• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4827
  • Last Modified:

Configure Linksys WRT54G and VPN-1 SecureClient

I'm having a lot of trouble getting my Linksys WRT54G router to work with Checkpoint VPN-1 SecureClient.

It will work fine connected directly to the Cable Modem, but when I connect behind the router, the NAT and SPI is blocking the ports.  I've tried to open ports with port forwarding, port triggering, etc. with no success.

I'm uncertain what steps I need to take to get the SecureClient to operate behind the router.

I've configured the router to be a private 10.10.10.1 network as to not conflict with my office network.

Can anyone provide the steps to get this working?

Thank you!
0
pshoemaker21
Asked:
pshoemaker21
  • 5
1 Solution
 
Rob WilliamsCommented:
Might be as simple as checking the "enable IPSec pass-through" on the firewall page of the security section.

0
 
Rob WilliamsCommented:
By the way, no ports need to be opened or forwarded. Only other issue might be if your modem is a combined router/modem and is also performing NAT, but see how the IPSec pass-through works. If you did forward any ports relating to VPN's change those back to the defaults. They can sometimes interfere with VPN client traffic.
0
 
pshoemaker21Author Commented:
I've already checked all that.  I've been reading a bunch on the net and it's difficult to find anything specific.  The cable modem is just a straight broadband access node, which hands out a single IP address by MAC address.

It has something to do with the port blocking that is enabled by default on the linksys router.  I just don't know how to configure it to get past that.  Not sure if it can be configured or not?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
Rob WilliamsCommented:
I am afraid I am not much help. As a rule with Linksys routers all VPN clients, CheckPoint, WatchGuard, Cisco, etc. are able to work quite well with absolutely no configuration other than allowing IPSec pass-through. It is possible to block the traffic with manual firewall rules, but the defaults should not do so. Perhaps there is a problem with the firmware. Have you tried upgrading or re-installing? Also I have seen some problems with VPN's and wireless connections. Are you connecting to the WRT54G wirelessly or with a cable. Perhaps try a cable if you are using wireless.
0
 
Rob WilliamsCommented:
Also:
>>"The cable modem is just a straight broadband access node, which hands out a single IP address by MAC address."
So I assume as a result your WRT54G's WAN configuration has been assigned a true public IP and not a private IP such as 192.168.x.x, 10.x.x.x, or 172.16-32.x.x ?
0
 
Rob WilliamsCommented:
If pshoemaker21, is still receiving notices.......
- have come across dozens of article with different folks having problems using an IPSec client behind the WRT54G. If you have the option, try from behind another router. The router itself seems to be the problem, If "enable IPSec" is checked there is nothing more for you to configure.
-f by chance you have the same problem with another router, or perhaps check anyway, make sure the modem is not a combined router/modem providing NAT (Network Address Translation) services. This will be noted by it assigning the connected device a private IP such as 192.168.x.x, 10.x.x.x, or 172-16.x.x  If that is the case the modem needs to be put in Bridge mode.
-If the modemot running NAT, and you have tried another router, you may need to have the CheckPoint administrator look at their configuration of NAT-T at the server end, router.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now