Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4856
Views
0
Helpful
4
Replies

VPN Enable Transparent Tunneling

Go to solution
dodger346
Level 1
Level 1

‎10-25-2008 05:09 PM

Hello,

Im trying to connect to my work vpn using the cisco vpn client. I found this problem interesting because I've recently completed my beginners CCENT exam in cisco and getting into this world.

Anyways, here is what I know:

1) When trying to connect to work it says "contacting the security gateway x.x.x.x" and never prompts me for my username and password.

2) Going to the coffee shop down the street, it works fine on their wireless. So I know its not a setting on my computer (trust me, its not a firewall setting for a specific network zone ither).

3) When I tried to VPN from the "broken" network, and didn't have "Enabled Transparent Tunneling" enabled, it DOES prompt me for my username and password and it shows its connected with the lock in the bottom of the start menu. However I can't ping or do anything on that remote network.

4) THe TCP tunnel to port 10,000 is blocked with my work.

5) IP SEC over UDP doesn't work ither

6) I'm at a school network and i think they have blocked something, I don't know but i'm guessing its UDP ...

Any possible work arounds to this?

Thanks guys!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎10-26-2008 08:30 AM

1) When trying to connect to work it says "contacting the security gateway x.x.x.x" and never prompts me for my username and password.

kdalf,

It is possible and very common that some organizations do not allow ipsec vpn ports or it Ipsec is allowed on a per user basis,this is just one possibility. Another possibility may be they do not allow IPsec vpn on their wireless vlans, either or what you may need to do is to contact the net administrators and ask them to ensure that IPsec vpn ports are indeed allow or not, my guess it is not. If asking is out of your reach you could also ask if anyone else in the same area you are connecting from have successfully connected to their work via IPsec.

2) Going to the coffee shop down the street, it works fine on their wireless. So I know its not a setting on my computer (trust me, its not a firewall setting for a specific network zone ither).

This explains my answer in question 1, the coffee shop does allow ipsec vpn ports, this is nice to attract more custumers :)

3) When I tried to VPN from the "broken" network, and didn't have "Enabled Transparent Tunneling" enabled, it DOES prompt me for my username and password and it shows its connected with the lock in the bottom of the start menu. However I can't ping or do anything on that remote network.

This one prety much relies on the issue in question 1.

4) THe TCP tunnel to port 10,000 is blocked with my work.

Ipsec over TCP port 10,000 is usually implemented at the RA vpn server, so if you choose in your client IPsec over tcp on port 10,000 you must be aware that the RA VPN server must also be configured to support it

5) IP SEC over UDP doesn't work ither

6) I'm at a school network and i think they have blocked something, I don't know but i'm guessing its UDP ...

Q 5 & 6 Same answer as question 1,

The workaround is much based on whether your school does allow ipsec ports, you need to conatct the network administrator before trying to troubleshoot vpn client software.

Rgds

Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎10-26-2008 08:30 AM

1) When trying to connect to work it says "contacting the security gateway x.x.x.x" and never prompts me for my username and password.

kdalf,

It is possible and very common that some organizations do not allow ipsec vpn ports or it Ipsec is allowed on a per user basis,this is just one possibility. Another possibility may be they do not allow IPsec vpn on their wireless vlans, either or what you may need to do is to contact the net administrators and ask them to ensure that IPsec vpn ports are indeed allow or not, my guess it is not. If asking is out of your reach you could also ask if anyone else in the same area you are connecting from have successfully connected to their work via IPsec.

2) Going to the coffee shop down the street, it works fine on their wireless. So I know its not a setting on my computer (trust me, its not a firewall setting for a specific network zone ither).

This explains my answer in question 1, the coffee shop does allow ipsec vpn ports, this is nice to attract more custumers :)

3) When I tried to VPN from the "broken" network, and didn't have "Enabled Transparent Tunneling" enabled, it DOES prompt me for my username and password and it shows its connected with the lock in the bottom of the start menu. However I can't ping or do anything on that remote network.

This one prety much relies on the issue in question 1.

4) THe TCP tunnel to port 10,000 is blocked with my work.

Ipsec over TCP port 10,000 is usually implemented at the RA vpn server, so if you choose in your client IPsec over tcp on port 10,000 you must be aware that the RA VPN server must also be configured to support it

5) IP SEC over UDP doesn't work ither

6) I'm at a school network and i think they have blocked something, I don't know but i'm guessing its UDP ...

Q 5 & 6 Same answer as question 1,

The workaround is much based on whether your school does allow ipsec ports, you need to conatct the network administrator before trying to troubleshoot vpn client software.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
dodger346
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎10-26-2008 08:34 AM

Thanks Jorge,

I was kinda hoping i might be able to tunnel UDP ports or some sort of work around ;) But I think the quickest and easiest way for me to get around this, is to rent out a VPS windows box, install my cisco vpn client there and work off that ... its only 18 bucks a month on this one site, and only need it for my one month. I can rdp to that box and work away.

Thanks for the info though, i had contacted the network team, just waiting for a response. Although if it does work i can cancel my vps for a refund.

thanks again

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to dodger346

‎10-26-2008 08:40 AM

You are welcome and thx for the rating , let us know what it turns out to be when the net admnins get back to you.. if they do allow ipsec then we can try to help you to troubleshooting the vpn connection.

Bst Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
dodger346
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎10-26-2008 08:41 AM

thx, I will ... im sure i'll be fine once they unblock me... works at the coffee shop great so i doubt i'll hit any problems

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents