• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 448
  • Last Modified:

VPN and pinging can hit router, IE and PCAnywhere can't.

We can't connect to a router with PCAnywhere or IE, but we can ping the ip address and get through our Linksys QuickVPN. PCA is waiting in host mode, the ports are forwarded (5631 and 5632). I can get into the computers through our VPN and Proxy, and check the router through IE while connected with Proxy, and can ping out (and get out to the internet. If we try the ip address through IE or PCAnywhere, we get can't find or can't connect messages respectively.
0
DDJ-DDG
Asked:
DDJ-DDG
  • 5
  • 3
1 Solution
 
Rob WilliamsCommented:
I am a little confused.  :-)
You have a router you are connecting to with the Linksys QuickVPN.
Can you confirm you have connectivity by pinging the LAN side of the router, and open the web management console using the LAN IP of the router?
If you are planning to connect via VPN, you do not need any port forwarding of any ports for PCAnyWhere or any other service, however when connecting you need to use the local/LAN IP of the router rather than the WAN/public IP, as if you were connecting from within the office. One of the advantages of a VPN is all ports are open through the tunnel.
You mention proxy. Do you have a proxy server, and where is it physically located in relation to the router ?
Have any software firewalls on the PC's/servers been disabled or configured to allow the incoming service ?
It would be useful knowing the make and model of your modem and router and what proxy server you are using.
0
 
DDJ-DDGAuthor Commented:
Sorry for leaving out info. We connect thru VPN to support client. The client has a support contract with proprietary software and their support team requires PCA connection to troubleshoot, etc. Proxy is software by Funk (now juniper.net) that allows remote control, etc. of all the computers once you connect through the VPN. No proxy server.  Router is linksys WRV54G, modem is Dlink 504dsl. I can connect to their system through our VPN, go to a computer using Funk Proxy, open IE and get to the router or go online. This is a SB Server 2003 domain with AD and DNS (no dhcp) with several computers. No firewalls except the router's. (one odd note - in looking at Macafee IS installed locally on one of the machines - it's firewall is not enabled, but it detected a Windows firewall, but the Windows firewall is not enabled through group policy). If we turn off the router firewall, we can get to the router through IE, but still can't connect through PCA. I think there must be some security or addressing issue that's stopping PCA from seeing the internal IP address, but I'm stumped. Thanks for the help.
0
 
Rob WilliamsCommented:
The D-link DSL-504 is a combined modem and firewall. If it is in it's normal mode, it is performing NAT (Network Address Translation). This would require forwarding the appropriate ports for PCA or other services to the Linksys, which is also performing NAT, and then the Linksys in tern forwarding ports/services to the appropriate devices. Although this works fine for some services, others do not like the complexity of the connection, with 2 NAT devices. If this is the case, I would recommend putting the D-Link in Bridge mode if you have not already done so. If you need a hand with that let me know.
--Rob
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
DDJ-DDGAuthor Commented:
Thanks, it's already set in bridge mode.
0
 
Rob WilliamsCommented:
That explains why the QuickVPN works. :-)  I was wondering.

Mmmmm. I'm stumped. Once you can connect through the VPN properly there shouldn't be a problem. Only other 2 things I can think of are:
1) Switch off encryption within PCA, if enabled. Sometimes encrypted services in conjunction with the VPN encryption can cause unpredictable results
2) Some newer versions of McAfee virus protection (not firewall) have a feature called Internet Worm Protection. This can be disabled independently of the other virus protection features. I have seen this block some remote services when enabled.
Sorry, not much help.
--Rob
0
 
DDJ-DDGAuthor Commented:
Took a while to get back to this. Made sure the PCA security was set to none. In working with Linksys support for a long time, we got it working, but I'd like your take on which change made it work. She had me trigger and forward ports 443, 500, and 1723. We also found that netbios for tcp/ip wasn't enabled on all computers involved. I'm not sure what those 3 ports might have had to do with it, and I'm thinking it was the netbios issue on the domain. Any thoughts?
0
 
Rob WilliamsCommented:
Sounds more like NetBIOS. Guess it is difficult to check now, but if it was a NetBIOS issue you should have been able to connect by IP rather than NetBIOS name. NetBIOS names are not generally broadcast over a VPN by default. If you need some work-arounds for that let me know and I can help you out.

As for forwarding ports, the beauty of a hardware VPN is no ports need to be forwarded, opened, modified.......
All traffic is allowed to pass freely between networks. Port triggering is another issue. That is mostly used for gaming. If you were using a VPN server behind the WRV54G, such as Windows RRAS VPN server and the Windows client rather than the Quick VPN client you would forward TCP port 1723 for a PPTP VPN to the VPN server, or for an L2TP with IPSec Windows VPN, UDP ports 500, 1701 and possibly 4500. Port 443 is for secure web browsing such as banking sites. I Can't see where any of those have any relevance here. I am afraid I don't have a lot of faith in Linksys tech support.
0
 
Rob WilliamsCommented:
Thanks DDJ-DDG,
--Rob
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now