VPN over ISDN

[934]

I really could use some advise on this one. Have been trying to setup a VPN connection from a SOHO to a corporate network. The small office network has four PCs running W2k and two W2k servers. The connection to the ISP is done using ISDN. I believe the hardware piece of the puzzle is where the problem lies. The ISDN router must also support voice (pots) on at least one port. Have attempted to use a 3com Lan Modem 3C8952A, Asend pipeline 85 and a Cisco 804, none of which worked. Each allowed internet browsing but when attempting to make the VPN connection, a "bannersock" error was returned. I understand a bannersock is usually a timeout error that is most often associated with a closed port. My corporate network requires IPSEC and here is what I understand IPSEC requires:
IPSEC-AH Authentication Header Protocol (UDP 33)

IPSEC-ESP Encapsulation Security Protocol (UDP 32)

IPSEC-SKIP Simple Key Management for IP (UDP 39)

IPSEC-IKE Internet Key Exchange Protocol (UDP 500)

My ISP claims to not block any of these ports.

If anyone has an existing configuration working or some good advise, I'm open to any suggestions. This one has gotten the best of me.......

Thanks, Mike

 

[jbonn]

You need to enable ipsec pass-through on the router. The router firmware needs to be able to support the ipsec protocol.

 

[934]

Yes but what ISDN routers will support the IpSec feature. None of these routers did. The Cisco 804 should have but Cisco support reported it did not. Maybe IpSec was an additional feature I needed to purchase. I am using Nortel Extranet V2.6 for my VPN client....I do appreciate any input.... Thanks, Mike.

 

[CTRoche]

No, the router doesn't actually have to support IPsec, it just has to allow the ESP packets to be passed through. ESP is a protocol type at the same level as TCP or UDP, and older firmware variants won't let packets of this type be routed. A firmware update should allow this, and then your client should work normally.