1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Befsx41 internet forwarding?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mcamino, Apr 23, 2006.

  1. mcamino

    mcamino LI Guru Member

    hello. I have a simple situation, that i am having hard time figuring answer to. I have a linksys befsx41 router setup to run a VPN over the internet. that part i figured out and got working. Now the past history. I had a client who used to use microsoft vpn (ptpp) to connect to his computer at the office so he could access the company's network resources (file servers, printers, etc) when we setup his laptop he made sure that "use remote gateway" was selected so everything from his laptop at home would be forwarded to our network this included his internet traffic as well as his file server traffic. (This was important because we OWN the laptop he is using, and he knows he is only permitted on approved internet websites, so we monitor his internet traffic when he is connected to our network. Politics aside, we like this ability to have all internet/network traffic flow over the vpn into our network where he can use our internet connection to access the internet or connect to other network resources)

    Now the problem because of changes in the network we decided to put in a VPN server which doesnt support PTPP anymore for his login. We invested in a Linksys befsx41 router for him to connect his laptop to at home. We got the router configured properly to connect to out office VPN. (he can vpn without a problem and access the network resources as he did before the changes) the problem is his internet traffic isnt flowing through the VPN, it is going stright out the router to the internet. I have spent hours online with linksys and they are not much help.

    I though of setting up a static route on the router to forward all traffic, but we havnt been able to get that working. We also checked google and some people suggested for simular situations to set "remote secure group" to ANY which will forward all network traffic(inclduing internet) to the vpn connection. unfortunately when we do that the router responds "this tunnel should not be inititor".

    Anyone have any ideas about the simple solution i am overlooking here?
  2. ed001

    ed001 Network Guru Member

    I am by no means an expert and this is more of a bump than an answer but I have limited experience with the sx and it does not do the old nat-t tunneling. I guess it would be best to know what router you are using on the other side.
    PPTP is kind of a broken (crackable) tunneling technology (one of the reasons MS has abandoned it for L2TP) so I think you will see less support for it in the future. If your local router supports traditional IPSEC connections you may want to consider some 3rd party clients for the laptop. My only other suggestion is pickup a used Cisco Pix 501 as long as your local router supports nat-t. I belive that the static routing (if you could solve your problem this way) would confuse things if the user was to take the laptop on the road, ie configuring tcp/ip back to DHCP and back again when he arrives home, etc. Again, something the 3rd party client would solve
    Maybe someone has a better suggestion???
    Good luck!!!


Share This Page