How to solve a VPN configuration problem?

I have a wireless router behind a firewall trying to establish connection to outside network with VPN client. The VPN Client authenticates and connects to outside network but cannot remote desktop any system once the connection is established. I can remote desktop to any system if I bypass the firewall. Inside address range at both locations is 192.168.x.x. Any suggestions?
dyoung22Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
JFrederick29Connect With a Mentor Commented:
The problem is with IPSEC and NAT.  NAT-Traversal (NAT-T) needs to be enabled on the headend VPN server (not your PIX).  If whoever manages the VPN server won't enable NAT-T, you can do the following on your PIX as a workaround.

conf t
fixup protocol esp-ike
access-list outside_access_in permit esp any any
access-group outside_access_in in interface outside
0
 
MikeKaneCommented:
Its safe to assume that the firewall at your location is the cause of the issue.  However, it makes little sense that the firewall would allow the tunnel to build, but then deny traffic on the tunnel for 1 specific port since the traffic from your machine is already protected.    

Just to clarify, you are using a client on a PC and not using the firewall for a site to site VPN.  Correct?  

What client are you using and to which firewall model are you connecting?   Cisco? Sonicwall? Other?  

0
 
oncalltechCommented:
I think the issue is your 192.168.  I assume you are using a 24 bit subnet, so the third octet is needed here. If they are the same how is your vpn connecting?  Is your firewall also your router?  Please provide more detail on your configuration.  Also is the remote desktop trying to connect and failing?  Have you checked your routers MTU?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
Roachy1979Commented:
I think oncalltech is right......if you are using the same subnet at the remote and local ends of the connection this is likely to be the root cause of the problem.  In order to route traffic over a VPN, both sides of the network need to have distinctive address ranges...
0
 
dyoung22Author Commented:
Thanks for the comments! Sorry for the delay but being new to EE I wasn't clear on how to reply. I was leaning toward the duplicate subnet as being the problem so I'm going to restructure the home network and give it another shot. FYI... wireless router is separate and behind the firewall. I'll set static IP inside (10.x.x.x) on firewall and establish as DHCP server. Will keep you updated and post the configuration if problem persists after the change.
0
 
Roachy1979Commented:
No worries :)

Let us know how you get on!
0
 
dyoung22Author Commented:
OK... Setup network as a 10.x.x.x network wiping the firewall clean and starting over. Same results... The VPN Client connects but can't access network. I connect PC directly to DSL router and I'm able to access just fine. I'm missing something on the firewall configuration so if you guys can take a look at the attached I would appreciate it.

eepix.txt
0
 
dyoung22Author Commented:
Thanks... I'll check the VPN server for NAT-T and establish the workaround this evening if necessary. Stay tuned.
0
 
dyoung22Author Commented:
NAT-T was already enabled on the headend so I enabled ESP on my end and was successful accessing network resources. Thanks for all the input.
0
 
dyoung22Author Commented:
JFrederick29... although NAT-T was already enabled on the headend, enabling ESP was right on at my end. Thanks for the solution!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.