bbarrera MVM join:2000-10-23 Sacramento, CA |
to kasper501
Re: Another USG 50 newb...Cisco VPN Client getting droppedFrom the logs it sure looks like your router config has: - PORT FORWARDING of UDP ports 500 and 4500 - FIREWALL rule allowing UDP ports 500 and 4500
its also possible that IPSec (protocol 50) is involved, off the top of my head I can't recall if that is also configured in port forwarding and firewall. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2012-Dec-14 4:17 pm
What is said above, check you default FW rules, they have IKE,IPSec services included, remove them. |
|
1 edit |
I don't have anything being forwarded, so I'm confused as where to look for those "IKE,IPSec services". Ive included a screen shot of my "Default_Allow_WAN_To_ZyWALL" Service Group rules. Can I provide any other informatin? |
|
kasper501 |
Arghgh....I've been fighting with this all day. I kind of lost it after my ATT MicroCell began getting kicked off the network. Emailed Zyxel for support to see whether they might be able to provide some insight, but at this point I setup my Netgear WND4000 again and everything is fkn working. /arghgh, want to smash! |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2012-Dec-14 8:54 pm
Check your PM |
|
bbarrera MVM join:2000-10-23 Sacramento, CA |
to kasper501
NATT is your problem, remove it from the Default_Allow_WAN_To_ZyWALL rule. |
|
|
Thanks, guys!!!!
I'll try tomorrow. |
|
bbarrera MVM join:2000-10-23 Sacramento, CA |
NATT is NAT Traversal and its UDP port 4500, which you can see from the logs is involved with your VPN client getting caught in the firewall. |
|
|
1 edit |
BBARRERA...Thanks so much. Thank you, everyone, for your assistance!!! Its finally working, I'm no longer getting disconnected from my work vpn client. I've been connected for over an hour now. Its sites like this that make the internet so awesome. I do have one more question....not sure if I should start another post, its related to my AT&T microcell. I dont have cell coverage in my house so I need the microcell to get a cell connection. My MicroCell has been dropping connection too since I setup the new router. I was thinking of using the DMZ port; is this how I should configure the default DMZ rules to allow the following ports to pass through? 123/UDP: NTP timing (NTP traffic) 443/TCP: Https over TLS/SSL for provisioning and management traffic 4500/UDP: IPSec NAT Traversal (for all signaling, data, voice traffic) 500/UDP: IPSec Phase 1 prior to NAT detection (after NAT detection, 4500/UDP is used) 4500/UDP: After NAT detection, 4500/UDP is used |
|
|
bbarrera MVM join:2000-10-23 Sacramento, CA |
If you have only 1 public IP, I can't think of any advantage in setting up DMZ. Just forward those ports to your microcell and then likely have problems with your work laptop VPN. |
|
|
to kasper501
Microcell does not require a DMZ, since you've already taken NATT and IKE out of the default rule that normally forces those inbound to the Zywall, you'll be good.
Microcell needs to make a VPN tunnel to AT&T's datacenter, almost identical to how your machine makes a VPN tunnel to your office. |
|