How to solve a VPN configuration problem?

Posted on 2009-04-01
Last Modified: 2012-05-06
I have a wireless router behind a firewall trying to establish connection to outside network with VPN client. The VPN Client authenticates and connects to outside network but cannot remote desktop any system once the connection is established. I can remote desktop to any system if I bypass the firewall. Inside address range at both locations is 192.168.x.x. Any suggestions?
Question by:dyoung22
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 33

Expert Comment

ID: 24039101
Its safe to assume that the firewall at your location is the cause of the issue.  However, it makes little sense that the firewall would allow the tunnel to build, but then deny traffic on the tunnel for 1 specific port since the traffic from your machine is already protected.    

Just to clarify, you are using a client on a PC and not using the firewall for a site to site VPN.  Correct?  

What client are you using and to which firewall model are you connecting?   Cisco? Sonicwall? Other?  


Expert Comment

ID: 24039147
I think the issue is your 192.168.  I assume you are using a 24 bit subnet, so the third octet is needed here. If they are the same how is your vpn connecting?  Is your firewall also your router?  Please provide more detail on your configuration.  Also is the remote desktop trying to connect and failing?  Have you checked your routers MTU?
LVL 14

Expert Comment

ID: 24039755
I think oncalltech is right......if you are using the same subnet at the remote and local ends of the connection this is likely to be the root cause of the problem.  In order to route traffic over a VPN, both sides of the network need to have distinctive address ranges...
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features


Author Comment

ID: 24040345
Thanks for the comments! Sorry for the delay but being new to EE I wasn't clear on how to reply. I was leaning toward the duplicate subnet as being the problem so I'm going to restructure the home network and give it another shot. FYI... wireless router is separate and behind the firewall. I'll set static IP inside (10.x.x.x) on firewall and establish as DHCP server. Will keep you updated and post the configuration if problem persists after the change.
LVL 14

Expert Comment

ID: 24040438
No worries :)

Let us know how you get on!

Author Comment

ID: 24045909
OK... Setup network as a 10.x.x.x network wiping the firewall clean and starting over. Same results... The VPN Client connects but can't access network. I connect PC directly to DSL router and I'm able to access just fine. I'm missing something on the firewall configuration so if you guys can take a look at the attached I would appreciate it.

LVL 43

Accepted Solution

JFrederick29 earned 500 total points
ID: 24059144
The problem is with IPSEC and NAT.  NAT-Traversal (NAT-T) needs to be enabled on the headend VPN server (not your PIX).  If whoever manages the VPN server won't enable NAT-T, you can do the following on your PIX as a workaround.

conf t
fixup protocol esp-ike
access-list outside_access_in permit esp any any
access-group outside_access_in in interface outside

Author Comment

ID: 24059395
Thanks... I'll check the VPN server for NAT-T and establish the workaround this evening if necessary. Stay tuned.

Author Comment

ID: 24067483
NAT-T was already enabled on the headend so I enabled ESP on my end and was successful accessing network resources. Thanks for all the input.

Author Closing Comment

ID: 31565295
JFrederick29... although NAT-T was already enabled on the headend, enabling ESP was right on at my end. Thanks for the solution!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Vpn Server 2012 not working Draytek Vigor 2830 2 66
Dedicated I.P., VPN, both, neither, or what? 12 60
SSIS with VPN COnnection 2 121
RRAS computer has too many IP addresses 24 40
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question