[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

How to solve a VPN configuration problem?

I have a wireless router behind a firewall trying to establish connection to outside network with VPN client. The VPN Client authenticates and connects to outside network but cannot remote desktop any system once the connection is established. I can remote desktop to any system if I bypass the firewall. Inside address range at both locations is 192.168.x.x. Any suggestions?
0
dyoung22
Asked:
dyoung22
1 Solution
 
MikeKaneCommented:
Its safe to assume that the firewall at your location is the cause of the issue.  However, it makes little sense that the firewall would allow the tunnel to build, but then deny traffic on the tunnel for 1 specific port since the traffic from your machine is already protected.    

Just to clarify, you are using a client on a PC and not using the firewall for a site to site VPN.  Correct?  

What client are you using and to which firewall model are you connecting?   Cisco? Sonicwall? Other?  

0
 
oncalltechCommented:
I think the issue is your 192.168.  I assume you are using a 24 bit subnet, so the third octet is needed here. If they are the same how is your vpn connecting?  Is your firewall also your router?  Please provide more detail on your configuration.  Also is the remote desktop trying to connect and failing?  Have you checked your routers MTU?
0
 
Roachy1979Commented:
I think oncalltech is right......if you are using the same subnet at the remote and local ends of the connection this is likely to be the root cause of the problem.  In order to route traffic over a VPN, both sides of the network need to have distinctive address ranges...
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
dyoung22Author Commented:
Thanks for the comments! Sorry for the delay but being new to EE I wasn't clear on how to reply. I was leaning toward the duplicate subnet as being the problem so I'm going to restructure the home network and give it another shot. FYI... wireless router is separate and behind the firewall. I'll set static IP inside (10.x.x.x) on firewall and establish as DHCP server. Will keep you updated and post the configuration if problem persists after the change.
0
 
Roachy1979Commented:
No worries :)

Let us know how you get on!
0
 
dyoung22Author Commented:
OK... Setup network as a 10.x.x.x network wiping the firewall clean and starting over. Same results... The VPN Client connects but can't access network. I connect PC directly to DSL router and I'm able to access just fine. I'm missing something on the firewall configuration so if you guys can take a look at the attached I would appreciate it.

eepix.txt
0
 
JFrederick29Commented:
The problem is with IPSEC and NAT.  NAT-Traversal (NAT-T) needs to be enabled on the headend VPN server (not your PIX).  If whoever manages the VPN server won't enable NAT-T, you can do the following on your PIX as a workaround.

conf t
fixup protocol esp-ike
access-list outside_access_in permit esp any any
access-group outside_access_in in interface outside
0
 
dyoung22Author Commented:
Thanks... I'll check the VPN server for NAT-T and establish the workaround this evening if necessary. Stay tuned.
0
 
dyoung22Author Commented:
NAT-T was already enabled on the headend so I enabled ESP on my end and was successful accessing network resources. Thanks for all the input.
0
 
dyoung22Author Commented:
JFrederick29... although NAT-T was already enabled on the headend, enabling ESP was right on at my end. Thanks for the solution!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now