Problems with IPSEC VPN clients and certain routers

Posted on 2009-12-30
Last Modified: 2013-12-14
Our internet/network setup uses a Speedstream 4200 adsl2 modem running in bridged mode, with a netscreen 5GT firewall handling the pppoe authentication and all other routing/firewall policies etc.. Some client pc's inside the LAN use Cisco VPN client with transparent tunneling and IPSEC over UDP to connect to some remote sites. Recently I had to replace the speedstream and I purchased a Netcomm NB6plus4. To my disappointment the cisco VPN connections no longer work. The client authenticates but no network resources are available. I assume the problem is the fact that the netcomm does not support IPSEC tunneling.

What I would like to know is what to look for in a modem which will have the required functionality. I see some refer to "IPSEC passthrough", is that sufficient for my purposes?

Question by:computron-australia
    LVL 18

    Expert Comment

    I tend to find it easier by getting a VPN router that also has a DSL modem built in rather than having a DSL modem in bridge mode passing stuff through to the router, cos as you have found out, some modems don't support all the required pass through.

    As you already have a NS5GT I would consider moving to the latest juniper offering with ADSL PIM support, this is the SSG 20

    Or alternatively, have a word with your Juniper and cisco support company to get a listing of the approved DSL modems that will support all your VPN needs.

    LVL 18

    Expert Comment

    by:Sanga Collins
    Is your new modem also in bridge mode?

    Author Comment

    Yes, new modem is in bridged mode. I agree that the combined ADSL firewall would be a better option but at the time of purchase we were not using ADSL internet service. Given the cost involved of replacement I would prefer to find a simple router which works in bridge mode and allows the ipsec tunneling. I think something like the D-Link 504T mayfit the bill but I was really just seeking clarification that the "IPSEC passthrough" functionality is really the feature I need to look for.

    Accepted Solution

    o.k I have done a bit more research on this myself. When the router is operating in bridged mode, it should basically just operate as a dumb modem, meaning that things like ipsec passthrough are irrelevant because all traffic should pass through and be handled by the netscreen firewall. I discovered that the reason the ipsec vpn clients were having problems was because the management IP address of netcomm router was on the same subnet as one of the 2 IP addresses assigned to the PC which I was using to test the VPN. By removing this 2nd IP the VPN clients now work successfuly.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now