6 Replies Latest reply on May 1, 2014 11:28 AM by mick

    VPN client

    ovais New Member

      Hi Support,

      I am using a NetVanta 3430 box and I need to establish a VPN between the NetVanta box and the remote users who would be running VPN client software on their machines to remotely connect to the office, I have two questions:

       

      1---  I have gone through the VPN setup wizard and it was straight forward, i selected "Mobile worker" during the setup with "any ID" and domain as "www.minerva-me.com", i also selected a pre shared key. would i be able to use standard windows 7 VPN client to access my VPN?

       

      2--- If windows VPN client doesn't work, what other VPN client software i can use?

       

      3--- How many VPN connections are supported on this particular box?

       

      Regards,

      Ovais

        • Re: VPN client
          vmaxdawg05 Past_Featured_Member

          The Windows VPN client uses PPTP or L2TP.  You will need a VPN client.  The easiest VPN client would be Adtran's VPN client.  You can download the config for each user straight from the router.  That one will cost you some money.  An alternative that works well is Shew Soft VPN  (https://www.shrew.net/download).  It works well and comes in two versions (standard and pro).  Standard is free and should meet your needs.  The professional version has some additional features that you can probably live without.

           

          Adtran does not officially support it, but they do provide a good document on how to configure it to  work with the NetVanta routers  (https://supportforums.adtran.com/docs/DOC-2268).

           

          I use it every day.  It works well. 

            • Re: VPN client
              ovais New Member

              Hello vmaxdawg05,

              Thank you very much for your reply and suggestion, i have downloaded the tool and will test it soon.

                • Re: VPN client
                  ovais New Member

                  Hello vmaxdawg05,

                  Coming back to the same topic after a long time

                  I have downloaded and configured Shrewsoft version 2.2.2 as per the instruction in the document that you provided. When i run the VPN client while I am connected to my office WLAN its works and i can see in my Netvanta 3430 box a VPN peer is connected (that's like a local connection test, 3430 is installed in the office). When I try to connect the VPN from my home WLAN I receive this "Negotiation timeout occurred" error and then it terminates the tunnel. I am not able to figure what could be the cause of it. Could you suggest something please. 

                    • Re: VPN client
                      vmaxdawg05 Past_Featured_Member

                      It would be difficult to say without seeing some of the configuration.  Usually a timeout means that you are not accessing the right public address, or something is between the client and the 3430.  Your router at home may be blocking the VPN traffic.  Some routers require VPN pass-through be enabled.  That is usually for PPTP/L2TP though. If you have ssh access to your 3430, you can debug your ip crypto ike negotiation while you are trying connect.  If you seen nothing happening, then something is blocking the client from getting to the 3430.  Otherwise, the debug output should shed some light on what's going on.  The fact that it works internally, means something is preventing your client from reaching your 3430 from the outside.

                       

                      I'm happy to help troubleshoot if you need outside eyes.

                       

                      R\

                        • Re: VPN client
                          ovais New Member

                          Hi,

                           

                          Thanks for the prompt response, I logged in remotely to the 3430 firewall and checked the event logs while I was trying to connect VPN from home and received these messages:

                           

                           

                           

                          2014.04.29 23:50:00 FIREWALL id=firewall time="2014-04-29 23:50:00" fw=Minerva pri=6 rule=4 proto=http src=192.168.11.3 dst=192.168.11.2 msg="Service access request successful Src 4566 Dst 80 from Private policy-class on interface eth 0/1.1" agent=AdFirewall

                           

                           

                           

                          2014.04.29 23:50:02 FIREWALL id=firewall time="2014-04-29 23:50:02" fw=Minerva pri=1 proto=58565/tcp src=192.185.225.59 dst=94.200.185.214 msg="TCP connection request received is invalid (expected SYN, got ACK), dropping packet; flags=0x11 Src 25 Dst 58565 from Public policy-class on interface eth 0/2" agent=AdFirewall

                           

                           

                           

                          2014.04.29 23:50:19 FIREWALL id=firewall time="2014-04-29 23:50:19" fw=Minerva pri=6 rule=4 proto=http src=192.168.11.3 dst=192.168.11.2 msg="Connection closed.Bytes transferred : 554 Src 4619 Dst 80 from Private policy-class on interface eth 0/1.1" agent=AdFirewall  

                           

                           

                           

                          Thanks,

                           

                           

                           

                          Ovais

                           

                          +971508710692

                            • Re: VPN client
                              mick Visitor

                              Hi Ovals,

                               

                              These log entries don't help.  You need to run a crypto debug session on the Netvanta (enable and then 'debug crypto ike') while you are trying to connect with the VPN client.  When you finish the session, run 'undebug all' to stop it.  The debug messages should explain what is the problem.  You can obfuscate IP addresses and other details and post here the salient points.

                               

                              Also the shrew client has a configurable debug function, so that you can capture a log of the client side:

                               

                              Shrew Soft VPN Client Administrators Guide

                               

                              In most cases, a connection doesn't work because of some problem with the configuration, like there is mismatch between gateway and client transforms, or peer ID, etc.

                               

                              Hope this helps,

                               

                              Mick