General discussion

Locked

VPN issues with Linksys WRT54GS

By mpennell ·
I have a NetGear ProSafe VPN firewall at my office. I've got a VPN policy up and working and I've tested it from outside the network and I'm able to successfully tunnel in and ping everything in our network and map drives, etc...
However, when I connect to the VPN from home via wireless router (Linksys WRT54GS), I'm able to successfully establish a connection with the VPN but I can't ping anything on the network. The PC I'm testing with is directly wired to the wireless router. I've got all available VPN protocols enabled (IPSec, PPTP, L2TP) on the wireless router. My office IP range is 192.168.1.x. My home IP range is 192.168.10.x. I've got all of the available firmware upgrades for this router. My router setup is dynamic and I have a MTU rate of 1500 (auto). When I take my wireless router off the network, and plug directly into my cable modem, I can connect and ping everything just fine. It's just the router I'm having issues with. Any ideas out there? I've been working with this issue for almost a month. I've been to Experts Exchange and got no help from there. Thanks for looking!

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to VPN issues with Linksys W ...

are you using the Netgear VPN client software? if so are you using the corect version for the ProSafe appliance.

also, PPTP is VPN and VPN requires port 1723 to be open and mapped to the comp that will use VPN.

Collapse -

by mpennell In reply to VPN issues with Linksys W ...

Yes I'm using the VPN Netgear software to install on the end user machines and it is specific to the firewall.
As far as opening that port goes, will have to open it on the router and then go into the PC and open it as well?

Collapse -

by CG IT In reply to VPN issues with Linksys W ...

I know the ProSafe Software is specific to the appliance. If your using the Netgear FVS 318 appliance there are actually 3 different versions of the 318 and there are 3 different VPN Client programs you can use.

Here's a link to Netgears KB article on which works with which.

http://kbserver.netgear.com/inquira/default.asp?ui_mode=answer&prior_transaction_id=520204&action_code=5&highlight_info=16778126,26,35&turl=http%3A%2F%2Fkbserver.netgear.com%2Fkb_web_files%2Fn101289.asp&answer_id=11160906#__highlight

To gain access to a network via VPN you not only have to make a connection but you also have to get a LAN address so that your on the same subnet. your public address at home is the address that makes the connection to the Prosafe. The ProSafe then authenticates you. Once authenticated the ProSafe then has to provide your connection with a LAN address so that your on the same subnet. This is usually done via DHCP where DHCP has a pool of LAN addresses to use for remote access users. Check your DHCP on the ProSafe to see if DHCP is setup to provide Remote Access users with LAN Addressing.

Collapse -

by CG IT In reply to

also note: when you allow VPN passthrough on your Linksys router web configuration pages, you must also port forward TPC/IP port 1723 to the computer you are using. On the computer your using for VPN access click start, run. type in cmd to open a command prompt. at the command prompt type ipconfig. note the IP address

In the Linksys routers web configuration pages, find the gaming/application page. go to the port forwarding page. type in VPN in the name box. type in the port 1723 in the from and to boxes. choose TPC/IP and then enter IP address [usually you have to enter only the last 3 digits of the address and check the box to enable forwarding. then click the save box at the bottom of the pages. That will forward traffic on prot 1723 [VPN] to the computer your using for VPN.

Collapse -

by CG IT In reply to

if you have the Windows XP firewall enabled on your computer and/or you use a 3rd party firewall on your computer, yes you must also allow port 1723 on that firewall as well.

Collapse -

by CG IT In reply to

last note: verify that your ProSafe firewall has created the WAN miniports for remote access and has assigned LAN addresses from DHCP to those miniports.

Collapse -

by mpennell In reply to VPN issues with Linksys W ...

How do I verify that my ProSafe firewall has created the WAN miniports for remote access and has assigned LAN addresses from DHCP to those miniports?

Collapse -

by dustyD In reply to VPN issues with Linksys W ...

Answers from CG IT are great, but port forwarding only applies to incoming connection RQUESTS, and since you have no problem connecting without the router I don't think the problem lies there. I've used the same setup with Cisco VPN client and WRT54g and didn't have to port forward.

What mode is your router in, Gateway? or Router?

Collapse -

by arbaal In reply to VPN issues with Linksys W ...

HI!

I had same problem with our NetScreen vpn firewall.

I had a working vpn connection but after I have deployed linksys wrt54gs router my VPN connection was somehow malfunctioning...

although the NetScreen-Remote was connecting me to the intranet networks in my company, I couldn't ping any hosts....

after some trial and error tests with this linksys router it turned out that in order to use vpn pass through incorporated in it you have to do two things:

enter the web interface to configure your Linksys router

1) enter the Application and Gaming menu -> Port Forawrding
and enable of forwarding of port range: from 500 to 500 for you computer (you have to enter IP address for this particular host, or subnet).

2) enter the Application and gaming -> Port triggering
enable port trigering for range: from 500 to 500

in both cases use something short as an application name, like VPN (pr anything you want as long as it is a short word).

(PORT 500 is used for IKE key exchange or something like that).

Once you have enabled both options the VPN will work fine!

Cheers!
Marcin

Collapse -

by arbaal In reply to

in my case we are using IPSEC protocol, so in yours there might be a different port range to be used...

you can find the actual port if you turn on logs on Linksys router,
turn on logging incoming and outgoing traffic, try to connect to your VPN, disconnect it, and then check the router's logs for outgoing traffic in the router's web-administration interface.

cheers!
Marcin

Back to Windows Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums