Help w/VPN thru Belkin router

Discussion in 'Hardware' started by jsteiger, Dec 19, 2006.

  1. jsteiger

    jsteiger Private E-2

    I got a new job recently and they gave me a laptop which has Juniper NetScreen Remote VPN software on it. The thing is, when I am connected either wirelessly or w/ wire to my Belkin Pre-N router, I can log on to the VPN service, but none of my applications or mapped drives will work. In particular, Outlook does not synchronize. It says it cannot find the server.

    When I connect the computer directly to the cable modem, everything works fine.

    Random observation - When I ping the company's server connecting thru the router (w/ VPN enabled), I get 3/4 sucessful or 2/4 sucessful.

    I have been in hotels where the wireless link works fine with this VPN. What gives??? What setting do I have to change in the router to get this to work?
     
  2. djlowe

    djlowe Private First Class

    Hi,

    Is this the router? http://www.belkin.com/support/product/?lid=en&pid=F5D8230-4&scid=221

    I couldn't find a manual for that device, but there does not appear to be any other models of Pre-N routers made by Belkin, so I'm assuming that that is it.

    You don't state whether or not the laptop works properly through the router without the VPN client running, i.e, for normal Web surfing. You should verify that to be the case first, if you have not already.

    I'd check the router's configuration and make sure that VPN support for whatever protocols are being used by your company's VPN server are enabled on it, if the router supports this. While you're there, look for the router's current firmware revision and make a note of it.

    You should also talk to the person that maintains the company's VPN server, and ask about the configuration - he or she might even know what the problem is, based on past experience and their familiarity with the company's VPN.

    There's also the possibility that it simply does not support the VPN that your company is using.

    I also note that there's a firmware update for that unit, dated 12/6/06, but there are no release notes to indicate what problems it addresses, if any.

    Before I did something as drastic as upgrading the firmware, however, I'd send an email to the manufacturer's tech support at:

    http://www.belkin.com/support/contact/email/

    and explain the problem, and ask whether or not the firmware update will correct it.

    Regards,

    dj
     
  3. jsteiger

    jsteiger Private E-2

    To answer your first point, if the laptop is connected to the router, the web will come through with no problem weather the VPN is engaged or not.

    I did call tech support at Belkin, and they had me do some stuff that basically reduced the likelyhood of interference, but they did not address the central issue that the vpn does not seem to pass thru the router, weather hardwired or not.

    I have the latest firmware update.

    As for support with various protocols - this is the kind of thing I need to look at. I've played with a lot of settings in the router with no improvement. If you have any specific settings I should be looking at, let me know.

    Our IT guy at the company says it is the router's fault, but I can't beleive that a top $ router would not support something as common as VPN. It just seems to me there is one setting somewhere that is holding this whole thing back......

    I will try e-mail support with Belkin. Perhaps they have better ideas than the phone support people. They have to have come accross this issue before.
     
  4. djlowe

    djlowe Private First Class

    It's not as simple as "something as common as VPN" - VPN is a catch-all term for the various ways to establish secure network connections across the Internet. Some consumer routers handle these better than others, and some may not handle more esoteric configurations at all.

    http://en.wikipedia.org/wiki/VPN is a good place to read about this.

    But, one way to ty to force this to work and to determine whether the router is dropping inbound VPN packets (and again, without a manual for it, I have no idea whether or not your router can do this) is this: Most consumer routers have a way to configure a Demilitarized Zone, or DMZ. If yours does, configure it to use the IP address currently assigned to your laptop's WiFi NIC (or wired Ethernet interface, if you're connected that way) via DHCP as the DMZ address.

    Then, try the VPN client again - any packets that the router thinks are unsolicited for whatever reason should then be forwarded to your laptop... and if the VPN traffic is being dropped for this reason, this configuration will force the router to forward the packets regardless. Try to ping the IP address of a server on the LAN across the VPN - if it doesn't drop packets, try to establish a connection to your corporate mail server.

    If this works, then it definitely points to a problem with your router and the particular VPN that your company uses, though it won't indicate where the fault lies. Short of a fix from Belkin, or perhaps an updated VPN client, you may not be able to resolve it. At that point, you'd want to investigate setting up custom forwarding rules on your router, but would need more information about the VPN server configuration to do so.

    Finally - PLEASE NOTE: If it works, the above suggestion is NOT a permanent fix, even if it appears to solve the problem! Leaving your laptop in the DMZ defeats the reason for having a NAT/Router/Firewall in the first place, and you should only implement my suggestion as a means to troubleshoot the problem.

    Regards,

    dj
     
    Last edited: Dec 23, 2006
  5. jsteiger

    jsteiger Private E-2

    Thanks for the suggestion. I tried the DMZ method and it did not fix the problem. I got looking into the connection details a little more and I am pretty stumped. If I connect through the router, I have noticed that I actually get an intermittant connection to the server.

    One other detail - I have a Cingular 3G card that ALWAYS works and does not drop the connection. If I try to ping the mail server w/o VPN, I get a message that the address cannot be found. Once the VPN is engaged, the computer can successfully ping the server.

    I have noticed that when connecting through the router, I can ping the server sometimes and not others. With the VPN engaged, I get time outs for all pings, so the computer is finding the server, but somehow, the ping gets lost. What's up with this??? It will go through periods of time when I can successfully ping. These periods last about 1 min. When this happens, I can access mapped drives, sync e-mail and everything, that is, until the connection gets dropped again.

    I was looking at the connection details to see if there was something I could change to make the connection "look" more like the Cingular 3G connection. The only thing I could really do was to manually enter my ISP's DNS servers instead of having the router use the auto setting. This is not work.

    Any comments on the intermittant connection phenomenon? Thanks for all your help.
     
  6. djlowe

    djlowe Private First Class

    That's normal: The server is inside the corporate firewall. A successful VPN connection attaches your computer to the corporate LAN, basically as though you were actually at the office.

    I'm sorry to say this, but given the symptoms you've described, it appears to be your router. The fact that you can get VPN access with your home Internet connection without the router in place eliminates every factor involved except for it.

    The last thing to try is to set up explicit forwarding rules for the VPN: You'd need to enlist the assistance of your IT department to do this. You need the VPN server configuration: Ports, protocols, IP address. Then you'd need to set up rules to forward those.

    However, given the fact that putting the laptop into the DMZ didn't work, I doubt that this will, either. It appears that the router is intermittently dropping VPN packets before it gets to the point where it decides where to send them, so there's every reason to believe that it would do the same even with such rules in effect. It's just a guess, but I'd say that the router's firewall is doing it for some reason - the VPN packets are being filtered by it. Why it happens only intermittently, I cannot say; maybe it's a bug, or a logic error in the filtering rules. If there's a security log and it is enabled, you might glean a clue from it as to why.

    My advice: If explicit forwarding doesn't work, and Belkin Tech Support can't resolve it, and you can't live with just using the Cingular 3G card, then buy another manufacturer's router, avoiding Belkin as there's no reason to think that any of their products will work with your company's VPN configuration. Ask your IT staff which makes and models they use at home and match one of them as best you can.

    Regards,

    dj
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds