How to solve a VPN configuration problem?

Posted on 2009-04-01
Last Modified: 2012-05-06
I have a wireless router behind a firewall trying to establish connection to outside network with VPN client. The VPN Client authenticates and connects to outside network but cannot remote desktop any system once the connection is established. I can remote desktop to any system if I bypass the firewall. Inside address range at both locations is 192.168.x.x. Any suggestions?
Question by:dyoung22
LVL 33

Expert Comment

ID: 24039101
Its safe to assume that the firewall at your location is the cause of the issue.  However, it makes little sense that the firewall would allow the tunnel to build, but then deny traffic on the tunnel for 1 specific port since the traffic from your machine is already protected.    

Just to clarify, you are using a client on a PC and not using the firewall for a site to site VPN.  Correct?  

What client are you using and to which firewall model are you connecting?   Cisco? Sonicwall? Other?  


Expert Comment

ID: 24039147
I think the issue is your 192.168.  I assume you are using a 24 bit subnet, so the third octet is needed here. If they are the same how is your vpn connecting?  Is your firewall also your router?  Please provide more detail on your configuration.  Also is the remote desktop trying to connect and failing?  Have you checked your routers MTU?
LVL 14

Expert Comment

ID: 24039755
I think oncalltech is right......if you are using the same subnet at the remote and local ends of the connection this is likely to be the root cause of the problem.  In order to route traffic over a VPN, both sides of the network need to have distinctive address ranges...
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Author Comment

ID: 24040345
Thanks for the comments! Sorry for the delay but being new to EE I wasn't clear on how to reply. I was leaning toward the duplicate subnet as being the problem so I'm going to restructure the home network and give it another shot. FYI... wireless router is separate and behind the firewall. I'll set static IP inside (10.x.x.x) on firewall and establish as DHCP server. Will keep you updated and post the configuration if problem persists after the change.
LVL 14

Expert Comment

ID: 24040438
No worries :)

Let us know how you get on!

Author Comment

ID: 24045909
OK... Setup network as a 10.x.x.x network wiping the firewall clean and starting over. Same results... The VPN Client connects but can't access network. I connect PC directly to DSL router and I'm able to access just fine. I'm missing something on the firewall configuration so if you guys can take a look at the attached I would appreciate it.

LVL 43

Accepted Solution

JFrederick29 earned 500 total points
ID: 24059144
The problem is with IPSEC and NAT.  NAT-Traversal (NAT-T) needs to be enabled on the headend VPN server (not your PIX).  If whoever manages the VPN server won't enable NAT-T, you can do the following on your PIX as a workaround.

conf t
fixup protocol esp-ike
access-list outside_access_in permit esp any any
access-group outside_access_in in interface outside

Author Comment

ID: 24059395
Thanks... I'll check the VPN server for NAT-T and establish the workaround this evening if necessary. Stay tuned.

Author Comment

ID: 24067483
NAT-T was already enabled on the headend so I enabled ESP on my end and was successful accessing network resources. Thanks for all the input.

Author Closing Comment

ID: 31565295
JFrederick29... although NAT-T was already enabled on the headend, enabling ESP was right on at my end. Thanks for the solution!

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OpenVPN Access Server in EC2 Connectivity Issues 1 57
Adding VPN user with Cisco RV110W changes IP address 7 52
2012 r2 branch office DNS 2 47
vpn to Azure 2 18
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question