VPN+Linksys+TerminalServer=Trouble

[nobeta]

I am connecting to a Netscreen 25 using Netscreen Remote8.0(SafenetRemote) configured for IPSEC with pre-shard key, from a Windows 2000 Client. The VPN is via a Verizon DSL line, using PPPOE. This connection works fine and I can browse the remote network and connect to our Windows 2000 Terminal Server. The problem occurs when we add a Linksys Befsr41 Router on the client side. At this point we can establish the VPN and ping the remote network (including the Terminal Server), however, we can no longer connect to the Terminal Server. It appears to be a Linksys issue as it works without the Linksys. A PPTP connection will work through the Linksys to the Terminal Server, however this is not an option. I have tried various port forwarding and port triggering settings in the Linksys box, including forwarding the ports for Netscreen Remote and Terminal Server, but this has had no effect. Have also tried removing the check for IPSEC passthrough and I upgraded the firmware to version 1.44.2, Dec 13 2002,this is the current version. Any other suggestions would be greatly appreciated? I have read in this forum that the Netgear is a better box for IPSec. Has anyone tried this with Terminal Server?

 

[Niall22]

We have almost the exact same configuration at our company.
I have set up a Linksys Befsr41 router for a remote office using SafeRemote 9.0 to connect to our VPN (Client machine is Windows XP). I can connect to our Terminal Server without any problems. I did not have to adjust any settings on the Linksys router, I just made sure that IPSEC pass-through was on. I recommend you undo any changes you made and have a close look at the log viewer that comes with SoftRemote to se what is going on. Are you trying to connect more than 1 client through the Linksys router to the Terminal Server?

If so, good luck. I could not get more than one client to connect to our VPN because it requires NAT-Transveral and apparently our Cisco router which is at our main office end of the VPN does not support it.

Let me know if it's multiple clients or just a single client that you are trying to connect with.

Niall

 

[nobeta]

Thanks for the reply. We are only connecting one client through the Linksys. I thing that this particular linksys (befsr41) only supports 1 tunnel. Perhaps this is why you are having your problem. At any rate I just solved my problem. Here is how:
I was able to resolve this issue after determining that the Linksys is what Microsoft refers to as a "Black Hole Router". The fix was to add the dword EnablePMTUBHDetect in the SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] registry key. Refer to Microsoft Knowledge Base Article - 159211.

 

[Niall22]

Good work! This looks like it only affects Windows 2000 and NT machines. Maybe that's why we never experienced that problem due to the fact that our clients run Windows XP.

Niall

 

[Bracer]

I saw that M$FT article on MTU size, and disabled MTU on the Advanced, Filter tab. It cleared up my drive-mapping problem.

 

[nobeta]

Bracer, Is your Linksys set to use PPOE? I tried to disable the MTU, but the Linksys would not let me. I suspect that this was because it sets this automatically when you enable PPOE. The only thing I was able to do as far as MTU was change the size.

 

[blackviper]

nobeta, Check the firmware version. The latest firmware should have a disable option for MTU. The wireless version of this router does for sure.