[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Problems with IPSEC VPN clients and certain routers

Posted on 2009-12-30
Medium Priority
Last Modified: 2013-12-14
Our internet/network setup uses a Speedstream 4200 adsl2 modem running in bridged mode, with a netscreen 5GT firewall handling the pppoe authentication and all other routing/firewall policies etc.. Some client pc's inside the LAN use Cisco VPN client with transparent tunneling and IPSEC over UDP to connect to some remote sites. Recently I had to replace the speedstream and I purchased a Netcomm NB6plus4. To my disappointment the cisco VPN connections no longer work. The client authenticates but no network resources are available. I assume the problem is the fact that the netcomm does not support IPSEC tunneling.

What I would like to know is what to look for in a modem which will have the required functionality. I see some refer to "IPSEC passthrough", is that sufficient for my purposes?

Question by:computron-australia
  • 2
LVL 18

Expert Comment

ID: 26152400
I tend to find it easier by getting a VPN router that also has a DSL modem built in rather than having a DSL modem in bridge mode passing stuff through to the router, cos as you have found out, some modems don't support all the required pass through.

As you already have a NS5GT I would consider moving to the latest juniper offering with ADSL PIM support, this is the SSG 20


Or alternatively, have a word with your Juniper and cisco support company to get a listing of the approved DSL modems that will support all your VPN needs.

LVL 18

Expert Comment

by:Sanga Collins
ID: 26158435
Is your new modem also in bridge mode?

Author Comment

ID: 26166496
Yes, new modem is in bridged mode. I agree that the combined ADSL firewall would be a better option but at the time of purchase we were not using ADSL internet service. Given the cost involved of replacement I would prefer to find a simple router which works in bridge mode and allows the ipsec tunneling. I think something like the D-Link 504T mayfit the bill but I was really just seeking clarification that the "IPSEC passthrough" functionality is really the feature I need to look for.

Accepted Solution

computron-australia earned 0 total points
ID: 26173992
o.k I have done a bit more research on this myself. When the router is operating in bridged mode, it should basically just operate as a dumb modem, meaning that things like ipsec passthrough are irrelevant because all traffic should pass through and be handled by the netscreen firewall. I discovered that the reason the ipsec vpn clients were having problems was because the management IP address of netcomm router was on the same subnet as one of the 2 IP addresses assigned to the PC which I was using to test the VPN. By removing this 2nd IP the VPN clients now work successfuly.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month20 days, 8 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question