by:Kelvin_King
ID: 6293247
You were right about the server using NAT. I was told by one of the engineers that the server only allows 1 VPN connection at any one time, due to the fact that there is only 1 IP address for the entire network.

Anyway, thanks for your help and answering my other questions.

Cheers !
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question