1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CISCO VPN Client through a RV042

Discussion in 'Networking Issues' started by RayD, Nov 7, 2006.

  1. RayD

    RayD LI Guru Member

    We have a RV042 at a remote site enabling up to ten laptops to access the internet via a Satellite link. We are not using the Dual WAN. There is no VPN tunnelling etc setup. All computers have no problems accessing the internet/e mail.

    Just today a new user has arrived and requires to access his work via the router using the CISCO VPN client on his laptop, as he had been doing at a local hotel in the morning with success. He has advised me that he cannot establish connection with his work through the RV042. I have not touched the default VPN settings. I am new to this and have had no problems with other routers with users having the same client software. In fact this guy used his machine via a BEFSR41 on another link successfully two days ago.

    Any ideas what i have not set????
  2. Toxic

    Toxic Administrator Staff Member

    port forwarding? (port 10000 afaik) access rules? the RV042 has a much tighter firewall than a BEFSR41. do you have any Access violations in the file files?
  3. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I'll chime in and say (in the absence of more information) that 2 possible situations will cause the issues you describe:

    1) You might have some restrictions that will prevent the proprietary Cisco UDP or TCP encapsulation of the Phase II VPN traffic from progressing through your box. This is assuming that the head-end VPN endpoint (ie: at the HQ) has been configured to negotiate NAT Traversal with the VPN client. Cisco uses UDP Port 10000 or TCP Port 10000 for (what they call) Transparent Tunneling. The Cisco boxes also support RFC-compliant NAT-T (Nat Traversal) which uses UDP port 4500. Make sure these ports aren't being blocked. Port forwarding rules will *not* be unneccessary on the RV042 since it's the client initiating the connection to the server. Also make sure you're not blocking UDP port 500 (both source and destination) since these ports are always used to setup the VPN in phase I.

    2) Turning the argument around, the problem might be at the head-end. If it is not setup to negotiate NAT traversal.

    Thoughts for now... See if either of these ideas ring a bell and we can drill down further. I can't respond in realtime, but I'll be scanning this group from time to time.

  4. pablito

    pablito Network Guru Member

    I don't think the RV is causing issues with the VPN unless something in the rules is blocking it. I have a location with 5 users that use the Cisco VPN through an RV. No problems. I added a QOS rule to give priority to the tunnels but that isn't important to make it work. This location is using the default UDP setup, some HQs have moved to TCP so I can't say if that is an issue.

    We can assume that NAT-T isn't an issue since your user was at a hotel without a problem.

    FYI, none of the VPN settings of the RV have anything to do with an internally initiated tunnel except for VPN Pass Through. You must have IPSEC Pass Through enabled.
  5. RayD

    RayD LI Guru Member

    Thanks to all. The RV is in Morocco, i.m in the UK and it has not recovered (no lights) from a power out this afternoon, so can't get into it.

Share This Page