An Accepted Solution is available for this post.
Westell 9100 and VPN Settings
rhigham
Newbie
‎02-16-2009 09:35 PM

Recently Verizon switched out my Actiontech Router for a Westell 9100 and my VPN connection does not work? Seems like it connects. In fact it say connected to my office server but I cant ping the machine. Times out.

So the question is what changed? Do I need to open some ports? And if so how do I do that. My IT guy at the office can connect at his house without a problem. The VPN is a Sonic Wall tz-170

Thanks for any guidance

0 Likes
8 Replies
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
Arun3
Newbie
‎02-17-2009 12:38 PM
May be check your westell router to see if VPN passthrough is checked.
0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
cjacobs001
Contributor - Level 3
‎02-17-2009 09:11 PM
view portforward.com
0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
rhigham
Newbie
‎02-19-2009 08:57 PM

Thanks for the responses. Portforward does not have the Westell 9100 listed. Out IT person states the tz 170 needs UDP500 iPsec. Verizon has just thrown up there hands and said we cant help you even though this worked fine when I had an Actiontech Router. Not sure where to go? I can get into the router web interface but dont know what to change?

Any more ideas? 

0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
dslr595148
Community Leader
Community Leader
‎02-23-2009 12:11 PM
I used the search function and found this other thread..

http://forums.verizon.com/vrzn/board/message?board.id=FiOS_Internet&thread.id=358

Does that help you any?
0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
prisaz
Legend
‎02-23-2009 04:44 PM

The 9100 from what I read is a better router then the Actiontec but may have some firewall features that could cause issues with some VPNs. 

Verizon support page shows two different 9100 routers. The 9100EM has a quality of service setting that can be changed to give priority to VPN and HTTP

The default User guides page does not show the 9100 routers. The links on the sidebar for network user guides does have this link.

http://www.verizon.net/central/vzc.portal?_nfpb=true&_pageLabel=vzc_help_contentDisplay&subId=16178.

Also note the following feature that could cause VPN issues if it is turned on.

Block IP Fragments This option can prevent hackers from using fragmented data packets to possibly

sabotage your network. Note: Some VPN and UDP services use IP fragments, and

this feature may need to be disabled. If you have questions about this feature, check

with Verizon technical support. It is disabled by default.

Verizon FiOS Router (Model 9100EM) User Guide

15.12 Protocol

If you click Advanced in the top navigation menu and then select the Protocol link, the following screen will

appear. For your convenience, the Router supports protocols for Applications, Games, and VPN-specific programs.

The following chart provides port/protocol information for the supported services. The Protocol screen allows you to

select the desired view: Basic Service and Advanced Service. The following sections explain the features of each

service.
0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
rhigham
Newbie
‎02-23-2009 10:25 PM

Ok. So I looked at those two threads and no help so far. BTW everything works just fine on the laptop from anywhere else just not home.

So maybe someone can brak this down a little bit more for me. I have my ip address that I connect to the VPN with (Sonic Wall VPN Connect) It says it is connected in the status window but if I try and Ping the ip address nothing comes back. Usually once I connect like at a Starbucks etc. Then I use Remote Desktop Connection to log into the server at the office and away I go. Just not at home?

So any clearer instructions on how I adjust the settings would be much appreciated. 

Robert

0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
prisaz
Legend
‎02-24-2009 04:33 PM
Here are some other ideas. 
Are you able to ping any other addresses through the 9100? There is a section on advance filtering in the firewall menu. It could be the router is dropping ICMP traffic.

If you log into your router and select the Advanced Icon, there is the Protocol section that should let you set up IPsec under the Basic menu. I found that in the manual and it shows a selection for port 500. If the router is unable to open 500 a key exchange will not happen.

 
What ports does SonicWall (or IPSec for that matter) use?

From »msdn.microsoft.com/library/defau···PSec.asp

Firewalls and IPSec

If a firewall separates two hosts that use IPSec to secure the communication channel, the firewall must open the following ports:

* TCP port 50 for IPSec Encapsulating Security Protocol (ESP) traffic
* TCP port 51 for IPSec Authentication Header (AH) traffic
* UDP port 500 for Internet Key Exchange (IKE) negotiation traffic

Message Edited by prisaz on 02-24-2009 04:34 PM
0 Likes
An Accepted Solution is available for this post.
Re: Westell 9100 and VPN Settings
rhigham
Newbie
‎03-01-2009 08:02 PM

Ok so after 2 hrs with Verizon Customer Service on Saturday its working. The work around is this. We used the DMZ Host on the computers IP Address and that seems to do the trick.

DMZ Host IP Address:

192.168.1.5

Not sure if this is the best thing but it is working! No off to the virtual office to get some work done. Thanks for all the input. Feel free to keep the comments coming.

Robert

0 Likes