Solved

Can connect using SecurRemote via dialup but not via ADSL using Vigor

Posted on 2004-09-07
5
599 Views
Last Modified: 2008-01-09
We connect to a clients network using Dialup and VPN-1 SecureRemote NG. This works fine when we dial into the Internet then connect.

However it would be easier if we could use the ADSL connection to the Internet to connect.  

The SecuRemote lets us Update the Site via ADSL and seems to authenticate however when we ping the target computer 132.132.32.10 on the target network we get nothing back. However this does work when dialed up to the internet through an Analogue Modem.

If it is relevant we are using a Vigor 2600G router.

What can I do.
0
Comment
Question by:readjf
5 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 84 total points
ID: 11998923
I'm guessing that the router is doing NAT and is not IPsec aware.

There's a famous quote from one of the authors of the IPsec standard that goes something like "NAT is exactly the type of attack IPsec is designed to defend against"
0
 
LVL 3

Assisted Solution

by:dschwartzer
dschwartzer earned 83 total points
ID: 12003690
There's a way to work around this. Check Point invented a mechanism, called UDP encapsulation, which adds a fake UDP header to each IPSec packet. Both source and destination ports are set to 2746 (if I'm not mistaken). This mechanism allows NAT devices on the way to forward the packet furhter.
To turn this feature on, open SecuRemote menu ->tools and look in there. I can't recall exactly where the checkbox is, but it's called 'UDP encapsulation'.

HTH,
Daniel
0
 

Assisted Solution

by:rjbrown99
rjbrown99 earned 83 total points
ID: 12003855
The first thing I would suggest is to visit the web site of the vendor that makes your Vigor router.  Download any new firmware updates and apply them to your router before doing anything else.  I can tell you for sure that certain routers (one of my Netgears had this issue) have shipped with firmware that prevented VPN tunnels from working.  Here's the URL:

http://www.draytek.co.uk/support/index.html

Next, update to the latest version of SecuRemote.  It doesn't matter if your firewall version is a bit older - the newer client will work with an older firewall.

Now the part that will probably be the biggest help.  In the configuration for your Vigor router, disable all VPN features (PPTP, IPSec, and L2TP) since it also supports site-to-site connectivity.  For testing purposes, you want to make sure there are no issues with passing the packets.  Vigor themselves suggest this.  Try it now and see if it works.

Still doens't work?  Okay, visit this FAQ, Question #7:
http://www.draytek.co.uk/support/router_faq.html

You are using IPSec.  You may have to fiddle with the Vigor's configuration a bit to either enable a VPN "passthrough" or else use the DMZ function to just pass packets straight through the router.

The only settings on the host that you can change are SecuRemote are to in settings, connections tab, properties of your connection, advanced.  Make sure "Connectivity Enhancements" is checked with "Use NAT traversal tunneling" and "IKE over TCP" and "Force UDP Encapsulation".

Still doesn't work?  Well, let us know after you perform those steps and we'll motor on from there.

-Rob
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
iptables question 3 72
only allowed to specific websites - web filtering 3 211
Multiple IP Address Block through a switch 7 112
ipsec tunnel comme not up 10 79
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now