General discussion

Locked

VPN Connectivity problem

By stergios_nik ·
Hello.

A staff member wants to access a VPN protected web site in order to download some articles but there is a connectivity problem between our LAN and the protected web site.

Professor gets the following error message while trying to connect after installing the CISCO VPN client:
"Secure VPN connection terminated locally by the client. Reason: Unable to contact the security gateway."

Everybody is using fake IP addresses inside LAN.

Every gets internet connection via PROXY server PC that is using a REAL IP.

We need around 30 concurrent VPN connections but the internal PCs must have fake IPs.

Any ideas how can I implement a cheap VPN solution in order to avoid buying a firewall device?

Could you provide some cheap VPN product web links that solve this problem?

Thank you in advance.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by curlergirl In reply to VPN Connectivity problem

If you are using a proxy server, the chances are that some of the ports needed to allow the Cisco client to communicate with the external VPN server are closed on the proxy server. This is assuming that your internal workstations can access other Internet sites without any problems. I'm just a little confused by your use of the terminology "fake" IP addresses. Do you mean private IP addressing, like 192.168.x.x or 10.x.x.x? If so, that's OK, but if you are using some other subnetting that may be in use in the "outside world", this could cause connectivity problems. I would check out the port filtering on your proxy server, though, as this is the most likely cause. There are several ports you need to have open for Cisco secure gateway connections: ports 1494 for TCP, and port 1604 for UDP, and depending on the configuration behind that gateway, you may need port 256 for TCP, port 259 for TCP and UDP, port 500 for UDP, and port 2746 for UDP. There may be different ports if the web site designer or security person set up something different on their particular implementation. I would recommend checking with them first off to see if they can give you any help on this. Hope this helps!

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by stergios_nik In reply to VPN Connectivity problem

The PROXY SERVER PC is running Windows NT 4.0 and a proxy software program. It has 2 network cards the first is assigned the real IP for communicatign with outside world and the second one is assigned and an internal fake IP.

The gateway used is a CISCO router. Could achieve VPN connection without installing a firewall.

Thank you in advance.

Collapse -

by -Q-240248 In reply to VPN Connectivity problem

There needs to be a device on the "protected" side that terminates the VPN tunnel. You should be able to get through your side with no porblem, even with the proxy.

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by mandar_7 In reply to VPN Connectivity problem

For using any VPN client software, the basic requirement is that the desktop using the client (30 internal PCs) must be able to ping to the internet IPs( for eg. must ping www.yahoo.com , etc)To achieve this you must have atleast a hide NAT for the internal PCs. The Normal MS proxy will not help you. You will require Windows 2000 Server with ISA Server installed in integrated mode (proxy + firewall). Microsoft ISA Server possesses the NAT feature in it.

If don't want to use ISA on w2k , then Use some firewall software on the NT 4.0.

Cheers.

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by Curacao_Dejavu In reply to VPN Connectivity problem

I thought I answered this question already in the past.
Check with the vendor of the software if it's supports vpn connection and how many.
A cheaper solution may be winroute. I know the latest version supports unlimited vpn connections. ISA server supports vpn connections also but is costlier. You can try the internet sharing also of w2k.

Leopold

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by Rasman In reply to VPN Connectivity problem

Personall I would use the Cisco Router to terminate the VPN. Send me the router model and ios version and I'll send you a config.
That's <sh ver> and <show run> on the router
Ras.

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums