VPN connection over broadband-works on Eircom, not on Netsource

9lives

Hi

Does this make sense to anyone?

I'm trying to connect to my company VPN at home over DSL.

I couldn't get it to work at home but when I brought my PC and router in to work to troubleshoot, they got it to work there straight away. When I brought it back home again it still wouldn't working.

The problem for me is that when I click on "Dial" on the SecuRemote software (and put in my username), it disables the dial button, runs off to do something and then comes back. I click "Dial" a second time and this time it throws back a "specified port not found" or some similar error. As I say, this worked 100% on the work DSL line.

The only difference between my setup at home and the setup in work is the DSL line provider - Netsource for me, Eircom for them. Netsource say that there is no blocking of traffic done and our tech guys indicate that they don't block anything either. They do say that I should set up my router in bridge mode rather than DHCP/NAT which is all well and good but it doesn't explain why it works on an Eircom line and not on a Netsource line.

Has anyone any experience of trying to use VPN in these circumstances?

My router is the Linksys WAG54G

Attached is the router error log at the time that I'm trying to log on to the VPN at home.


Thanks
9lives

Dyr

What version of SecuRemote are you using? Prior to the latest version (NG i think) most of our users who switched to broadband from dial-up could not connect with the client (4.51 i think). When we upgraded the firewall and pushed out the latest client to those users they were all connecting no probs.

ednwireland

yeh i remember that securemote couldn't cope very well with nat traversal i actually had the problem where the client would be dropped because cisco didn't rewrite the packet header correctly and the firewall dropped it as a malformed packet probably not your prob cos you can connect using ericom broadband and bnot netsource. my guess must be that netsource are blocking ports

this is what the network needs to pass

IKE
- IPSEC and IKE (UDP on port 500)
- IPSEC ESP (IP type 50)
- IPSEC AH (IP type 51)
- TCP/500 (if using IKE over TCP)
- UDP 2746 or another port (if using UDP encapsulation)
- SecureClient connections
- FW1_scv_keep_alive (UDP port 18233) — used for SCV keep-alive packets
- FW1_pslogon_NG (TCP port 18231) — used for SecureClient's logon to Policy Server protocol
- FW1_sds_logon (TCP port 18232) — used for SecureClient's Software Distribution Server download protocol

if netsource block any of these ports it won't work

9lives

Bambi wrote:

What version of SecuRemote are you using? Prior to the latest version (NG i think) most of our users who switched to broadband from dial-up could not connect with the client (4.51 i think). When we upgraded the firewall and pushed out the latest client to those users they were all connecting no probs.

Hi
Thanks for your response.

The tech guys say:
"Check Point VPN-1 SecuRemote/SecureClient NG with Application Intelligence
(R54) build 082"

So it seems this may not be the problem

Cheers
Graham

9lives

Well it's working for me this evening - and perhaps the Netsource thing was a red-herring.

We discovered that the router address of 192.168.1.1 clashed with an internal IP range, so we updated it to 192.168.0.1 and it worked after a re-boot. The fact that it worked on the Eircom line in work might have been a cruel coincidence - perhaps the IP address was down at the time or something.

Thanks for the suggestions along the way,
9L

Sponge Bob

securemote is crap compared to the cisco vpn client so I chucked FW1