dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1812
share rss forum feed


Edrick
I aspire to tell the story of a lifetime
Premium
join:2004-09-11
Woburn, MA

Cisco SA520 VPN

I'm trying to setup a Client to VPN on a Cisco SA520, I went through the Wizard and it setup the IPSec VPN. However the remote system still says the VPN isn't responding.

In VPN Wizard I did VPN Type: Remote Access

Enabled Cisco VPN Client

Named the Connection
Entered a pre-shared key
Local WAN Interface is set to Dedicated WAN
Remote Gateway Type FDQN
Locate Gateway Type is set to the IP of the static public IP.
Remote LAN IP Are empty, it does't allow me to enter anything there.

The layout of the network is a Comcast Business connection, with their SMC Router. Their SMC Router isn't set to give out IPs and the firewall is disabled with DMZ set to the Cisco Router. So that's basically acting as a bridge. Then I have the SA520 connected to that, it does seem port forwarding is working from the SA520 as I have other ports open.

So I'm trying to figure out what's missing that I cant get the client VPN to connect.
--
Edrick Smith
Independent Film & Broadcast Producer
»edricksmith.com

HELLFIRE
Premium
join:2009-11-25
kudos:18
1) post the config or webgui if possible.

2) any logs / debugs to help troubleshoot with?

3) done any basic layer 3 / 4 connectivity troubleshooting? Pings, telnets on the port(s), etc?

Regards


Edrick
I aspire to tell the story of a lifetime
Premium
join:2004-09-11
Woburn, MA
reply to Edrick
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
The VPN Wizard screen is just a sample of what I put in before. Am I correct that I wouldn't need to setup firewall rules for this VPN since the VPN is on the unit its self?

If we're able to determine if any of those settings are incorrect I can see about getting some logs. I know for example I am able from the outside world to access ports that have been forwarded.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Edrick
Don't see anything glaringly obvious, but without access to the other end its hard to say.

You obviously want to keep an eye on your VPN phase 1 and 2 configurations and ensure they match on the
other end -- encryption / hash algorithm, preshared key, etc. I'd also make sure any relevant firewall rules
are present as well, to be sure.

Regards


Edrick
I aspire to tell the story of a lifetime
Premium
join:2004-09-11
Woburn, MA
The remote end is either a OS X Client or iPhone Client. The problem I'm getting or at least the error is it says it couldn't connect, so it's not giving me an error of unable to authenticate or anything. Just that the VPN server didn't respond.

the SA520 handels the firewall so would I just set the ports to forward directly to the SA520 in its firewall settings?

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Edrick
Hmm... hope the SA5xx has some sort of logging facility to watch when someone's trying to connect.
I'd definately try permitting the ports in the firewall rules and working from there.

Regards