Cant connect to VPN through XP desktop with ADSL

[Pete999]

I have a small network at home with 2 laptops and a desktop. These are connected with a Linksys BEFW11S4 Wireless router/4 port switch. The desktop is connected to the internet via a USB Fujitsu ADSL modem and the other machines access the Internet via the Linksys -> Desktop -> Fujitsu Modem -> ADSL -> Service Provider. Most of the time the laptops are directly connected to the Linksys, but sometimes via a wireless PCMCIA card.

It all works fine except when I try to connect my laptop to my work VPN using a the provided Contivity client V04_15.14.

As a workaround, if I plug the Fujitsu modem in to my laptop directly and connect to my service provider from my laptop then use the Contivity Client to connect to the work VPN its connects fine, but then the other machines on my home network loose their Internet access.

I have tried turning off the standard XP firewall on my PC to ensure it isnt the firewall so I can only presume its something to do with the routing on XP? Can anyone help?

TIA

 

[joelsatt]

Do you have an option in the Contivity Client/Central Server to turn on IPSEC over UDP/TCP - i.e. IPSEC thru NAT ?

 

[Pete999]

I do not have access to the central switch configuration and there does not appear to be any way to turn on: "IPSEC over UDP/TCP - i.e. IPSEC thru NAT" as the client side options appear quite limited. I know that someone else at work has the connection routing successfully via a USB ADSL modem through a Linux box so I assume that it is something to do with the XP desktops configuration. So what is XP doing when routing the packets?

 

[John Lewis]

You haven't said how you know it doesn't work. Do you get an error message, or are you just not able to connect to anything past the vpn server? The more specific you can be, the better your chances for a resolution.

 

[Pete999]

Apologies for not being clearer - I can tell that it doesnt work as it will not connect, the connection times out as if it cannot see the VPN switch at the other end (and I get an error from the contivity client saying that it couldnt connect), however I can ping/tracert the IP of the other side successfully.

 

[John Lewis]

I didn't pay attention to the first post . . . . You need to get your XP desktop to forward the VPN traffic to your laptop. Haven't done it on XP, but look at this

http://support.microsoft.com/default.aspx?scid=kb;en-us;309524

The directions indicate that it is for a server, but it should work for a client as well, except I'm not sure which ports Nortel uses. It seems to me like the one in the doc is right, though. Try it and post back.

 

[VPNing]

Typically you need to do a couple of things. First and foremost, update the firmware on your Linksys. That will fix a lot of little problems such as yours. The other thing you want to do is verify what your vpn is using like IPsec or PPTP. Then go to the advanced tab on your Linksys and make sure that IPSec passthrough is enabled.

 

[Pete999]

Thank you all for your suggestions which I have tried:

1. I have upgraded the firmware: now on 1.44.2z (Dec13 2002).
2. I have confirmed that both the PPTP and IPSec passthrough are enabled on the Linksys
3. I have tried getting my XP desktop to forward traffic to the laptop as described, (but my understanding of this is for inbound traffic rather than sessions initiated internally and therefore really designed if I was running the VPN server internally on my network at home - Please correct me if I am wrong though). I have also (in line with this suggestion) set the Linksys to forward the same ports as specified in a LinkSys knowledge base article.

But it still doesnt work and I get the same server not responding error. Any other suggestions before I need to start getting into network sniffer territory (something I dont know an aweful lot about)?

 

[sydlow]

Pete

Email me at sydney_harlow@yahoo.com with your phone number. I will give you a call (if you want) to help you.

 

[John Lewis]

Duh! The answer is in your first post, just overlooked the obvious (maybe). You didn't say if you could connect to the internet when you connect your laptop to your home network. (Won't mention that I didn't ask.) I am guessing that you can't. If you can, kinda eliminates the easy route, but post back and we'll try again.

Do you change your 'default gateway' when you move from plugged into the modem to the network? When plugged into the modem, your default gateway should be set to your ISP's gateway (possibly by the ISP through DHCP). When you plug into your home network, your gateway should be set to ip of your desktop that is handling ICS/NAT. If you move around often, it would be possible to set up a batch file to automate the process.

Hope I'm on the right track this time. Post back and let me know. Good luck!

 

[Pete999]

Sorry, its not that easy. When I am connected internally I can access the internet fine from the laptop, and my girlfirend who uses a different VPN solution from her laptop to her company can VPN out successfully.

I did try running a network sniffer yesterday during an attempted connection (without really knowing what I was looking for), but I could see a UDP outbound connection to the VPN address on Port 500. There were then a number of frames being sent and received from the desktop but nothing else getting back to the laptop.

I also noticed that I have a second (virtual) network adapter specified on my laptop, its a: Nortel IPSECSHM Adapter - Packet Scheduler MiniPort. (wasnt sure if that might help)

 

[gfloyd]

There is a known issue with the Linksys, Contivity and NAT.
You need to check with your VPN admin to see if he is using NAT Traversal. Normally this is on port 10001 and is available on Contivity Server version 4.5 and later. This is not the client. It is set on server side IPSec Groups.
IPSec does not like NAT since it changes the IP header. The industry recognized this and make changes to fix this with NAT Traversal.

 

[sandy71]

I have problem connecting to my VPN through the router. I can connect to my VPN through the modem but not through the NETGEAR router. Through the router I can connect to the internet but not to my VPN. My wife has no problem connecting to her VPN through the router. We both use XP on our laptops. Prior to using XP I used to be able to logon to the VPN using my router. I was wondering if you have an answer to this problem yet.

Thanks

 

[Pete999]

I am sorry to say that I have not been able to resolve this problem - perhaps it is down to the NAT traversal issue described by GFloyd or perhaps it is something else. If anyone finds a resolution to a similar problem then I would be very keen to hear about it.