Solved: VPN-QVPN Problem

Andreas K. · ‎05-23-2020

Dear Cisco Small BusinessTeam

We have a small office network with a Cisco WLAN-N VPN router. From home (or airport, coffee, restaurant, etc.) by a remote PC with the help of the Cisco QVPN Client program can be a VPN tunnel connected to this Cisco-router .

You can ping the public IP (DNS Getway) on the Cisco router from the remote PC. However, the office LAN and the devices are not available.

Interestingly, all office PCs can reach and manage the Remote PC in home or airport, coffee, restaurant, etc. over his public-IP (you find that in router's log).

Of course I want to have everything inversely and reach the devices in the office LAN behind the Cisco-router and control them remotely with the remote PC.

Turning on RIP or turning off firewall in Cisco-router doesn't help.

I thank you in advance for your help.

Reagards,

Andreas

pieterh · ‎05-29-2020

only for the ports you need to make connection.

by default windows-client firewall only allows access from within the local subnet,
other subnets you need to modify the firewall settings.

I suggest lets start with ICMP-echo to ping and maybe port-3389 for remote desktop (if not W10-home)
you need to add the remote subnet to be able to ping the device
if that works, do so for other ports for connections you want to make

View solution in original post

pieterh · ‎05-26-2020

look at this thread that mentions Qvpn is not really so quick.

but your remark: >>> interestingly, all office PCs can reach and manage the Remote PC in home or airport, coffee, restaurant, etc. over his public-IP (you find that in router's log <<

suggests that NO vpn-tunnel exists, as the device is accessible on it's public IP.

(unless you mean private-IP on the public network).

>>> However, the office LAN and the devices are not available <<<

here the local firewall on the LAN devices may block the traffic.

Andreas K. · ‎05-29-2020

Thank you very much Pieterh for the lines.

1.) Yes, unfortunately the tunnel is not set up correctly. I later noticed this in the QVPN log:

2020/05/22 15:14:19 [STATUS]OS Version: Windows XP

2020/05/22 15:14:19 [STATUS]Windows Firewall is ON

2020/05/22 15:14:19 [STATUS]One network interface detected with IP address 192.xxy.yyy.ddd

2020/05/22 15:14:19 [STATUS]Connecting...

2020/05/22 15:14:19 [DEBUG]Input VPN Server Address = zzz.vvv.www.61

2020/05/22 15:14:19 [STATUS]Connecting to remote gateway with IP address: zzz.vvv.www.61

2020/05/22 15:14:24 [STATUS]Remote gateway was reached by https ...

2020/05/22 15:14:24 [STATUS]Provisioning...

2020/05/22 15:14:30 [STATUS]Success to connect.

2020/05/22 15:14:30 [STATUS]Tunnel is configured. Ping test is about to start.

2020/05/22 15:14:30 [STATUS]Verifying Network...

2020/05/22 15:14:34 [WARNING]Failed to ping remote VPN Router!

2020/05/22 15:18:58 [STATUS]Disconnecting...

2020/05/22 15:19:03 [STATUS]Success to disconnect.

There is a lot to read about this problem in the community, but I didn't find a right solution in them.

2.) Should I open ports 443, 60443, 500, 4500 in the firewall of the office PCs?

Thank you in advance for the good advice.

Andreas

pieterh · ‎05-29-2020

only for the ports you need to make connection.

by default windows-client firewall only allows access from within the local subnet,
other subnets you need to modify the firewall settings.

I suggest lets start with ICMP-echo to ping and maybe port-3389 for remote desktop (if not W10-home)
you need to add the remote subnet to be able to ping the device
if that works, do so for other ports for connections you want to make

Andreas K. · ‎06-06-2020

Many thanks again Pieter for the answer. It was absolute helpful. I can on the office LAN only this PC reach, on them I've the ports opened. And that is good so.

Problem is solved. Many thanks.
Andreas

pieterh · ‎06-07-2020

I'm glad it helped you.

Thank you for marking my answer as helpful.