Solved

Can connect using SecurRemote via dialup but not via ADSL using Vigor

Posted on 2004-09-07
5
603 Views
Last Modified: 2008-01-09
We connect to a clients network using Dialup and VPN-1 SecureRemote NG. This works fine when we dial into the Internet then connect.

However it would be easier if we could use the ADSL connection to the Internet to connect.  

The SecuRemote lets us Update the Site via ADSL and seems to authenticate however when we ping the target computer 132.132.32.10 on the target network we get nothing back. However this does work when dialed up to the internet through an Analogue Modem.

If it is relevant we are using a Vigor 2600G router.

What can I do.
0
Comment
Question by:readjf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 84 total points
ID: 11998923
I'm guessing that the router is doing NAT and is not IPsec aware.

There's a famous quote from one of the authors of the IPsec standard that goes something like "NAT is exactly the type of attack IPsec is designed to defend against"
0
 
LVL 3

Assisted Solution

by:dschwartzer
dschwartzer earned 83 total points
ID: 12003690
There's a way to work around this. Check Point invented a mechanism, called UDP encapsulation, which adds a fake UDP header to each IPSec packet. Both source and destination ports are set to 2746 (if I'm not mistaken). This mechanism allows NAT devices on the way to forward the packet furhter.
To turn this feature on, open SecuRemote menu ->tools and look in there. I can't recall exactly where the checkbox is, but it's called 'UDP encapsulation'.

HTH,
Daniel
0
 

Assisted Solution

by:rjbrown99
rjbrown99 earned 83 total points
ID: 12003855
The first thing I would suggest is to visit the web site of the vendor that makes your Vigor router.  Download any new firmware updates and apply them to your router before doing anything else.  I can tell you for sure that certain routers (one of my Netgears had this issue) have shipped with firmware that prevented VPN tunnels from working.  Here's the URL:

http://www.draytek.co.uk/support/index.html

Next, update to the latest version of SecuRemote.  It doesn't matter if your firewall version is a bit older - the newer client will work with an older firewall.

Now the part that will probably be the biggest help.  In the configuration for your Vigor router, disable all VPN features (PPTP, IPSec, and L2TP) since it also supports site-to-site connectivity.  For testing purposes, you want to make sure there are no issues with passing the packets.  Vigor themselves suggest this.  Try it now and see if it works.

Still doens't work?  Okay, visit this FAQ, Question #7:
http://www.draytek.co.uk/support/router_faq.html

You are using IPSec.  You may have to fiddle with the Vigor's configuration a bit to either enable a VPN "passthrough" or else use the DMZ function to just pass packets straight through the router.

The only settings on the host that you can change are SecuRemote are to in settings, connections tab, properties of your connection, advanced.  Make sure "Connectivity Enhancements" is checked with "Use NAT traversal tunneling" and "IKE over TCP" and "Force UDP Encapsulation".

Still doesn't work?  Well, let us know after you perform those steps and we'll motor on from there.

-Rob
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Server 2014 Setup Question 5 185
Windows Defender not able to really turn off 5 77
TMG 2010 Deployment 3 113
Telnet IP/port - Testing for connectivity question 11 136
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question