Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
11
Replies

ADSL internet connection.

aryan-d
Level 1
Level 1

‎11-11-2003 06:07 AM - edited ‎03-09-2019 05:29 AM

Hi,

One of our VPN users has a ADSL connection to internet. He is a able to authenicate to the VPN box, but cannot receive any data. After checking his configuration on ADSL router we enabled few port like 50, 500, 4500, 10000 in the "Special Internet Application". Even after this configuration he is unable to reveive any traffic.

On the ADSL modem PPTP is enable, will this create any problem? is there a way out ?

He is using a VPN Client 4.0.3.

We have a VPN concentrator 3015

Labels:
0 Helpful
11 Replies 11

aryan-d
Level 1
Level 1

‎11-11-2003 11:18 PM

Hi All,

Has anyone faced this problem before, can anyone help me. ISP has confirmed that they have allow all access(No access-list applied).

0 Helpful

edy-rojas
Level 1
Level 1
In response to aryan-d

‎11-12-2003 10:00 AM

Hi,

If there are any firewall on the ISP, they have to enable ESP or GRE (pptp) to enable data over tunnel.

0 Helpful

dpatkins
Level 1
Level 1

‎11-12-2003 03:31 PM

Are you directly connected to the cable modem? Do you have anything like a connection manager loaded? If so, try to uninstall that?

0 Helpful

aryan-d
Level 1
Level 1
In response to dpatkins

‎11-12-2003 11:24 PM

Hi,

I am using a ADSL modem.machine is connected to ADSL router.

Same client and pcf file works with dial-up connection.

I am able to connect and auth to the VPN concentrator, but cannot acces any LAN resource, when i checked the statictics it shows incoming zero bytes.

0 Helpful

mjreupenny
Level 1
Level 1
In response to aryan-d

‎11-13-2003 09:06 AM

Hi,

Just had to chime in here. If you are certain that the client is successfully authenticating to the VPN concentrator, then I would highly suspect that there is an access issue (on the Concentrator) related to the return traffic from the concentrator.

I am not sure what your setup is exactly, but it is possible that traffic is not permitted to your client. To test, you should try to ping (both ways) from the various servers (resources) to the client and vice versa to see if you do have any access at all. Any type of tracerout debug info could help shed some light on this problem. In most cases, the ISP implements minimal security measures when it comes to link usage so it is probably safe to assume that ISP is not interfering with your attempts to establish vpn connectivity.

Another possible area to test would be the VPN client itself. Are there any other versions you can use? Good luck and I hope you find the solution to your problem.

-mrew-

0 Helpful

aryan-d
Level 1
Level 1
In response to mjreupenny

‎11-13-2003 07:43 PM

I have 200 clients getting successfully auth using the same client version and same pcf file.

Let me know if i am wrong,

To my concentrator i have opned UDP 50,500,10000,4500,62514. This traffic is all UDP (Connection Less), so when the client send a request to my concentrator for auth, it does not receive any ack, so it gets auth. But when i try to access any server it uses port UDP/10000, i beleive that PPTP encrypts this traffic to some other port which my client is not able to understand. I think this is the problem, i have not worked on ADSL router or modem so i dont know what to do.

0 Helpful

dpatkins
Level 1
Level 1

‎11-13-2003 08:03 PM

Another thing you can try is to route your private interface to the default gateway instead of to the public interface. I had to do this to allow some people access to network resources and it also seemed to help some arping issues. Do you have routes set up on your core routers to route your addresses assigned by the VPN concentrator back to the private side? I agree. It sounds like it may be an access or routing issue.

0 Helpful

dpatkins
Level 1
Level 1
In response to dpatkins

‎11-13-2003 08:05 PM

My apologies. I said to route the private interface to the default gateway instead of the public interface. I meant private interface instead of public interface. Sorry.

0 Helpful

aryan-d
Level 1
Level 1
In response to dpatkins

‎11-13-2003 10:55 PM

I will explan you my setup,

Lan Network IP :- 192.168.0.2 - 254 (DHCP)

Mask :- 255.255.255.0

Default Gateway :- 192.168.0.1

WAN Interface :- 10.0.0.140

Mask :- 255.0.0.0

Gateway :- 0.0.0.0

ADSL Modem (Uses PPTP)

IP address 10.0.0.138

Mask :- 255.0.0.0

VPN Concentrator assigns 192.168.20.0 range of IP address

Now where do i have to add routes ? My internet is working fine.

0 Helpful

aryan-d
Level 1
Level 1
In response to aryan-d

‎11-13-2003 11:03 PM

Sorry forgot to mention, I have a option to add routes on modem as well.

Diagram look like,

LAN <-->ADSL Router<-->ADSL Modem

0 Helpful

scott.engel
Level 1
Level 1
In response to aryan-d

‎11-19-2003 01:09 PM

Sounds like an possible MTU issue. Have you tried different ICMP sizes to see if communications drop off at a certain size?

I would try adjusting the MTU size in the the VPN client.

0 Helpful
Customers Also Viewed These Support Documents