11-11-2003 06:07 AM - edited 03-09-2019 05:29 AM
Hi,
One of our VPN users has a ADSL connection to internet. He is a able to authenicate to the VPN box, but cannot receive any data. After checking his configuration on ADSL router we enabled few port like 50, 500, 4500, 10000 in the "Special Internet Application". Even after this configuration he is unable to reveive any traffic.
On the ADSL modem PPTP is enable, will this create any problem? is there a way out ?
He is using a VPN Client 4.0.3.
We have a VPN concentrator 3015
11-11-2003 11:18 PM
Hi All,
Has anyone faced this problem before, can anyone help me. ISP has confirmed that they have allow all access(No access-list applied).
11-12-2003 10:00 AM
Hi,
If there are any firewall on the ISP, they have to enable ESP or GRE (pptp) to enable data over tunnel.
11-12-2003 03:31 PM
Are you directly connected to the cable modem? Do you have anything like a connection manager loaded? If so, try to uninstall that?
11-12-2003 11:24 PM
Hi,
I am using a ADSL modem.machine is connected to ADSL router.
Same client and pcf file works with dial-up connection.
I am able to connect and auth to the VPN concentrator, but cannot acces any LAN resource, when i checked the statictics it shows incoming zero bytes.
11-13-2003 09:06 AM
Hi,
Just had to chime in here. If you are certain that the client is successfully authenticating to the VPN concentrator, then I would highly suspect that there is an access issue (on the Concentrator) related to the return traffic from the concentrator.
I am not sure what your setup is exactly, but it is possible that traffic is not permitted to your client. To test, you should try to ping (both ways) from the various servers (resources) to the client and vice versa to see if you do have any access at all. Any type of tracerout debug info could help shed some light on this problem. In most cases, the ISP implements minimal security measures when it comes to link usage so it is probably safe to assume that ISP is not interfering with your attempts to establish vpn connectivity.
Another possible area to test would be the VPN client itself. Are there any other versions you can use? Good luck and I hope you find the solution to your problem.
-mrew-
11-13-2003 07:43 PM
I have 200 clients getting successfully auth using the same client version and same pcf file.
Let me know if i am wrong,
To my concentrator i have opned UDP 50,500,10000,4500,62514. This traffic is all UDP (Connection Less), so when the client send a request to my concentrator for auth, it does not receive any ack, so it gets auth. But when i try to access any server it uses port UDP/10000, i beleive that PPTP encrypts this traffic to some other port which my client is not able to understand. I think this is the problem, i have not worked on ADSL router or modem so i dont know what to do.
11-13-2003 08:03 PM
Another thing you can try is to route your private interface to the default gateway instead of to the public interface. I had to do this to allow some people access to network resources and it also seemed to help some arping issues. Do you have routes set up on your core routers to route your addresses assigned by the VPN concentrator back to the private side? I agree. It sounds like it may be an access or routing issue.
11-13-2003 08:05 PM
My apologies. I said to route the private interface to the default gateway instead of the public interface. I meant private interface instead of public interface. Sorry.
11-13-2003 10:55 PM
I will explan you my setup,
Lan Network IP :- 192.168.0.2 - 254 (DHCP)
Mask :- 255.255.255.0
Default Gateway :- 192.168.0.1
WAN Interface :- 10.0.0.140
Mask :- 255.0.0.0
Gateway :- 0.0.0.0
ADSL Modem (Uses PPTP)
IP address 10.0.0.138
Mask :- 255.0.0.0
VPN Concentrator assigns 192.168.20.0 range of IP address
Now where do i have to add routes ? My internet is working fine.
11-13-2003 11:03 PM
Sorry forgot to mention, I have a option to add routes on modem as well.
Diagram look like,
LAN <-->ADSL Router<-->ADSL Modem
11-19-2003 01:09 PM
Sounds like an possible MTU issue. Have you tried different ICMP sizes to see if communications drop off at a certain size?
I would try adjusting the MTU size in the the VPN client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide