Unable to connect to corporate VPN using WHR-G125

[gowen33]

   

I've had the WHR-G125 for about a year and no problems.  Used to use a Cisco VPN client to connect to corporate network while at home and had no problems.

 

We have since changed to a new VPN client, and now I can't connect anymore.  I've contacted the ISP (Earthlink/Time Warner Cable) and they claim it's not their issue.  I can connect via public wi-fi hotspots and other wireless networks.

 

So, that leads me to believe it's a setting on the WHR-G125 that needs to be changed.

 

Per our corporate IT, here's what's needed to connect:  My VPN uses PPTP, which relies on TCP port 1723 and the GRE protocol to work.

 

Any idea what settings are needed on the WHR-G125 to get this to work?  (I have not updated the firmware since I bought the router).  I did go into the settings and checked the IPSec pass through box to allow it under the VPN setting.

 

Thanks

[Paul]

This is not our VPN router.  This router will however allow you to set the IPSEC.  Other then that this is all you can control on this side of the VPN.

[gowen33]

   

So the only thing I can change is the IPSec?

 

Why would it work with a Cisco VPN client, but not this new VPN client?  It doesn't make sense unless there's a setting for the wireless router to allow certain things through (or not through).

 

I can connect to the VPN everywhere else but through the router.  That's why I'm led to believe it's a setting on the router.

 

When you say it's not your VPN router, what do you mean?  I'm not trying to use it to host a VPN or anything major.  I'm just trying to connect to my company's VPN so I can work from home.  I used to be able to connect to VPN with this router.

[Matt_M]

Try this, within the router's configuration page go to LAN config -> DMZ. Within the DMZ menu there will only be one box, "IP address of DMZ" in this box type in the IP address of your computer. After you hit apply try to connect again. Now if it connects you'll want to contact your IT department and find out specifically what port numbers are needed for this connection since you will want to do the port forwards by hand rather than use the DMZ since this puts you completely outside of the router's firewall.

[gowen33]

   

Matt,

 

Well, that did allow me to finally connect to the VPN, something I hadn't been able to do.  But, I couldn't connect to the Microsoft Exchange Server or our SAP server.   I guess that has something to do with the port forwarding.

 

Can you tell me how to port forward?  I see the menu option to do it, and was wondering if there was anything special to do, or any special information I need from our outsourced IT department (since they have been less than helpful).

 

Thanks

[Paul]

If you put your PC in the DMZ this is the same as forwarding all of your ports to your PC.  Forwarding additional ports will not help.  Try changing the MTU settings on your router to 1350 instead of 1500 (assuming you have a DHCP connection). Once you have successfully connected to your VPN and Microsoft Exchange Server and your SAP server, you will then want to find out what ports you need open and take your self out of the DMZ.  

 

 

To open the ports on this router is simple

go to LAN Config --> then port forwarding

Make up a group name (IE vpn)

Internet side IP address / Airstations internet IP address

In your case select TCP/UDP

port number will be a single port or a block 1720 or 1720-1790

Lan side port (in the example above it would be 1720) 

 

 

[RedD]

   I have enabled port forwarding of the necessary port in my router's settings. However I am still unable to connect to my corporate VPN. If I follow the step of connecting to the VPN with the DMZ I can connect without an issue. Any other settings that I should change?

[Paul]

If you can connect via the DMZ then its a port issue.  You need to confirm what ports need to be open, then make a rule in the NAT table to open the ports to you IP address.