Cisco VPN client 4.0.1 vs Zywall10W

Cisco VPN client 4.0.1 vs Zywall10W
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Up and Running » Virtual Private Networking » Cisco VPN client 4.0.1 vs Zywall10W

EDZ_PGT4 @ 28th Dec 07:16AM:
Cisco VPN client 4.0.1 vs Zywall10W

Hi all, I'm wondering if someone here may be able to help point me in the right direction.

I have a mobile office GPRS card (GC75) on the Orange network in the UK. I am trying to use this to connect to a VPN secured with a Zywall 10W (via IPSEC). I've tried various VPN clients with this card and although I've managed to connect to the VPN, it's not worked properly in that ping replies are not received back from the Zywall. (The zywall does receive the ping request and it also sends the reply).

There seems to be limited support for the Orange GPRS card, but they suggest that it supports Cisco VPN clients. I've got hold of a copy of Cisco VPN Client 4.0.1 as a test. The trouble is, the parameters in the settings seem different to those of the other client software packages. For instance, there's "group authentication" which I'm not used to, and there's no mention of the usual preshared key and phase1/phase2 stuff.

Anyone have any suggestions?
reply

Brano @ 28th Dec 08:34AM:
Re: Cisco VPN client 4.0.1 vs Zywall10W

Use SSH Sentinel (free for personal use) or ZyWALL Remote Security Client (about $50).
SSH Sentinel was the previously supported VPN client by ZyXel but they dropped it.

Check ZyXel IPSec VPN Application Notes for detailed setup instructions.
reply

EDZ_PGT4 @ 28th Dec 11:35AM:
Re: Cisco VPN client 4.0.1 vs Zywall10W

Thanks, but as I said, I've tried other VPN clients with no success. The first one I tried was SSH Sentinel. The card manufacturers state that Cisco VPN client is supported so that's why I've gone this route.

Any other ideas?
reply

Brano @ 28th Dec 04:25PM:
Re: Cisco VPN client 4.0.1 vs Zywall10W

What kind of issues do you have? I don't quite understand how a specific network card would support a specific IPSec client.
What OS are you running?

Did you try »ZyXEL forum?
reply

EDZ_PGT4 @ 28th Dec 09:17PM:
Re: Cisco VPN client 4.0.1 vs Zywall10W

NOTE: By the time I finished writing this reply, I had prompted myself to try some new things, but I'd still appreciate any advice.

OK, hope you've got some time to spare!....

This is an Orange GC75 GPRS card. It's the first time I've ever had to attempt to network such a beast to anything, but I was optimistic at the start. It's installed on a laptop running Windows XP.

Step one:
With the laptop running on WinXP SP1, I installed SSH Sentinel and quickly managed to establish a connection. Great, but I can't ping anything at the remote end. After about an hour of scratching my head, I phoned Zyxel's distributor for the UK (Electronic Frontier). I've spoken with these guys before and I've found them to be particularly knowledgeable, which makes a change for support desks! I allowed the support guy to access the Zywall's telnet and web browser interfaces via the internet and he double checked my settings. After finding nothing wrong, we moved to step two.

Step two:
The support guy emailed me a different VPN client since he felt that maybe there was an issue with SSH Sentinel. The software he emailed me was unfamiliar but 'Safenet' rings a bell - maybe I have got that wrong though. Anyway, I installed the software and got the same problem.

Step three:
Since two different pieces of software had failed to allow me to ping anything remotely, we started to dig deeper. We worked out that on creating the connection to the internet, the GPRS card firstly creates it's own VPN connection to the Orange GSM network. Therefore, the IP address of the card was not the WAN IP address on the internet and this may have caused an issue. However, the support guy looked at the Zywall logs and could tell me that it had received my ping requests, and also sent a reply. The only problem was that I was not receiving that reply.

Step four:
We then turned to the Orange web site for help and found a PDF document detailing the operation of the Orange card. There was a brief statement about VPNs and it stated that it was tested with the following vpn clients:
Ą Cisco Systems VPN client version 4.0.2 (B)
Ą Movian VPN Release 3.0.5
Ą Windows XP, Windows 2000, Pocket PC 2002 PPTP
So, now that I know they've tested it with the Cisco VPN client, I have got hold of a copy for myself. (Since writing, I now realise that the version I have is older than the one specified. Doh!

So, notes to myself:
1. Try SSH Sentinel again now that WinXP SP2 is installed
2. Try using the right version of Cisco VPN client. No idea where I'm going to find a copy to test with though.

Anyone have any further ideas?
reply

Brano @ 28th Dec 10:30PM:
Re: Cisco VPN client 4.0.1 vs Zywall10W

Regarding the VPN client quoting Anav from here »Best VPN software to use with ZW5? "...ssh Sentinel was bought out by Safenet. They have their own client called softremote, rebadged under other vendors including now ZyXEL..."

To your issues. If Cisco IPSec VPN client is OK then any other IPSec client should be OK. Having said that I've heard that there are some issues with SSH Sentilnel and SP2 but apparently some people got it working after some struggle.

I'd do all the further testing with the Safenet client that the ZyXel tech gave you as it is the supported client by ZyXel.
Make sure that you un-install any other VPN clients from that machine!

Maybe you can provide more info about your configuration:
1) ZyWall VPN settings?
2) Safenet VPN configuration?
3) What kind of errors do you see on either side?
reply