Help with FW-1 and Cisco 3000 VPN Client

Stephen Hope shope at ENERGIS-EIS.CO.UK
Wed Apr 18 05:05:55 EDT 2001 

Nancy,

the Shiva dial up client replaces some Win9x comms DLLs, so you may be
getting some interactions in the 2 clients. This can break other things,
such as win9x direct cable connection.

Alternatively, you need to make sure that the routes are consistent when you
start the VPN client - you need the RAS routes into your network to still be
present as well as routes across the VPN tunnel. Check the routes on the PC
with and without the VPN

Command you need is "netstat -r" on Win95 from a command prompt - this will
work on some other Win versions i believe.

Stephen


Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Broderick, Nancy [mailto:nbroderick at LANGUAGELINE.COM]
> Sent: 17 April 2001 06:42
> To: VPN at SECURITYFOCUS.COM
> Subject: FW: Help with FW-1 and Cisco 3000 VPN Client
>
>
> Just an update incase anyone else encounters this problem.  I
> received this
> response from member of this VPN group and it was really a
> life-saver for
> me.  It resolved all the connectivity problems we were having on the
> internal LAN. See the response below. Additional info = We are doing
> IPSEC/UDP and the client is configured for NAT.
>
> One final question, the only issue we are having now is
> through our dialup
> server.  We dial up through our Shiva (Intel) Access Switch,
> a dedicated
> Remote Access server. Once a dialup connection is
> established, the client
> machine becomes a remote node on our network. We can browse
> the Internet and
> can browse anything on our internal LAN.
>
> The only problem is that when I try to start the VPN Client,
> I never get a
> connection, I never even get to the authentication prompt.
> It just keeps
> saying negotiating ...
> Client machines are NT 40 workstations,SP5, Dell Lattitude
> Laptops, 56k 3Com
> modem.  Connection speeds vary from 28k to 50k, results are the same
> reguardless of connection speed.
>
> Any input is appreciated.
> Thank you very much.
>
> Sincerely,
>
> Nancy Broderick
> LAN Administrator
> -----Original Message-----
> From: Pete Davis [mailto:pete at ether.net]
> Sent: Friday, April 13, 2001 5:30 PM
> To: Broderick, Nancy
> Subject: Re: Help with FW-1 and Cisco 3000 VPN Client
>
>
> Are you doing IPSEC or IPSEC/UDP? With 2.5.2b, the keepalive
> frequency was increased. The problem you are describing is because the
> Checkpoint is tearing down the PAT mappings.  If you are not doing
> IPSEC/UDP,
> you should do IPSEC/UDP with 2.5.2b.
>
>
>           - Fix CSCds42237: IPsec/UDP sessions time out
> through some default
>
>                             stateful firewalls.  UDP
> Keepalive sent every 20
>                             seconds if no other activity.
> Activity check
>                             made every 10 seconds.
>
> The client is obtained from www.cisco.com / SW CENTER / VPN
> SOFTWARE / CISCO
> VPN 3000 Client.
> ---
>      Pete Davis - Product Manager <psd at cisco.com>  (508)
> 541-7300 x6154
>          Cisco Systems, Inc.  - 38 Forge Park   Franklin, MA 02038
>
> VPN is sponsored by SecurityFocus.COM
>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list