Cisco VPN client - connects at work, but not at home

LewisC_2

Hi guys,

I'm trying to use the Cisco VPN Client to access my office PC from home on my laptop. However, when I try connecting from home, I get the following error message:

"Secure VPN Connection terminated locally by the Client.
Reason 403: Unable to contact the security gateway."

Now, if I use any other connection (i.e. separate network connection at work - external broadband as opposed to internal network), it connects perfectly, but as soon as I try connecting through my home network, nothing.

The home network uses a Netgear WGT624 router - could this be causing problems? I'm not sure what else it could be.

Any ideas?


Thanks in advance.

nickmack

LewisC wrote:

Hi guys,

I'm trying to use the Cisco VPN Client to access my office PC from home on my laptop. However, when I try connecting from home, I get the following error message:

"Secure VPN Connection terminated locally by the Client.
Reason 403: Unable to contact the security gateway."

Now, if I use any other connection (i.e. separate network connection at work - external broadband as opposed to internal network), it connects perfectly, but as soon as I try connecting through my home network, nothing.

The home network uses a Netgear WGT624 router - could this be causing problems? I'm not sure what else it could be.

Any ideas?

Sounds like something is blocking it, either software firewall, router settings or ISP. Start investigating these in order, by disabling/checking settings, particularly ports that may be blocked.

BillScarab

If you have a separate modem and router, try connecting the laptop diretcly to your modem using an ethernet cable. If that works it's the router.

I use a laptop with a Nortel VPN client at home via a Netgear router and a Telewest cable modem and it works fine. I can't remember whether I had to set up anything on the router. If I remember I'll check when I get home.

One other point, can you access the internet on the laptop wirelessly without the VPN client?

LewisC_2

Hi BillScarab - yep, everything else works fine. It's just the combination of home network and VPN that seems to cause problems

BillScarab

Hmm, just been doing a quick google and found this that may help.

http://forums.speedguide.net/showthread.php?t=193882

May be worth trying a few of these things.

I really don't remember any problems setting mine up, but where I work we use the Nortel client not Cisco which may be a factor.

chartreuse_2

I use the Cisco VPN client from home, over Telewest with a D-Link router and haven't had a problem. Software FW is ZoneAlarm and I'm VPNing into a PIX.

I didn't have to change any settings on the router, so my guess would be your software firewall. If all else fails and you can see your firewall ruleset you might take a look, as there's a slim chance your FW is not configured to accept connections from the IP addy you've got at home.

MadCowMan

I wonder if the Cisco client is being fussy about connecting behind a NAT router. Have you got something like a USB modem you can test the connection with from home ?

HighVoltage

What version of client are you using ? I have 4.6.01.0019 and this is working fine behind a Netgear MR814 wireless router.

You should also check with the administrators of the VPN concentrator at work that you have are in the correct group. Typically you can setup the concentrator that allows NAT translation ( which you have as you're using a router). You then need to setup the VPN client to use this group.

Another thing to try to test its not the router blocking ports it to setup the IP address that the router allocates to the PC when at home as a DMZ address. This way any traffic from the internet will always be sent directly to your PC and router will not "drop" packets.

On my settings for the client, I have enabled Transparent Tunneling and use IPsec over TCP on port 10000 ( found this more reliabe than IPSec over UDP)

LewisC_2

MadCowMan wrote:

I wonder if the Cisco client is being fussy about connecting behind a NAT router. Have you got something like a USB modem you can test the connection with from home ?

Could try plugging straight into the modem and bypassing the router. Will give it a go if the other solutions don't work.

LewisC_2

HighVoltage wrote:

What version of client are you using ? I have 4.6.01.0019 and this is working fine behind a Netgear MR814 wireless router.

You should also check with the administrators of the VPN concentrator at work that you have are in the correct group. Typically you can setup the concentrator that allows NAT translation ( which you have as you're using a router). You then need to setup the VPN client to use this group.

Another thing to try to test its not the router blocking ports it to setup the IP address that the router allocates to the PC when at home as a DMZ address. This way any traffic from the internet will always be sent directly to your PC and router will not "drop" packets.

On my settings for the client, I have enabled Transparent Tunneling and use IPsec over TCP on port 10000 ( found this more reliabe than IPSec over UDP)

No idea what version I'm using until I get home (12-ish).

Definitely in the correct group - all works from other connections - just not at home.

MadCowMan

Another thing to try to test its not the router blocking ports it to setup the IP address that the router allocates to the PC when at home as a DMZ address. This way any traffic from the internet will always be sent directly to your PC and router will not "drop" packets.

I woudn't recomment you leave the 'DMZ' function on permanently - you will loose the layer of security offered by NAT and could leave the PC open to attack if you are not carefull.

I'm not sure why router manufacturers call it a DMZ , because in traditional networking terms, it isn't - a DMZ is a zone on the network that is firewalled from both public and private networks ( its sometimes referred to as the orange interface )