Using a VPN with a TG582n router

HelenaSS · ‎01-07-2014

I have just switched to Plusnet broadband, and have found that my work Cisco VPN isn't binding correctly. I was using it successfully with my previous broadband ISP.
I can connect it, and it allows me to FTP, and access Webmin provided I use the IP address of the server I'm going to instead of its domain name. However, there are times when I need to access servers behind our company firewall by domain name in a browser, so I nee dto fix this issue.
I have read the various posts on this subject here, and have done the following Telnet commands:
connection unbind application PPTP port 1723
connection unbind application IKE
connection unbind application ESP
connection unbind application AH
My VPN uses IPSec/UDP
I am using Windows 8.
The PlusNet Firewall is Off.
Here is the connection applist:
Application Proto DefaultPort Trace Timeout Child Qos ALG s
pecific config
PPTP tcp 1723 disabled 5' 0" ------
AH ah 0 ------ 15' 0" ------
ESP esp 0 ------ 15' 0" ------
IKE udp 500 disabled 15' 0" ------ FLOAT
ING
SIP udp 5060 disabled 10' 0" VoIP-RTP trace
level: none
JABBER tcp 5222 disabled 2' 0" ------
CU/SeeMe udp 7648 disabled ------ ------
RAUDIO(PNA) tcp 7070 disabled ------ ------
RTSP tcp 554 disabled 2' 0" Video trace
level: none
ILS tcp 389 ------ 5' 0" ------
H245 tcp 0 ------ 5' 0" ------
H323 tcp 1720 disabled ------ ------
IRC tcp 6667 disabled 5' 0" ------
DHCP udp 67 disabled 1' 0" ------
GAME(UDP) udp 0 disabled 1' 0" ------ IPV6-
ENABLED
CONE(UDP) udp 3478 disabled 5' 0" ------ IPV6-
ENABLED
LOOSE(UDP) udp 0 disabled 5' 0" ------ IPV6-
ENABLED
SNMP_TRAP udp 162 enabled ------ ------
FTP tcp 21 disabled ------ None IPV6-
ENABLED
And here is the connection bindlist:
Application Proto Portrange Flags
SIP udp 5060 IPv4-only snooping: enabled translate-predic
t: enabled
CU/SeeMe udp 7648 IPv4-only
RAUDIO(PNA) tcp 7070 IPv4-only
RTSP tcp 554 IPv4-only
ILS tcp 389 IPv4-only
ILS tcp 1002 IPv4-only
H323 tcp 1720 IPv4-only
IRC tcp 6660-6669 IPv4-only
FTP tcp 21
JABBER tcp 5222 IPv4-only
JABBER tcp 15222 IPv4-only
DHCP udp 67 IPv4-only
CONE(UDP) udp 69
CONE(UDP) udp 88
CONE(UDP) udp 3074
CONE(UDP) udp 3478-3479
Any suggestions as to what I could try next would be gratefully received!

Townman · ‎22-08-2007

Hi Helena,
Welcome to PlusNET and the forums. I use to use a corporate VPN with the tg582n router and it worked fine out of the box.
My guess would be that the PN firewall settings are wring. Go to the user portal - http://plus.net - login with your account name and password. Goto member centre, on the left cluck connection and then the fire wall icon. Set the firewall to low (or off). You will need to disconnect the PPP session to pickup the changes.
Setting the firewall to low also allows stp to work as well.
HTH
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

HelenaSS · ‎01-07-2014

Thank you for replying so quickly, Kevin.
I had already checked the firewall and it was set to Off. However, on checking again at your prompt, I noted that the Low setting ws labelled as "(Please note: This is the only VPN (Virtual Private Network)-compatible firewall setting). " so I changed to that, restarted the router, reconnected broadband and reconnected the VPN. Unfortunately, I still can't access servers behind our firewall via browsers, as I used to be able to.

Pettitto · ‎26-11-2011

Hi HelenaSS,
Just as a test, would you be able to change the DNS on your computer to Google's?
Primary: 8.8.8.8 and Secondary: 8.8.4.4
We'll change it back to ours once we've done that if you're okay with that? Details on how to do this if you're unfamiliar can be found here: https://developers.google.com/speed/public-dns/docs/using

Townman · ‎22-08-2007

Helena,
Have you tried running a tracert to see where the problem is? Are you trying to access by URL or IP address? (DNS issue). Are you familiar with nslookup? Running this might clarify which DNS is resolving URLs.
Being pedantic, both OFF and LOW configurations support VPN, but the former delivers no protection at all.
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Townman · ‎22-08-2007

Quote from: Chris
Just as a test, would you be able to change the DNS on your computer to Google's?

Chris,
There's every chance that with a VPN configuration, the VPN client has inhibited access to the local client's DNS servers, thereby restricting access to that permitted by the corporation's security systems.
From the information provide, it does not seem clear if the VPN tunnel has yet been established over which the in-house systems can be accessed.
Guess using the Google DNS will eliminate the possibility that the PN DNS is not resolving the name resolution for establishing the VPN tunnel.

Helena,
Would you know if your business' VPN connects via a known IP address or a url?

Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Pettitto · ‎26-11-2011

That was the thinking behind it.

HelenaSS · ‎01-07-2014

Thank you for all your replies.
As it happens, I was already using the Google DNS. I tried changing it back, but that didn't help either.
To clarify, the VPN connects, and if I browse/FTP to an P address, it works - it's just when I use a domain that it doesn't and I get an error message .e.g. in a browser "Oops! Internet Explorer could not find dev1.mindtools.com".
If I do nslookup, I get:
C:\Users\Helena>nslookup dev1.mindtools.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::9e97:26ff:fea4:db0c
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available
for dev1.mindtools.com
The Host setting in my VPN client is an IP address not a URL.
Thanks

Townman · ‎22-08-2007

Helena,
Does ipconfig /all identify the DNS server for your VPN tunnel? If yes, can you ping it?
On the edge of my knowledge - your nslookup test reported a IP v6 address - is your VPN expecting to function on IP v6? What is the firmware version of your tg582n? You need to be on 10.something for IP v6 operation.
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

HelenaSS · ‎01-07-2014

Hi
I realised I did the nslookup which I posted above incorrectly as I hadn't included the Google DNS details, here's the result of what I should have done:
C:\Users\Helena>nslookup dev1.mindtools.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: dev1.mindtools.com
Address: 10.177.135.6
[And, no, I am not trying to use IPv6 - that was just a standard error message because I'd done the nslookup without the dns parameter]
When I do ipconfig /all, I get a load of stuff back. I'm not sure what bit would indicate the DNS server for my VPN tunnel. Any suggestions on what heading this would be?
Many thanks

Dan_the_Van · ‎25-06-2007

Hi,
Mine looks like
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : <something.something.com>
Description . . . . . . . . . . . : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
So I would expect the description line to start Cisco.....

Dan.