General discussion

Locked

CISCO VPN CLIENT ISSUE

By stergios_nik ·
Hello.

A staff member wants to access a protected web site in order to download some articles but there is a connectivity problem between our LAN and the web site.

We do not have a firewall installed in our environment. Is it possible to connect to their services without a firewall?

We tried to use the Cisco VPN Client CD that was given by them.

We noticed that the VPN connection works from Dial Up because the PC uses a REAL IP but from our inside campus the PC uses a fake IP of type:
192.168.x.x, thus the VPN connection fails.

Staff member gets the following error message while trying to connect:
"Secure VPN connection terminated locally by the client. Reason: Unable to contact the security gateway."

We want 20 PCs to have a VPN connection but we do not use REAL IPs for our internal campus PCs.

The staff member PC connects to internet (via a PROXY software that is installed on another multihommed PC with 2 network cards). A CISCO router connects as to our ISP.

Thank you in advance.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mshavrov In reply to CISCO VPN CLIENT ISSUE

Let me clarify the situation. You don't have Firewall, but you have Proxy. It's almost the same - Firewall checks packets and tracks communication sessions, Proxy checks traffic at application level.

Do your all Internet traffic goes through Proxy server? If so, you should check log files on Proxy server, what it shows on VPN outgoing and especially on returning traffic?

Check if your VPN clients are configured to use TCP port 10000? Also check if you have same settings in Remote Access VPN Server (remote site). It's only way to have VPN traffic through NAT (Network Address Translation).

Good luck,

Michael Shavrov
CCSP, CCNP, CCDP, Security+, MCSE W2K, MCSE+I, etc.

Collapse -

by mshavrov In reply to

If you have more questions, details, or want to follow-up, send me e-mail.

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by -Q-240248 In reply to CISCO VPN CLIENT ISSUE

WHat does that mean "a protected website"? Do you understand that with VPN, you're creating a tunnel between the two sites, so that you have a client on one end and a VPN terminating device on the other? I don't believe VPN is your answer. What is the "protection" on the website end? Maybe it's just SSL?

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by stergios_nik In reply to CISCO VPN CLIENT ISSUE

This question was closed by the author

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums