How do I solve a connectivity issue with a (name your favorite router)?

[BarryStiefel]

How do I solve a connectivity issue with a (name your favorite router)?

I have used the “virtual servers” settings on the Belkin router to allow UDP on port 500 and on port 2746 I have also given this machine a fixed IP as suggested by Belkin.



The problem is that I can log on and authenticate myself to the firewall but cannot then access any network resources. Upon looking at the firewall logs their are no UDP encapsulated packets being passed. I assume therefore the Belkin router is stopping them.

Does anyone have any advice?

Answer For these kinds of problems, your best friend is a packet sniffer on the outside interface of your gateway, assuming it is connected to a hub, not a switch. This can be a host running Ethereal, tcpdump, or something similar.



If it's anything like what was happening with my D-Link DI704p (in the closet along with my Nexland routers and Nokia IP71), the router is probably refusing to pass the UDP port 2746 packets for some reason, either because they are too big or because there is something "odd" about the packet the Belkin box doesn't like. The packet sniffer will allow you to figure out what that "oddness" is, or if it's some other problem (like the packets never reach the gateway).

Comments

Make sure that you don't have conflicting encryption domains when trying to use SecuRemote. This is especially true, if your PAN (Personal Area Network) uses 192.168.1.0 and the network you're trying to connect to is also using 192.168.1.0 - you could run into trouble. The newer software R54 and R55 don't have problems with this as much the older versions did though. Also, define the objects/networks residing behind the firewall you want to VPN in to.



-- RobertGraham - 02 Feb 2004

FAQForm FAQs.Class: EncryptionFAQs, SecureClientFAQs, TroubleshootingFAQs FAQs.OS: FAQs.Version: