Help getting cisco IPsec to work at my apt

[cross6]

I use Cisco IPsec client to connect to work. The client works fine on my laptop.

My apt provides internet via ethernet jacks in the walls.

The client WILL connect, but I can't ping or pass traffic through it.

Any idea on how to get this working? Can I tunnel it somehow?

 

[bruceb]

You would need to get in touch wtih the actual ISP Provider or with whoever set up the
connections into each apt ... they may be going thru a Router which is Firewalled ... if so
you need to know what port you use for the client & have the router admin add that port
to the allowed list for your ethernet port on the router

 

[Goosemaster]

Odds are that you will need a router that simply has IPSec VPN passthrough.


Worst case scenario, you'll ahve to get a router that supports NAT traversal or jsut plug your computer directly into your broadband modem.

 

[cross6]

Originally posted by: Goosemaster
Odds are that you will need a router that simply has IPSec VPN passthrough.


Worst case scenario, you'll ahve to get a router that supports NAT traversal or jsut plug your computer directly into your broadband modem.

What part of I have ethernet jacks in my walls from the apt do you not understand.

 

[spidey07]

first, make sure it is OK with work for you to be doing this. I certainly wouldn't allow it.

second, set your client up to perform NAT traversal exactly as it is setup on your laptop. the client and the concentrator have to agree on how to do it.

connecting but not able to send/receive is almost always a NAT problem.

-edit- never mind. I though the laptop worked but you wanted to install it on a home machine. Either way - the client and concentrator will have to do NAT traversal. So this is something your companies IT will have to fix.

 

[cross6]

Originally posted by: spidey07
first, make sure it is OK with work for you to be doing this. I certainly wouldn't allow it.

second, set your client up to perform NAT traversal exactly as it is setup on your laptop. the client and the concentrator have to agree on how to do it.

connecting but not able to send/receive is almost always a NAT problem.

-edit- never mind. I though the laptop worked but you wanted to install it on a home machine. Either way - the client and concentrator will have to do NAT traversal. So this is something your companies IT will have to fix.

I use my latop vpn behind nat routers all the time. Just doesn't work at my apt.

 

[spidey07]

doesn't matter. most SOHO routers have VPN pass-through feature that knows how to handle the encapsulated security payload. In your apartment scenario they are probably doing PAT with commercial gear that doesn't allow for such a feature.

open the client and look at the options. there is something in there about nat traversal, make sure it is enabled or call your company and ask them how it is supposed to be setup.

I'm 99% sure you have a NAT problem, because those are exactly the symptoms of it. the IPsec portion comes up just fine but the ESP tunnel won't work because there is no layer4 information - just garbage after layer3. NAT/PAT device doesn't know what to do with it and can't perform a translation.

 

[cross6]

http://upload.redstickconsulting.com/public/pview/45/Clipboard01.gif


That's what you're talking about right? I tried both ways.

 

[cross6]

Also, my host network isn't the same network as the vpn pool on the pix, I know that can cause this problem.

Spidey I can post my pix config, censored of course 😱

 

[spidey07]

tunneling h-s to be the s-me on both sides. they h-ve to -gree.

no -, key on my keybo-rd.

c-ll work IT.

 

[RebateMonger]

Originally posted by: spidey07
no -, key on my keybo-rd.

Ah! Here's my chance, Spidey.

I'll give you a free trip to Hawaii for the correct answer to this quesiton:

Who is Bill Gates?
a) A founder of Microsoft
b) The pizza delivery boy.
c) The Secretary of Defense.

And the correct answer is:
a), b), or c) ? 🙂

 

[Goosemaster]

Originally posted by: spidey07
tunneling h-s to be the s-me on both sides. they h-ve to -gree.

no -, key on my keybo-rd.

c-ll work IT.

:laugh: