• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 728
  • Last Modified:

Cannot access a network using cisco vpn client from behind a firewall, connection ok, but no access to content on network

I am having trouble connecting to a cisco vpn using client version 5.0.01.0600 from behind a firewall. The connection appears to connect and i am assigned an ip address, but i cannot browse to any ip addresses behind the firewall.

I am running vista on a pc in a SBS 2000 environment using the inbuilt software firewall and a binatone router.

I have opened ports 500 and 4500 on the router and the firewall as i read these were the ports the VPN client uses for traffic, but still no joy.

Any help or advice gratefully appreciated!
0
simplethinking
Asked:
simplethinking
  • 4
  • 4
  • 2
  • +1
1 Solution
 
Pete LongTechnical ConsultantCommented:
Hello simplethinking,

add the following linne to the config on the cisco firewall

crypto isakmp nat-traversal  20



Regards,

PeteLong
0
 
simplethinkingAuthor Commented:
Thanks for the speedy response pete.

Unfortunately we do not have direct access to the firewall.

Is there anything we can do here to enable the connection??
0
 
Pete LongTechnical ConsultantCommented:
I'm guessing the problem is NAT, short of moving outside of the firewall, theres not a lot you can do
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
btassureCommented:
You could try going into the connection profile properties, then the transport tab and changing the tunneling to ipsec over tcp but I doubt it will work properly. PeteLong is correct that any changes to get it working will likely need to be done on the firewall. Have you got correct DNS servers etc?
0
 
simplethinkingAuthor Commented:
Good morning,

I have done further testing.  The Cisco vpn software connects correctly, once the connection has been established I have tried:
- Pinging the ip address we are tring to reach and get an immediate time out response
- Tracert and this doesnt return anything and eventually times out

This would indicate the problem is an issue with all external IP requests being blocked by our firewall when the Cisco VPN software is active.

Thank you for time and patience,



0
 
btassureCommented:
If it is connected then it is almost certainly a configuration issue either on the servers at the VPN host end or the VPN head end firewall. The local firewall won't block the pings as they are encapsulated into the IPSEC traffic destined for the firewall. The local firewalls will only see encrypted IPSEC packets, not the pings.
0
 
Pete LongTechnical ConsultantCommented:
If a tunnle connect and no traffic passes 99% of the time the problem is NAT - either the Nat 0 command is missing on the Cisco, there is no ACL that matched that NAT 0 command or Nat-traversal has not been enabled
0
 
simplethinkingAuthor Commented:
Hi PeteLong,

Thank you for answers.

 I can successfully connect and browse website on the VPN from my standard home internet ADSL internet connection.  Is the problem being caused by our firewall vs the home connection?
0
 
Pete LongTechnical ConsultantCommented:
If you can connect and browse what is the problem m8?
0
 
simplethinkingAuthor Commented:
Hi PeteLong,

As per the orginal post we can connect the vpn from inside our company network (on my laptop) however when we try to browse website hosted inside that network we get blocked at somepoint.

"The Cisco vpn software connects correctly, once the connection has been established I have tried:
- Pinging the ip address we are tring to reach and get an immediate time out response
- Tracert and this doesnt return anything and eventually times out"

If i connect to the vpn from home (on the same laptop) the vpn connects fine and I can browse the internal website without any problems.

The issue is we need the vpn and browsing to work from inside our network.
0
 
Tachyon_1Commented:
I'm not sure why you would run the VPN when you are inside the network, but anyway...

Have you tried enabling the "Allow local LAN access" option from the Transport tab of the VPN client "modify configuration" menu?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now