cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
355
Views
0
Helpful
4
Replies

VPN 3015 - VPN Client 3.63 Access from behind a firewall (Home Users)

smartin
Level 1
Level 1

I'm starting to see home users adding wireless routers in order to share access to their cable modem. What ports do they need to open for the VPN client to work.

Does Cisco have a white paper on this issue ??

4 Replies 4

mostiguy
Level 6
Level 6

They shouldn't need any. Just enable the UDP encapsulation (now might be called NAT traversal, as it is a draft IETF standard) feature, and everything should just work.

You might have some hiccups in the following situations:

1. some routers have IPSec pass through features that anticipate a pure IPSec connection, and not a NAT-T one (NAT-T is simply IPSec encapsulated in UDP packets). These might get annoying.

2. Some ome users will go wireless, and might install a wireless nic after the vpn client - this might not work as the deterministic network enhancer component might not get installed for that particular nic

3. Some routers have responses to ping requests blocked - this might break the isakmp keepalive (dead peer detection - stop connections from terminating). I just heard about this, need to do more research.

You might want to take it upon yourself to announce a recommended router. I disavow supporting any of them, but I still occasionally have to field questions. I have a small highly technical user base those (software architects and engineers), so it isn't too painful. Your mileage may vary.

My problem seems to be with Linksys. I user is using model BEFW11S4. The firmware version is 1.45.3 (Latest). Tried enabling IPSec passthrough & Port Triggering (Port 47, 1723 & 500). The VPN client connects but can't connect to any internal sites.

I have a user with the same problem. I cannot get him to bring in the device, so I have hit the wall with what I can do. Again, I don't officially support those devices, so they are on their own.

Linksys recommends the following

"Try adjusting the MTu settings of the router on the router's configuration page, click on Filters go to the bottom of the page, enable MTU. And try to assign values such as 1370 or 1382 or 1400 or 1450 or 1492 and see which has the most stable connection. To be sure, try to inquire the MTU value that your ISP uses."

I'm also going to have my user update to the latest VPN client 4.0.2 (D)

I should have the results by tomorrow