• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1334
  • Last Modified:

Problems with IPSEC VPN clients and certain routers

Our internet/network setup uses a Speedstream 4200 adsl2 modem running in bridged mode, with a netscreen 5GT firewall handling the pppoe authentication and all other routing/firewall policies etc.. Some client pc's inside the LAN use Cisco VPN client with transparent tunneling and IPSEC over UDP to connect to some remote sites. Recently I had to replace the speedstream and I purchased a Netcomm NB6plus4. To my disappointment the cisco VPN connections no longer work. The client authenticates but no network resources are available. I assume the problem is the fact that the netcomm does not support IPSEC tunneling.

What I would like to know is what to look for in a modem which will have the required functionality. I see some refer to "IPSEC passthrough", is that sufficient for my purposes?

Thanks
Craig
0
computron-australia
Asked:
computron-australia
  • 2
1 Solution
 
deimarkCommented:
I tend to find it easier by getting a VPN router that also has a DSL modem built in rather than having a DSL modem in bridge mode passing stuff through to the router, cos as you have found out, some modems don't support all the required pass through.

As you already have a NS5GT I would consider moving to the latest juniper offering with ADSL PIM support, this is the SSG 20

http://www.juniper.net/us/en/products-services/security/ssg-series/ssg20/

Or alternatively, have a word with your Juniper and cisco support company to get a listing of the approved DSL modems that will support all your VPN needs.

HTH
0
 
Sanga CollinsSystems AdminCommented:
Is your new modem also in bridge mode?
0
 
computron-australiaAuthor Commented:
Yes, new modem is in bridged mode. I agree that the combined ADSL firewall would be a better option but at the time of purchase we were not using ADSL internet service. Given the cost involved of replacement I would prefer to find a simple router which works in bridge mode and allows the ipsec tunneling. I think something like the D-Link 504T mayfit the bill but I was really just seeking clarification that the "IPSEC passthrough" functionality is really the feature I need to look for.
0
 
computron-australiaAuthor Commented:
o.k I have done a bit more research on this myself. When the router is operating in bridged mode, it should basically just operate as a dumb modem, meaning that things like ipsec passthrough are irrelevant because all traffic should pass through and be handled by the netscreen firewall. I discovered that the reason the ipsec vpn clients were having problems was because the management IP address of netcomm router was on the same subnet as one of the 2 IP addresses assigned to the PC which I was using to test the VPN. By removing this 2nd IP the VPN clients now work successfuly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now