?
Solved

VPN not passing traffic using Verizon Wireless and NCP client

Posted on 2010-09-21
21
Medium Priority
?
1,630 Views
Last Modified: 2012-08-13
Hi,
I am having a problem getting my VPN (Juniper SSG5) to pass traffic when using an internet connection via a tethered blackberry over the Verizon Wireless network.

In the past, I used Netscreen Remote on Windows XP. To get the VPN to work, I had to manually start the Netscreen service after establishing the Verizon connection. It worked great.

Now, I upgraded to Windows 7 and NCP Secure Client. I am having the same problem as before. The VPN will connect, but no traffic is passed. The same VPN profile works fine when I am at home using my cable ISP.

I have tried the following:
1) Internet Connection Sharing
2) Network Bridging
3) Starting NCP services after establishing a Verizon Connection

Any suggestions?

Thanks!
0
Comment
Question by:wn411
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 5
  • 3
21 Comments
 
LVL 2

Expert Comment

by:fs40490
ID: 33729764
Have you looked at the routes after the connection is established?

It sounds as though there is not a route into the VPN tunnel thus your traffic is trying to go out the tethered connection.
0
 

Author Comment

by:wn411
ID: 33730805
Yes I think you are right. What can I do to correct it? When I login to the VPN, I use a private IP on the VPN adapter. This works fine on the connections mentioned above. Is there a way I can fix the route on my laptop?
0
 
LVL 2

Expert Comment

by:fs40490
ID: 33731679
You can open a command prompt as an administrator and add a route.

route add xxx.xxx.xxx.xxx MASK yyy.yyy.yyy.yyy ggg.ggg.ggg.ggg IF zz

xxx is the network you are routing to
yyy is the subnet mask
ggg is the gateway used to get to the network
IF is the interface number if left blank it will try the best interface, zz is the number of the interface

This process would need to be completed everytime your connect the VPN.

Just curious what is NCP?  We have also used NSR in the past but I am not familar with NCP.  There may be an option in there to add a route upon sucessful connection.
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 

Author Comment

by:wn411
ID: 33733793
OK, thanks I am going to try that! Thanks. Is there also a GUI for this too? I will try command line and report back. NCP Secure Client is the VPN software I am using. They make a generic and vendor specific version. I am using the Juniper version as a replacement for Netscreen Remote as per the Juniper partnership mentioned due to the end of life for Netscreen Remote.
0
 

Author Comment

by:wn411
ID: 33746494
Hi, set a route on the VPN interface to:
private IP, MASK, IP of Verizon Connection.

That did not work. Do have any other suggestions?
0
 
LVL 2

Expert Comment

by:fs40490
ID: 33746605
Does your VPN actually connect?  If it makes the connection, make sure that the IP address the client is assigned to the VPN Tunnel interface is used as the gateway.

0
 

Author Comment

by:wn411
ID: 33774791
Sorry for the delay. Yes, it does connect fine it just does not pass traffic. I am using the same profile as on my old laptop running XP.  I checked the virtual adapter settings and I have the private IP as the gateway. I also tried entering the IP of my internet connection. But that did not work either :(
0
 
LVL 97

Accepted Solution

by:
Experienced Member earned 2000 total points
ID: 33864936
I use the generic version of NCP and find that it handles double NAT arrangements (like your Blackberry connection) very well.  Consider trying the generic version. They have a full function trial period of 30 days. I, too, used Netscreen Remote when I had XP and it could not handle all the connection circumstances that generic NCP can handle.

Also, in generic NCP, I needed to add the server end subnet in the Split Tunnelling setup of the Profile.

... Thinkpads_User
0
 

Author Comment

by:wn411
ID: 33868058
OK, thanks. I am going to uninstall the Juniper version and install the generic version. I hope they can give me a refund in the juniper version if this generic version works.

Yes, I also have the split tunneling in the Juniper version.

I will let you my result shortly.
0
 

Author Comment

by:wn411
ID: 33868261
OK this is working now via the cellular connection! All I need to do is test my normal LAN connection at home and report back. Would also be nice if this worked of my wireless LAN as well. I will let you know! Thanks!
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33868280
Thanks. I only have one profile per client and it works on all connection types. ... Thinkpads_User
0
 

Author Comment

by:wn411
ID: 33869003
OK, now it is not working on my LAN at home. But, still working via the cellular connection. My home LAN uses the 192.168.x.x and my VPN uses 10.0.n.n.  So, I will play with some settings tomorrow and report back. I am using the same profile as well.
0
 

Author Comment

by:wn411
ID: 33869007
BTW, the VPN will connect at home. But, traffic will not pass. Basically the same problem I had on the cellular connection using the Juniper NCP Client.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33869015
Perhaps in this case, use a different profile for home (wired, wireless) and the other one for cellular. Give them diffeent names and then set each one up for its own unique settings. ... Thinkpads_User
0
 

Author Comment

by:wn411
ID: 33870901
OK, this is odd. The connection worked fine over my wireless lan once today when i booted up. Then, it wont work. The VPN will connect, but no traffic will pass. The same profile works fine using the cellular connection. I tried sharing connections, playing with gateway IPs, and disabling zonealarm, I also confirmed I have VPN passthrough enabled on my home router. It seems like a gateway issue? Internal routing issue? I am stumped.
0
 

Author Comment

by:wn411
ID: 33870905
I also tried killing all the NCP services, establishing a network connection, then starting the ncp services. Still nothing. VPN connects. But, no traffic passes.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33870948
I am not sure what to say. You said the Juniper OEM version of NCP works with a standard connection at your home but not tethered to Blackberry. You then said the generic version of NCP works tethered to Blackberry but not over your home connection. That is indeed strange because we would not expect the generic and OEM versions to be too radically different.

There is probably some other routing issue as you say, but it is hard to say what from here and further, I am by no means a routing expert.   .... Thinkpads_User
0
 

Author Comment

by:wn411
ID: 33870989
Yes, you summed it up! Juniper version works over home lan great but not will cellular. Generic works great over cellular and not lan. Yes, I am going to play with this more today and report back.
0
 

Author Comment

by:wn411
ID: 33871639
Thanks I am closing the questions and sending you the points. You solved my problem. Thanks. My new issue is a routing problem that I will post elsewhere. I so like the generic NCP client a lot better.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33871648
Thank you. I like NCP as well. Good luck with the routing issue. .... Thinkpads_User
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question