VPN issues, sigh, I know these questions abound but...

[MaxBurn]

I am having problems with my corp laptop (win 2000) connecting to my companies VPN through my shared internet connection in windows XP. With the laptop connected directly to the cable modem everything works fine either through the VPN or normally, so it's my problem i guess.


The weird part - I can connect with the VPN through my ICS computer and even ping sites like lycos and google through it, but anything that sends data to my laptop just stops. IE hangs saying waiting on web page, and my corp exchange mail server starts it's process, connects, sends mail even and then locks up on receiving mail.

XP box is SP2 with ICS (internet connection sharing) and ICF (firewall) running. ICF only running on the public ethernet card. I turned off ICF and got the same results. My VPN says it uses TCP 7000 so I went into ICS advanced settings and added TCP 7000 to go to my laptop IP address, which wound up with the same result. I even added TCP 7000 to ICF to be passed through, still nothing.

You guys have been a big help in the past, I hope you can come through again. Incidently I was doing the same thing under 2000 server routing and remote acess with no problems or special configuration to get this VPN to work and never had a problem with it.

 

[ddrueding]

From what I've gathered, VPN uses more complicated stuff than just ports; you need to have PPTP(?) forwarding enabled. See if you can set the ICF to specifically allow VPN connections.

 

[MaxBurn]

ddrueding: There are no settings that mention VPN specifically. I did make a couple entries to pass port 7000 as listed in the VPN app.


Hmm, I read the FAQ on the VPN software I am using and it says I should be able to connect through ICS. What is says works is exactly what I am doing.

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_qanda_item09186a00801c2dbe.shtml#q12



This entry into the FAQ intrests me but I am unable to get in because I didn't buy this software, can anyone read this solution for a workaround with windows stateful firewall?

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_qanda_item09186a00801c2dbe.shtml#q19

 

[Pradeep]

This entry into the FAQ intrests me but I am unable to get in because I didn't buy this software, can anyone read this solution for a workaround with windows stateful firewall?

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_qanda_item09186a00801c2dbe.shtml#q19

Sounds like they fixed the issue with the latest update to the Cisco VPN client software, Im sure you can get a copy from your work's sys admin?

 

[Pradeep]

Easiest solution would prob be getting a Netgear router for I believe $10 after rebate, and forgetting the horrors of ICS forever. But having the latest client would still be a good idea.

 

[MaxBurn]

I was doing it this way because I run a webserver, FTP and like to connect to the machine remotely to do things while I am away. Thought it would be easier to fix what's wrong with the VPN than go through all the hassle of getting the system to do these things behind a router.

One more tidbit: I turned off ICS and did the default install of wingate, got the same result.

What is the difference between routing and remote access under 2000 server and ICS? I didn't do any special configuration in routing and remote acess and it worked there. Might have to go back if this doesn't work.

 

[ddrueding]

Going back is clearly the wrong solution. Hosting a webserver, FTP, RDC, whatever behind a router is really, really easy. Do it and thank yourself in all the time you saved from reconfiguring a computer.

 

[MaxBurn]

ddrueding: Ok I guess I will open myself up to that option. Have a suggestion on a router that will do the above and isn't a pain to deal with?

 

[Pradeep]

Before you change all your config around, have you tried the latest Cisco client? It's 4.0.5 I believe. Undoubtedly they fixed issues with SP2 firewall.

 

[time]

DrayTek 2104p

$31 for a surprisingly competent router/firewall that only lacks URL/content filtering and VPN endpoints. It's easier to configure for servers than Netgear, has multiple choices for Dynamic DNS that - unlike Linksys - actually work, and throws in a parallel port print server as a bonus. It definitely supports VPN passthrough, and of all the low to medium cost routers, is the only one that might support multiple passthroughs (I haven't tested this).

I actually have one here because it was cheaper than a standalone print server. However, it also performed just fine connected to a cable modem as our main router. If it had a USB printer port, it would be hard to beat.

Download the manual from any of the DrayTek sites to get a feel for the interface. It's not as pretty as the Netgear equivalent, but there's a lot more functionality.

Alternatively, $10 for a Netgear sounds good. Which one, Pradeep? There's an out-of-date list of Netgear routers with VPN passthrough here.

 

[Pradeep]

The Netgear 814, from Amazon IIRC.

 

[MaxBurn]

Time: Have you ordered from them before? They aren't even on reseller ratings..

 

[time]

I haven't ordered from them (wrong country). I think they're primarily a distributor:

http://www.draytek.us/html/distributors.html

Guideband has them for $40. There are others, but they're value-added resellers concentrating on the more sophisticated models.

 

[time]

Incidentally, what makes you think the VPN is using port 7000?

 

[MaxBurn]

Good question.

Under the Transparent Tunneling option it says it's using the option for IP sec over TCP with a box that has 7000 filled in. There is another option for IP sec over UDP (NAT/PAT) with no port listed. In the old version neither one made a difference for my problem but....

Good news: I was able to talk to the IT guy as I'm at the home office on business this week and they gave me version 4.0.3 of the Cisco VPN client, so that might fix me too. It also has an option for local LAN access now but I don't know what that is for.

So I will give it another go and maybe be buying a router soon.

 

[MaxBurn]

Great news - the new VPN client fixed it for me. Happy day.