D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DGL-4500 => Topic started by: rockets19 on November 17, 2011, 03:56:12 PM
-
to my work network.
I use a software product called MyEd that runs through a login process for me to work from home.
When I a have a wired connection, my work laptop will not run the complete work login process. The router log states that there have been some blocked incoming TCP packets.
When I am connected wirelessly, I am still able to surf the internet without issue. When I go to boot the MyEd software and navigate through a login window or two, my wireless connection is dropped.
I called support and was told that I needed to find out what the software was using for PCP and UDP port numbers to enable connectivity through the router. Does this sound right?
Anyone have any other suggestions?
Firmware version is 1.23NA
Thanks in advance.
-
What wireless modes are you using?
Try single mode G or mixed G and N?
What security mode are you using? WEP, WPA or WPA2? Preferred is WPA-Personal. WPA2/Auto TPIK and AES.
Might have to set up some Application rules for your application. Need to find out what port numbers that applications uses.
-
Thanks for the fast response...
Wireless mode is Mixed 802.11n, 802.11g and 802.11b .
Security mode is WPA-Personal w/ Auto(WPA or WPA2), TKIP and AES.
I have not tried any other modes - have only had the router setup as of today.
-
Try Single mode G or Mixed G and N. If you don't have any A or B supporting devices then theres no need to broadcast those modes.
-
I have tried both with the same results.
Wired - the vpn login process does not complete.
Wireless - able to surf internet without issue - vpn login process does not complete. I noticed as soon as the login script started to run, the wireless connection was dropped. The laptop has Cisco Secured Services Client running. As soon as the connection was dropped, I noticed a "wired" connection started to connect (despite no wired connections).
Not sure if any of this helps.
-
I called support and was told that I needed to find out what the software was using for PCP and UDP port numbers to enable connectivity through the router. Does this sound right?
So your IT..told you that "You" have to find the ports to enable to connect to their network? Did they happen to live in the New Delhi timezone? ::sigh::
Call them again and try to get someone that sounds like they know what they are talking about. If it doesn't use standard IPsec, and requires the ports to be forward, we can't help you unless we know which ports. You might also try posting your question here. (http://feedback.is.ed.ac.uk/uoe-is/problems/common)
-
So your IT..told you that "You" have to find the ports to enable to connect to their network? Did they happen to live in the New Delhi timezone? ::sigh::
Call them again and try to get someone that sounds like they know what they are talking about. If it doesn't use standard IPsec, and requires the ports to be forward, we can't help you unless we know which ports. You might also try posting your question here. (http://feedback.is.ed.ac.uk/uoe-is/problems/common)
Sorry - it was actually D-Link support that told me I needed to find out the PCP and UDP port numbers being used by the VPN software (MyEd) in order for it to work. I checked with a few folks in the office and they feel this is going overboard and they have recommended getting a different router.
-
I just checked with a few folks at work and they mentioned that the VPN software does use standard IPsec.
Despite the recommendation to return the router and purchase a different one, I am willing to move forward with any configuration changes you guys deem necessary.
(that being said, I cannot justify the purchase if I am unable to access my work network)
Thanks.
-
You'll need to the Mfr of that software you using or the IT department where you work at to help you configure the router. The router can do just about anything however being so many applications and configurations, the MFRs of SW and such are reproducible for there configurations and information on how to set them up being with ports or not. Any VPN configurations are also handled at the IT department level as they set them up and configure them for there needs. They should have any router configuration information you need to get your router set up. If the VPN software uses standard IPsec then this router will handle that.
This a not a DLink router issue, this is a configuration issue that should be addresses at those levels. TCP and UDP port information seems possibly critical here and once you have this and any other configuration information, then it's possible for us to help you get the router configured correctly.
Getting a different router might not solve anything as you'd still need to configure it as well.
Keep us posted.
-
Thanks, Furry.
I have spoken to various internal IT networking and help desk folks and they all say the same thing - port forwarding is not needed for the VPN connection. (which matches my experience with previous routers and the same VPN application)
Comments such as "I've used 10 different routers and never had to configure a port for VPN" and "you do not have to use TCP or UDP port forwarding" are what I am receiving when I inquire...
I have a few folks researching on my behalf.
-
Ok then the router should work well, there could be other issues with the SW or maybe at the ISP level as well.
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.
Some things to try:
Ensure DNS IP addresses are being filled in under Setup/Internet/Manual? You can find these under Status/Device Info/Wan section.
Turn off ALL QoS (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices on the router. Setup/Networking
Ensure devices are set to auto obtain an IP address.
Set Firewall settings to Endpoint Independent for TCP and UDP.
-
I have Cable. (Time Warner Cable is the ISP)
The modem is a standalone model by Ambit (not at home and do not have model # readily available)
If I recall correctly, the DNS IP addresses are being filled in. I did not mess with any QoS or GameFuel options - they should still be in their "default" status.
Firewall settings are currently set to Endpoint Independent for both TCP and UDP.
I am at work and do not have access to the other settings.
I will model these settings and and try again later today (hopefully, since we're heading out of town for a college football game).
Thanks.
-
Ok, keep us posted.
Maybe someone can review your router settings with you using teamviewer. (http://www.teamviewer.com)
-
Sorry for my intial outburst. I just have to deal with IT departments passing the buck alot, and its frusterating.
Ok, so it uses IPsec. First thing to do is rule out a issue with the software, PC issue, etc, by bypassing the router, connecting the PC to modem, and seeing if it works.
Second, reconnect the router, and make sure you can get online. Then check if IPsec is on.
192.168.0.1 > Firewall > APPLICATION LEVEL GATEWAY (ALG) CONFIGURATION
Third, if that doesn't work. Try going wired into the router (instead of wireless) and see if maybe the software only install the required services and items in your wired IPstack instead of wireless. Also it will rule out any weird wireless security issue, or a WISH issue.
4th, if that doesn't work. Set a DHCP reservation for your computer's IP and then put your computer in the DMZ. If you need instructions for this, we can of course provide them, but just incase you know how, thought I would just ask. Also, this isn't a long term solutions, it's just to isolate a issue to the router's firewall. I have a feeling it's the wireless doing it.
-
Sorry for my intial outburst. I just have to deal with IT departments passing the buck alot, and its frusterating.
Ok, so it uses IPsec. First thing to do is rule out a issue with the software, PC issue, etc, by bypassing the router, connecting the PC to modem, and seeing if it works.
Second, reconnect the router, and make sure you can get online. Then check if IPsec is on.
192.168.0.1 > Firewall > APPLICATION LEVEL GATEWAY (ALG) CONFIGURATION
Third, if that doesn't work. Try going wired into the router (instead of wireless) and see if maybe the software only install the required services and items in your wired IPstack instead of wireless. Also it will rule out any weird wireless security issue, or a WISH issue.
4th, if that doesn't work. Set a DHCP reservation for your computer's IP and then put your computer in the DMZ. If you need instructions for this, we can of course provide them, but just incase you know how, thought I would just ask. Also, this isn't a long term solutions, it's just to isolate a issue to the router's firewall. I have a feeling it's the wireless doing it.
No worries with the outburst - didn't bother me a bit. LOL.
I have bypassed the router without issue - I am able to VPN into the work network successfully.
When using the router (wired or wirelessly from my work laptop), I cannot successfully login to my work VPN. All non-work related internet use is flawless - wired or wireless - for personal and work machines.
-
Ok, did you check if IPsec was on and does it work with your PC in the DMZ? Advanced > Firewall > DMZ host.
-
Ok, did you check if IPsec was on and does it work with your PC in the DMZ? Advanced > Firewall > DMZ host.
IPsec was on initially. I have tried a number of different configuration settings to no avail. I will enable/disable configuration settings as you and Furry have suggested when I get home.
-
Yea, if it doesn't work in DMZ, not sure where the problem is. I would suggest Teamviewer at that point and try some trial and error.
-
Yea, if it doesn't work in DMZ, not sure where the problem is. I would suggest Teamviewer at that point and try some trial and error.
Okay...
FYI - I did initially put my work laptop's IP addy (as assigned by router) in the DMZ. Same results.
I am not very router-savvy, despite being in a technology field (software development). LOL.
-
Thats odd. Im not sure then. I would have to look at your settings as a whole before I could give any other suggestions.
-
Firewall settings for TCP and UDP are both set to Enpoint Indpendent.
IPsec is on.
I have setup a DHCP reservation for my work laptop and included the same IP in the DMZ (the IP as defined by the router - 192.168.0.9). I attempted a wired login to my work VPN network with the same results. The logon script was found but errored out after 10 attempts. I pulled the LAN cable out and attempted via wireless. Same issue as before.
At this time, I jumped back on the router interface to check the logs. While looking at other stats, I noticed that two IP addresses were now assigned to the work laptop (guessing the "new" IP was because I went wireless?). I then added a second DHCP reservation for the second IP for this machine, 192.168.0.7.
I rebooted the laptop and attempted to login wired. It failed as before. As soon as the logon script went through it's 10 iterations and then failed, I unplugged the LAN cable for 10-15 seconds and then plugged it back in.
Lo and behold - the logon script finished logging in...successfully.
That's the good news. The bad news is that I have to unplug and then re-attach the LAN cable after a failed login before it will work wired. Still no luck with wireless.
Any thoughts?
-
Are you using zero in the last octet of the IP address? Not sure if this matters or not however generally you don't need any zeros with a single digit number: 192.168.0.9 not .09.
-
Are you using zero in the last octet of the IP address? Not sure if this matters or not however generally you don't need any zeros with a single digit number: 192.168.0.9 not .09.
Sorry - my mistake. Correct - IP contains a single digit in the last octet.
-
Any interest in having someone review your router settings with you using teamviewer (http://www.teamviewer.com)?
-
Any interest in having someone review your router settings with you using teamviewer (http://www.teamviewer.com)?
I'm almost to that point, Furry...I'm going to try another "test", this time on the VPN side.
The software boots up in Turbo Mode - I am going to turn this off and then try again. If this works, I am going to remove the "second" IP address for the work laptop (unless any of you suggest leaving it in the DHCP reservation list).
I'll let you know how it turns out. (later today or possibly tomorrow)
-
Still not sure why your IT didn't give you a sheet with your login info and network suggestions. Without it we are in the dark.