Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4522
Views
0
Helpful
5
Replies

Cannot access VPN server located behind Company firewall.

Go to solution
cisco_rookie
Level 1
Level 1

‎11-05-2011 07:27 AM

The VPN Server has been created by myself, in my department. I can access this server from any where when I am in my company's network. When I am at home, I cannot even ping the WAN interface of the VPN server. When I try to connect through cisco VPN client, I get the message "Reason 412: Remote peer is no longer responding"

Is the main firewall in my company blocking outside traffic?

Do I need to modify anything in the VPN server?

I have heard about port forwarding but have no knowledge about it. Is port forwarding done on the VPN server or in the main firewall?

Also should I go and ask the system administrator of the company to enable certain ports for the public IP address I am using for my server?

Hope you can help

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to cisco_rookie

‎11-06-2011 02:16 AM

Yes, absolutely correct. Please open ESP protocol, UDP/500, and UDP/4500 for IPSec VPN.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎11-05-2011 06:23 PM

Yes, you would need to configure the following if your VPN server is behind the Firewall:

1) If your VPN server has private ip address, you would need to configure NAT on the firewall to be able to access that vpn server.

2) You would also need to configure the firewall to allow inbound VPN access as normally inbound access through a firewall is blocked by default.

3) Nothing else needs to be done on the VPN server itself if you can already access the VPN via the internal network.

4) I assume that it is IPSec VPN Client, if yes, then you would need the following opened: ESP protocol, UDP/500, and UDP/4500 (this is the default protocols/ports). If you have changed the VPN ports on the VPN server then you would also need to advise the other ports accordingly.

If it is an SSL VPN Client, then by default it uses TCP/443, or unless if you change the default port to other ports.

Hope this helps.

0 Helpful

Go to solution
cisco_rookie
Level 1
Level 1
In response to Jennifer Halim

‎11-06-2011 02:08 AM

Thank you Jennifer,

The VPN server has public IP address for remote users. Currently, I am able to make an http request to this IP. I think this means that port 80 of the IP is not blocked, right?

It is definitely Remote Access IPSec VPN, I have not made any changes to the VPN ports.

I am making a request to the IT department of the company regarding the ports on monday, so, should I ask them to open ESP protocol, UDP/500, and UDP/4500 ?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to cisco_rookie

‎11-06-2011 02:16 AM

Yes, absolutely correct. Please open ESP protocol, UDP/500, and UDP/4500 for IPSec VPN.

0 Helpful

Go to solution
cisco_rookie
Level 1
Level 1
In response to Jennifer Halim

‎11-06-2011 02:27 AM

Thanks a lot Jennifer, really appriciate your advice.

Will inform you how I did.

Have a nice Sunday

0 Helpful

Go to solution
cisco_rookie
Level 1
Level 1
In response to Jennifer Halim

‎11-07-2011 03:04 AM

It Definitely worked out fine.

Thanks a Lot

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents