Re: VPN Tunnel comes up but no traffic flows across

kcgeorge1218 · ‎09-04-2008

I have a Cisco VPN client that I connect to a client. The tunnel comes up when on the office LAN, but I can not PING or connect to the servers anything across the tunnel. The same works from my home.

I have a Checkpoint Firewall allowing "any" service for now, which will change later.

Please advise.

Thx in advance

GK

andrew.prince · ‎09-05-2008

Have you enabled NAT-T for the remote VPN client? Are you encrypting ALL remote traffic - or allowing LocalLAN or Split-Tunneling?

kcgeorge1218 · ‎09-05-2008

Thx for the post, Andrew. I am able to connect while at home with the same client settings.

It's only when at work that it fails which leads me to believe that there could be something blocking on the FWall, although the service type is "any" outbound/inbound.

andrew.prince · ‎09-05-2008

Sorry I am confused - are you saying that you connect to a "remote customers" network using the Cisco VPN client?

This works when you use the cisco VPN client at home - but does not work when you use the cisco VPN client from in your office - which is protected behind a checkpoint firewall?

kcgeorge1218 · ‎09-05-2008

That's correct. It works from home but not when I am in the office.

Transparent tunneling seems to be inactive on the VPN client.

andrew.prince · ‎09-05-2008

Transparent tunneling needs to be configured and negotiated with the remote end concentrator?

When you work from home, do you negotiate NAT-T IPSEC over UDP or IPSEC over TCP??

Either way you need to allow either UDP 4500 = NAT-T or whatever they have configured thru your firewall.

HTH>