Link to home
Start Free TrialLog in
Avatar of Nick Denny
Nick DennyFlag for United Kingdom of Great Britain and Northern Ireland

asked on

VPN through roter

Hi experts.

I have just installed a simple ADSL modem/router (Linksys WAG354G) for my brother-in-law in his home office.

He has a laptop on a docking station (work- XP pro) and another laptop for general family use.

He is on a dynamic IP from his ISP.

He uses SonicWall to VPN to his company intranet. However, since installing the router he cannot connect to it.

Rest of access to internet etc is fine.

If we reconnect back to the original USB ADSL modem, he gets back onto his company intranet just fine.

I have disabled the firewall in the router, statically assigned an IP to his laptop [work] and placed it in the DMZ and allowed all VPN passthroughs.

So we then phoned his company IT department and they gave us a "not possible from behind a router" answer.

I find this unnacceptable but as I have no experience with SonicWall - I didn't argue with them. But that implies that everyone who VPN's cannot be on a network!!

If it helps, the subnet at his home is 192.168.1.x and the work is 192.168.2.x - so should be no conflict there.
Also, in SonicWall the ports is set to "all" and UDP/TCP is set to "both".

As his company supplies his hardware (except this Linksys router) and software, using a different VPN etc is not a solution.

The obvious workaround is to switch between router and USB modem by just swapping out the telephone line from one to the other - this works but is not really acceptable long term.

Should I be looking for router configuration or changing some setings in SonicWall (not sure how his IT dept would like the latter option!!)?

Many thanks

Nick
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Nick, how does he connect to the Sonicwall VPN at the office ? Is he using a VPN router at home or the SonicWall VPN software client on the laptop?
Also are there any other devices between the modem and the laptop such as another router, Sonicwall or otherwise? If so, the new Linksys will have to be put in Bridge mode.
For the record some VPN's do not support NAT (network Address Translation) i.e. behind a router, but to the best of my knowledge you should be able to do this, if configured correctly.
--Rob
Avatar of Nick Denny

ASKER

Hi again Rob - thx for reply.

I'm not sure what's at HQ, he uses SonicWall client on his computer (not sure which version but it's NOT the pro).

The router is not a VPN router but allows passthrough.

The router is a combined ADSL modem and router so there's nothing between it and his computer.

i.e. ADSL line--> Linksys --->laptop

Would it help to know what hardware/software is at the office? I could maybe find this out but not sure how co-operative his IT dept would be.

Many thanks

Nick
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dutchclan
dutchclan

According to the linksys documentation it supports "VPN Passthrough" and if you are indeed using a "client" to setup a vpn connection to be treminated somewhere in the remote network it should work fine. If you are actually trying to setup a "tunnel" in a N2N vpn construction wich is obviously not supported by that type of router.

* All Linksys routers support VPN pass-through connections, and have this feature enabled by default (linksys docu)

* Linksys routers that support creating VPN tunnels as well as acting as VPN endpoints are listed below: (linksys docu)

BEFSX41
BEFVP41
WRV54G
RV042
RV082
RV016
WAG54G
USBVPN1

next to that the documentation on the sonic wall vpn client also names a "log viewer"
http://www.sonicwall.com/support/pdfs/Sonicwall_GVC_3.1_Administrators_Guide.pdf

Wich might be a big help if you could just hand out the "errors" named there...

Regards,

Chris Gralike
@ Rob - thanks again.
I will have to check with him hopefully tomorrow to see which encryption they are using.

@ Chris - thanks for help.
All passthroughs are set to "enabled" - as we should only need a passthrough.
I already got that pdf guide, i'll look through it some more.

But to double check  - even before the IT dept knew what type of router he had - they immediately told him it was not going to be possible.
Awkward dept?
Or have they called this one correctly?
I still can't believe that all their field techs, sales guys etc (they are an international company), cannot connected when behind domestic type routers....
I will ask my brother-in-law to do some more digging...
>>even before the IT dept knew what type of router he had - they immediately told him it was not going to be possible.
.....Or have they called this one correctly? "
Very possible they are right on this one. NAT is a standard feature of every small office or home router today, and the compatibility of a given VPN configuration with NAT is a very common parameter. I must say most VPN's will work behind a router as this is necessary for traveling sale staff, but not all VPN's work with NAT, or it may  be it is not configured to work with NAT, and some routers themselves are the problem. Your router manual specifically states VPN's using protocol 51 will not work. Many other routers do not seem to have this limitation.
>> Awkward dept?
>> Or have they called this one correctly?

Well im on "that" kind of an department too, And must say that we are limitted to the "SLA`s" internally as well as customers related. If we where to also support every problem that might occur at home or some remote office our employees are working at we wouldnt have any time to concern ourselfs with our own backend / network.

If i would have gotten this question allready stating it "doesnt" work the chance is 80% that the router doesnt support that feature. For this case we have a list of "home routers" for our employees of wich we know it will work with our VPN sollution, and the SLA states that if it`s not a router of that list we just dont support it even though we could..

So as many questions this one also has two sides, and thus i just ask you to respect these people to, even though they didnt help you out ;-)

Regards Chris
@Rob - I have aksed my bro-in-law to ask his IT dept the type of protocols used.

I spoke to him earlier and he has not had a chance to speak to his IT dept yet, although he says they are usually very helpful.

So if you could bear with me until next week hopefully we will have more information.

@ Chris - thanks for your comments, although I think you are missing the point.

When I say "awkward dept" - i am referring to the technical issues here, insofar as
(a) is it a case of they don't have the time or the inclincation to help an employee who is paid to work from home and thus needs to be assisted, or
(b) is it reasonable to suggest that on some systems there is no way to access the company intranet through a VPN when behind ANY type of router? (I say any type of router - as the question of make/model was never even raised).

(On a side note, I too fall into the category of "these people" and understand where you're coming from).

Thanks again.








seriousnick, no rush on my part, I'm always more curious as to the ultimate solution.
Have a great weekend !
--Rob
I'm sorry that I have not replied. My bro-in-law cannot seem to get the information, but from what I have read, I think you are right Rob.
It seems they must be using the AH protocol.
I will try him again and hopefully post back next few days.
Thanks

No problem seriousnick. Appreciate the update. Let us know how it goes.
--Rob
I'm really sorry guys but I'm not getting any feedback so it seems my bro-in-law isn't that bothered anymore.

I think you have hit the nail on the head tho Rob insofar as it really does seems like incompatible protocols (although I would have liked to prove this for future reference).

I think its fair to award you the points.

Thanks again.
Thanks seriousnick, to bad, I know it's always nice to know what the ultimate resolution is for any problem.
Cheers,
--Rob