Sign in with
Sign up | Sign in
Your question

MN-700 and Cisco VPN

Last response: in Networking
Share
Anonymous
October 21, 2004 7:44:27 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

I just got my MN-700 configured so that the DSL Modem ethernet cable is
plugged into the WAN port.. HOwever, now my Cisco VPN client connects, but
I can't do anything... When I had the DSL Modem ethernet cable plugged into
one of the LAN ports it worked OK. Do I need to configure the WAN security
to allow the CISCO VPN client to run IPSec through the WAN?

Carl

More about : 700 cisco vpn

Anonymous
October 21, 2004 7:48:06 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

Sorry, I see lots of articles in this group on this topic... I will try to
find the answer there.





"Carl Hilton" <someone@microsoft.com> wrote in message
news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>plugged into the WAN port.. HOwever, now my Cisco VPN client connects, but
>I can't do anything... When I had the DSL Modem ethernet cable plugged into
>one of the LAN ports it worked OK. Do I need to configure the WAN security
>to allow the CISCO VPN client to run IPSec through the WAN?
>
> Carl
>
Anonymous
October 22, 2004 12:00:10 AM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

Well, it looks like the solution is to log into the MN-700, turn on the DMZ
for the machine you want to use a VPN client... Do you VPN session,
disconnect, then disable the DMZ... Not elegant but it works.



"Carl Hilton" <someone@microsoft.com> wrote in message
news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>plugged into the WAN port.. HOwever, now my Cisco VPN client connects, but
>I can't do anything... When I had the DSL Modem ethernet cable plugged into
>one of the LAN ports it worked OK. Do I need to configure the WAN security
>to allow the CISCO VPN client to run IPSec through the WAN?
>
> Carl
>
Related resources
October 22, 2004 12:07:46 AM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

If you can figure out which ports are needed for incoming data you can
use persistent port forwarding instead. It is a much more secure method
of doing the VPN as well.

Carl Hilton wrote:

> Well, it looks like the solution is to log into the MN-700, turn on the DMZ
> for the machine you want to use a VPN client... Do you VPN session,
> disconnect, then disable the DMZ... Not elegant but it works.
>
>
>
> "Carl Hilton" <someone@microsoft.com> wrote in message
> news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>
>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects, but
>>I can't do anything... When I had the DSL Modem ethernet cable plugged into
>>one of the LAN ports it worked OK. Do I need to configure the WAN security
>>to allow the CISCO VPN client to run IPSec through the WAN?
>>
>>Carl
>>
>
>
>

--
Please do not contact me directly or ask me to contact you directly for
assistance.

If your question is worth asking, it's worth posting.

If it’s not worth posting you should have done a search on
http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
time.
Anonymous
October 22, 2004 10:36:11 AM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

I have several Etherreal captures of traffic... How do I determine what is
required? Most of the traffic appears to be between the workstation and the
MN-700 gateway?

OOPS, I see that once I make the VPN connection, my Network Adapter changes
to the Cisco VPN adapter, So... capturing that traffic, what do I look for?
There is a LOT of traffic on various ports?

Persistant Port forwarding points back to a specific IP, but with this VPN,
I am assigned a different IP...

Carl


I see ISAKMP traffic between my machine and the VPN Concentrator but then
after the signon. All subsequent traffic is to the gateway, except for
"Joker" <no-spam@netzero.com> wrote in message
news:eW%23Ctv9tEHA.2956@TK2MSFTNGP12.phx.gbl...
> If you can figure out which ports are needed for incoming data you can use
> persistent port forwarding instead. It is a much more secure method of
> doing the VPN as well.
>
> Carl Hilton wrote:
>
>> Well, it looks like the solution is to log into the MN-700, turn on the
>> DMZ for the machine you want to use a VPN client... Do you VPN session,
>> disconnect, then disable the DMZ... Not elegant but it works.
>>
>>
>>
>> "Carl Hilton" <someone@microsoft.com> wrote in message
>> news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>
>>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects,
>>>but I can't do anything... When I had the DSL Modem ethernet cable
>>>plugged into one of the LAN ports it worked OK. Do I need to configure
>>>the WAN security to allow the CISCO VPN client to run IPSec through the
>>>WAN?
>>>
>>>Carl
>>>
>>
>>
>>
>
> --
> Please do not contact me directly or ask me to contact you directly for
> assistance.
>
> If your question is worth asking, it's worth posting.
>
> If it’s not worth posting you should have done a search on
> http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
> http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
> time.
Anonymous
October 22, 2004 4:25:33 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

which Cisco VPN version are you using? 4.0.1 works fine here for me. I
changed the defaults on the MN-700 so that the base station address is
192.168.1.1 and the IP range served by DHCP is 192.168.1.xxx etc.

Also, the Cisco VPN client has an optional firewall (stateful packet
inspection) - try unmarking it if it is checked off in your client.

On Fri, 22 Oct 2004 06:36:11 -0400, "Carl Hilton"
<someone@microsoft.com> wrote:

>I have several Etherreal captures of traffic... How do I determine what is
>required? Most of the traffic appears to be between the workstation and the
>MN-700 gateway?
>
>OOPS, I see that once I make the VPN connection, my Network Adapter changes
>to the Cisco VPN adapter, So... capturing that traffic, what do I look for?
>There is a LOT of traffic on various ports?
>
>Persistant Port forwarding points back to a specific IP, but with this VPN,
>I am assigned a different IP...
>
>Carl
>
>
>I see ISAKMP traffic between my machine and the VPN Concentrator but then
>after the signon. All subsequent traffic is to the gateway, except for
>"Joker" <no-spam@netzero.com> wrote in message
>news:eW%23Ctv9tEHA.2956@TK2MSFTNGP12.phx.gbl...
>> If you can figure out which ports are needed for incoming data you can use
>> persistent port forwarding instead. It is a much more secure method of
>> doing the VPN as well.
>>
>> Carl Hilton wrote:
>>
>>> Well, it looks like the solution is to log into the MN-700, turn on the
>>> DMZ for the machine you want to use a VPN client... Do you VPN session,
>>> disconnect, then disable the DMZ... Not elegant but it works.
>>>
>>>
>>>
>>> "Carl Hilton" <someone@microsoft.com> wrote in message
>>> news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>>
>>>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects,
>>>>but I can't do anything... When I had the DSL Modem ethernet cable
>>>>plugged into one of the LAN ports it worked OK. Do I need to configure
>>>>the WAN security to allow the CISCO VPN client to run IPSec through the
>>>>WAN?
>>>>
>>>>Carl
>>>>
>>>
>>>
>>>
>>
>> --
>> Please do not contact me directly or ask me to contact you directly for
>> assistance.
>>
>> If your question is worth asking, it's worth posting.
>>
>> If it’s not worth posting you should have done a search on
>> http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
>> http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
>> time.
>

--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)
Anonymous
October 22, 2004 8:17:20 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

I also use 4.0.1... My base station is 192.168.2.1 and DHCP Serves
192.168.2.XXX... I do not use 192.168.1.XXX as that is in use by my ISP's
DSL Modem which is connected to my bast station's WAN port. I HAVE turned
off stateful firewall on the client.

Carl


"Barb Bowman [MVP-Windows]" <barb@nospam.com> wrote in message
news:c0din05sdnjvip9aosd42v5ug8rpukur8t@4ax.com...
> which Cisco VPN version are you using? 4.0.1 works fine here for me. I
> changed the defaults on the MN-700 so that the base station address is
> 192.168.1.1 and the IP range served by DHCP is 192.168.1.xxx etc.
>
> Also, the Cisco VPN client has an optional firewall (stateful packet
> inspection) - try unmarking it if it is checked off in your client.
>
> On Fri, 22 Oct 2004 06:36:11 -0400, "Carl Hilton"
> <someone@microsoft.com> wrote:
>
>>I have several Etherreal captures of traffic... How do I determine what is
>>required? Most of the traffic appears to be between the workstation and
>>the
>>MN-700 gateway?
>>
>>OOPS, I see that once I make the VPN connection, my Network Adapter
>>changes
>>to the Cisco VPN adapter, So... capturing that traffic, what do I look
>>for?
>>There is a LOT of traffic on various ports?
>>
>>Persistant Port forwarding points back to a specific IP, but with this
>>VPN,
>>I am assigned a different IP...
>>
>>Carl
>>
>>
>>I see ISAKMP traffic between my machine and the VPN Concentrator but then
>>after the signon. All subsequent traffic is to the gateway, except for
>>"Joker" <no-spam@netzero.com> wrote in message
>>news:eW%23Ctv9tEHA.2956@TK2MSFTNGP12.phx.gbl...
>>> If you can figure out which ports are needed for incoming data you can
>>> use
>>> persistent port forwarding instead. It is a much more secure method of
>>> doing the VPN as well.
>>>
>>> Carl Hilton wrote:
>>>
>>>> Well, it looks like the solution is to log into the MN-700, turn on the
>>>> DMZ for the machine you want to use a VPN client... Do you VPN session,
>>>> disconnect, then disable the DMZ... Not elegant but it works.
>>>>
>>>>
>>>>
>>>> "Carl Hilton" <someone@microsoft.com> wrote in message
>>>> news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>>>
>>>>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>>>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects,
>>>>>but I can't do anything... When I had the DSL Modem ethernet cable
>>>>>plugged into one of the LAN ports it worked OK. Do I need to configure
>>>>>the WAN security to allow the CISCO VPN client to run IPSec through the
>>>>>WAN?
>>>>>
>>>>>Carl
>>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Please do not contact me directly or ask me to contact you directly for
>>> assistance.
>>>
>>> If your question is worth asking, it's worth posting.
>>>
>>> If it's not worth posting you should have done a search on
>>> http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
>>> http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
>>> time.
>>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
October 22, 2004 10:34:00 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

You might consider setting either the DSL router into bridging mode or
turning the MN-700 into an access point as running two routers like that
is not a recommended situation & it will cause problems like this to happen.

Carl Hilton wrote:

> I also use 4.0.1... My base station is 192.168.2.1 and DHCP Serves
> 192.168.2.XXX... I do not use 192.168.1.XXX as that is in use by my ISP's
> DSL Modem which is connected to my bast station's WAN port. I HAVE turned
> off stateful firewall on the client.
>
> Carl


--
Please do not contact me directly or ask me to contact you directly for
assistance.

If your question is worth asking, it's worth posting.

If it’s not worth posting you should have done a search on
http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
time.
Anonymous
October 22, 2004 10:48:47 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

ah ha. you have double NAT. that is the problem. your modem supplies
private IP's to the computers behind it. you need to turn the 700 into
an access point and turn off DHCP. either that or get your ISP gto
turn NAT off in your modem.

On Thu, 21 Oct 2004 20:00:10 -0400, "Carl Hilton"
<someone@microsoft.com> wrote:

>Well, it looks like the solution is to log into the MN-700, turn on the DMZ
>for the machine you want to use a VPN client... Do you VPN session,
>disconnect, then disable the DMZ... Not elegant but it works.
>
>
>
>"Carl Hilton" <someone@microsoft.com> wrote in message
>news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects, but
>>I can't do anything... When I had the DSL Modem ethernet cable plugged into
>>one of the LAN ports it worked OK. Do I need to configure the WAN security
>>to allow the CISCO VPN client to run IPSec through the WAN?
>>
>> Carl
>>
>

--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)
Anonymous
October 22, 2004 10:56:21 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

Actually, my modem supplies IPs to the 700 which supplies IP's to the
computers... But I will see about turning off the DHCP on my modem... would
it matter if DHCP were turned off on my 700 instead?




"Barb Bowman [MVP-Windows]" <barb@nospam.com> wrote in message
news:1e3jn0dksj2oh87fm5kuia23rejnrc9ech@4ax.com...
> ah ha. you have double NAT. that is the problem. your modem supplies
> private IP's to the computers behind it. you need to turn the 700 into
> an access point and turn off DHCP. either that or get your ISP gto
> turn NAT off in your modem.
>
> On Thu, 21 Oct 2004 20:00:10 -0400, "Carl Hilton"
> <someone@microsoft.com> wrote:
>
>>Well, it looks like the solution is to log into the MN-700, turn on the
>>DMZ
>>for the machine you want to use a VPN client... Do you VPN session,
>>disconnect, then disable the DMZ... Not elegant but it works.
>>
>>
>>
>>"Carl Hilton" <someone@microsoft.com> wrote in message
>>news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects,
>>>but
>>>I can't do anything... When I had the DSL Modem ethernet cable plugged
>>>into
>>>one of the LAN ports it worked OK. Do I need to configure the WAN
>>>security
>>>to allow the CISCO VPN client to run IPSec through the WAN?
>>>
>>> Carl
>>>
>>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
Anonymous
October 22, 2004 10:59:09 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

Hmmm, how about if I turn off DHCP on my modem, and enable IP PASS Through
between the Modem to the 700? That way the 700 gets the IP address my ISP
assigns to my modem?

Let me try.

Carl


"Barb Bowman [MVP-Windows]" <barb@nospam.com> wrote in message
news:1e3jn0dksj2oh87fm5kuia23rejnrc9ech@4ax.com...
> ah ha. you have double NAT. that is the problem. your modem supplies
> private IP's to the computers behind it. you need to turn the 700 into
> an access point and turn off DHCP. either that or get your ISP gto
> turn NAT off in your modem.
>
> On Thu, 21 Oct 2004 20:00:10 -0400, "Carl Hilton"
> <someone@microsoft.com> wrote:
>
>>Well, it looks like the solution is to log into the MN-700, turn on the
>>DMZ
>>for the machine you want to use a VPN client... Do you VPN session,
>>disconnect, then disable the DMZ... Not elegant but it works.
>>
>>
>>
>>"Carl Hilton" <someone@microsoft.com> wrote in message
>>news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects,
>>>but
>>>I can't do anything... When I had the DSL Modem ethernet cable plugged
>>>into
>>>one of the LAN ports it worked OK. Do I need to configure the WAN
>>>security
>>>to allow the CISCO VPN client to run IPSec through the WAN?
>>>
>>> Carl
>>>
>>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
Anonymous
October 23, 2004 12:15:10 PM

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

Turning on "IP-PASS Through" on my DSL modem and pointing it at the 700
worked. Thanks

Carl


"Barb Bowman [MVP-Windows]" <barb@nospam.com> wrote in message
news:1e3jn0dksj2oh87fm5kuia23rejnrc9ech@4ax.com...
> ah ha. you have double NAT. that is the problem. your modem supplies
> private IP's to the computers behind it. you need to turn the 700 into
> an access point and turn off DHCP. either that or get your ISP gto
> turn NAT off in your modem.
>
> On Thu, 21 Oct 2004 20:00:10 -0400, "Carl Hilton"
> <someone@microsoft.com> wrote:
>
>>Well, it looks like the solution is to log into the MN-700, turn on the
>>DMZ
>>for the machine you want to use a VPN client... Do you VPN session,
>>disconnect, then disable the DMZ... Not elegant but it works.
>>
>>
>>
>>"Carl Hilton" <someone@microsoft.com> wrote in message
>>news:o $cNhZ6tEHA.3572@tk2msftngp13.phx.gbl...
>>>I just got my MN-700 configured so that the DSL Modem ethernet cable is
>>>plugged into the WAN port.. HOwever, now my Cisco VPN client connects,
>>>but
>>>I can't do anything... When I had the DSL Modem ethernet cable plugged
>>>into
>>>one of the LAN ports it worked OK. Do I need to configure the WAN
>>>security
>>>to allow the CISCO VPN client to run IPSec through the WAN?
>>>
>>> Carl
>>>
>>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
!