Solved

Can connect using SecurRemote via dialup but not via ADSL using Vigor

Posted on 2004-09-07
5
605 Views
Last Modified: 2008-01-09
We connect to a clients network using Dialup and VPN-1 SecureRemote NG. This works fine when we dial into the Internet then connect.

However it would be easier if we could use the ADSL connection to the Internet to connect.  

The SecuRemote lets us Update the Site via ADSL and seems to authenticate however when we ping the target computer 132.132.32.10 on the target network we get nothing back. However this does work when dialed up to the internet through an Analogue Modem.

If it is relevant we are using a Vigor 2600G router.

What can I do.
0
Comment
Question by:readjf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 84 total points
ID: 11998923
I'm guessing that the router is doing NAT and is not IPsec aware.

There's a famous quote from one of the authors of the IPsec standard that goes something like "NAT is exactly the type of attack IPsec is designed to defend against"
0
 
LVL 3

Assisted Solution

by:dschwartzer
dschwartzer earned 83 total points
ID: 12003690
There's a way to work around this. Check Point invented a mechanism, called UDP encapsulation, which adds a fake UDP header to each IPSec packet. Both source and destination ports are set to 2746 (if I'm not mistaken). This mechanism allows NAT devices on the way to forward the packet furhter.
To turn this feature on, open SecuRemote menu ->tools and look in there. I can't recall exactly where the checkbox is, but it's called 'UDP encapsulation'.

HTH,
Daniel
0
 

Assisted Solution

by:rjbrown99
rjbrown99 earned 83 total points
ID: 12003855
The first thing I would suggest is to visit the web site of the vendor that makes your Vigor router.  Download any new firmware updates and apply them to your router before doing anything else.  I can tell you for sure that certain routers (one of my Netgears had this issue) have shipped with firmware that prevented VPN tunnels from working.  Here's the URL:

http://www.draytek.co.uk/support/index.html

Next, update to the latest version of SecuRemote.  It doesn't matter if your firewall version is a bit older - the newer client will work with an older firewall.

Now the part that will probably be the biggest help.  In the configuration for your Vigor router, disable all VPN features (PPTP, IPSec, and L2TP) since it also supports site-to-site connectivity.  For testing purposes, you want to make sure there are no issues with passing the packets.  Vigor themselves suggest this.  Try it now and see if it works.

Still doens't work?  Okay, visit this FAQ, Question #7:
http://www.draytek.co.uk/support/router_faq.html

You are using IPSec.  You may have to fiddle with the Vigor's configuration a bit to either enable a VPN "passthrough" or else use the DMZ function to just pass packets straight through the router.

The only settings on the host that you can change are SecuRemote are to in settings, connections tab, properties of your connection, advanced.  Make sure "Connectivity Enhancements" is checked with "Use NAT traversal tunneling" and "IKE over TCP" and "Force UDP Encapsulation".

Still doesn't work?  Well, let us know after you perform those steps and we'll motor on from there.

-Rob
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question