Re: < Ameritech DSL VPN problem >

ddemers · ‎05-07-2002

We've got a remote office that has Ameritech DSL using an Efficient Networks SpeedStream 5861router. There are 20-some users sharing a single public address. They're able to surf the web, telnet, etc, but can't use the Cisco VPN client v3.5 to connect to our VPN concentrator using IPSec over TCP on port 10000; "failed to establish a TCP connection" error. Does anyone have any experience with this type of equipment? I hope to avoid flying out there if someone has already been through this. Any help would be greatly appreciated.

gbharadwaj · ‎05-11-2002

Hi ,

We too had the same problem using the efficient router to connect to our network through the VPN.

Problem: The Problem lies in the fact that the efficient router does not support dynamc NAT hence all the users who connect to the VPN are given the IP address of the Routers public interface. this being the case the moment an user connects to the VPN he gets the public IP address and the person previously connected gets disconnected.

Solution: if you have access to the DSL router you can put a static NAT for all the machines on your network with valid public address. You must also check if the port you mentioned is not blocked by any firewall at either ends of the network. if you do not have access to the router you can ask the vendor at the remote location to do this as we had done .. !!

cheers,

Goutham

ddemers · ‎05-11-2002

Thanks for the help.

Unfortunately we've got a ratio of 20:5 private to public IP addresses. I've ordered a Cisco 827H to swap out the 5861.