• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

VPN Client!!!

Hi there,

I'm using a VPN Client to connect into my school's server. I can get connected without any problem. However when i check the statistics for the incoming packets decrypted it says 0. I believe something is blocking the packets. I have a pix 501 at my house. Do you think this could be the reason? Do you have any suggestions?

Thanks for your help.
0
mdiez
Asked:
mdiez
  • 2
1 Solution
 
birksyCommented:
Hi,

Given that you've a 501 at home I'm assuming that as you traverse your firewalls interfaces you're going through a private/public address boundary and hence the VPN server at the other end has to support client NAT.

Cisco typically use port 10000/UDP to create the network transport when your client is on a private address, but without knowing what sort of VPN server you're connecting to (e.g. Nortel, Symantec, Cisco) or for that matter whether you're using PPtP or IPSEC (or even an SSL VPN) it's immaterial. Let us know what sort of device you're connecting to and we'll go from there.

In the meantime here's a good place to start looking in terms of passing IPSEC VPN traffic through your firewall:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml

R.
0
 
mdiezAuthor Commented:
Hi there,

Thanks for youe response. My school is running a VPN Cisco Server. And they are using IPSEC. Does this help, or you need more information.

Thanks for your help
0
 
birksyCommented:
Since you're connecting to another Cisco box things become slightly more simple.

You need to consider opening the following on your Pix:

ESP (50/IP)
ISAKMP (500/UDP)
10000/UDP

You'll also need to configure your Cisco client to do NAT traversal using a UDP transport. The link that I posted above explains how to do the firewall side of this in some detail.

Let me know how you get on, any if you have further problems.

R.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now