Results 1 to 9 of 9

Thread: VPN thorugh a wireless DSL router

  1. #1

    VPN thorugh a wireless DSL router

    Hello Ladies and Gents,
    Interesting problem here. I have a laptop running Windows XP home edition using a Cisco VPN client that is punching through a wireless Linksys 4 port DSL router. For some reason the client will authenticate but then drops right after the connection has been made. "Remote Peer Terminated Connection” My question is, does anyone know of any issues with using VPN clients through a wireless DSL modem? I have verified all local application and service settings on the laptop. I have also verified all the settings on the network side. This laptop has no problems going through the ISP to gain net access. I have googled the question and found less then desirable results. If anyone has any hints or suggestions it would be appreciated! I will continue to research this issue. Thanks in advance for your help!

    Captfb
    [glowpurple]\"I like to think of myself as a sensitive inteliigent person with the soul of a clown that forces me to blow it at the most important times.\" Jim Morrison[/glowpurple]

  2. #2
    Member
    Join Date
    Jun 2002
    Posts
    44
    What type of device are you connecting to on the other end? Concentrator, Firewall, Router?
    Os1LaYr5

  3. #3
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    We have been having similar problems with the Cisco VPN Client and wireless networks with XP. We haven't really pegged the problem down, but it seems to be that sometimes it is the router blocking needed traffic, sometimes it's the fact that the client was installed while AV or a personal firewall was running on the machine, and sometimes it's the wireless card itself - there may be a compatibility issue. I can't remember which ones we were having trouble with as I was not involved too much with it at the time, but DLINK and Linksys seems to work even on XP if I remember correctly. I'm not sure though. I will see what I can find out, but make sure that the client's traffic (inbound and outbound) is not being blocked. Also, make sure you install it with antivirus software and personal firewall software turned off. Let me know what happens. Also, make sure that the IPSec policy agent service is disabled. The VPN client software does this by default, I believe, but make sure.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  4. #4
    os1- firewall then authentication server/secure ID service, t2k2- thanks for the suggestions I made sure that the IPSec policy agent is disabled. I know that the laptop is running Norton AV. The router and laptop are off site and I am not sure if any of the inbound/outbound traffic is being blocked at the router level. Thanks for the help!
    [glowpurple]\"I like to think of myself as a sensitive inteliigent person with the soul of a clown that forces me to blow it at the most important times.\" Jim Morrison[/glowpurple]

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    This has been an issue with VPN's for quite some time, and the problem lies within the fact that many vpn's will not support a connection from behind a NAT address unless the device supports UDP encapsulation for the VPN. One thing you may want to try is connecting the machine on a network that is capable of direct untranslated communication with the VPN gateway. If it works, you know for sure wherein the problem resides.

    If you still can't connect even from a public IP, the problem may reside with your ISP. Many ISP's still block UDP-500 (IKE) on there networks unless you subscribe to a business-level package because the consider a VPN a business use. Are you using an IKE VPN?

  6. #6
    Member
    Join Date
    Jun 2002
    Posts
    44
    i didnt see a mention of using NAT, but if you are like invictus said, it wont work. You need a static address from the provider. I havent tested XP and the VPN client over a wireless connection, I have with other o/s and it worked fine.
    i am also going to assume that this works for other people and its just a problem with this particular user to rule out a firewall issue.
    If you have access, have you tried checking the debugs from the Firewall?
    Os1LaYr5

  7. #7
    iNViCTuS-- from what I can tell we do use an IKE VPN but how would a verify this? Is an IKE VPN dependent on the client software as well as the network hardware we use? I will contact the ISP to see if they restrict UDP-500. os1--I will be visiting this user and I will view the debugs from the firewall. He is pulling a static IP and we are not using NAT that I know of. We also are thinking of having this user just go through a normal dsl modem. Thanks to all for the help!

    Captfb
    [glowpurple]\"I like to think of myself as a sensitive inteliigent person with the soul of a clown that forces me to blow it at the most important times.\" Jim Morrison[/glowpurple]

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Just a old hat thing here, I'd do a frequency scan and make sure there is not some RF interference source, power supplies, lines, emote car key system. Wireless is good but so much is now that way and old systems bleed RF big time.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    If you are using a wireless router for a DSL connection, I would say there is about a 95% chance that you are using NAT. Most DSL providers will not allocate public IP's unless you pay for them seperately, and also many ISP's don't even have the option of requesting additional IP's. THe public IP they give you is taken by your DSL router, and therefore you have to use NAT or more commonly PAT (port address translation) for additional machines inside the network, in which case you will have VPN problems.

    So os1, you are correct in the fact did he did not specifically mention NAT. It was an assumption on my part based on many similar experiences in the past with VPN's and DSL routers.

    captfb, you should be able to tell what kind of VPN (likely IKE) in the client configuration properties. It may also help if you could say what kind of VPN device you are trying to connect to. If it is a Cisco (which I am assuming) the easiest way to troubleshoot it woud be to call TAC 800-553-2447 (as long as you have a valid support contract). Unless of course you want to give me access to your VPN concentrator . Which I wouldn't recommend.

    Hope this helps at least a little

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •