Patrick Joyce

January 5, 2007

VPN and Firewall Issues

Earlier this week my VPN software began giving me "Connection Failed: Remote Host Not Responding" errors when I tried to connect. This confused me, as I hadn't changed anything in the week I was off work, and my setup had worked fine for the last 8 months. I could ping the VPN gateways, but the connection still wasn't working. This suggested that IPSec traffic was being filtered out. I couldn't understand how this could happen as we hadn't changed our router settings and everything worked fine before. I checked that IPSec pass through was still enabled on the router, which it was. At this point I started to suspect the VPN software but I wanted to make sure. So I dropped the firewall on the router entirely just to rule out the firewall. Presto, everything works.

Turns out that ports 500 and 4500 need to be forwarded through the router as well. I turned the firewall back on, enabled Port Triggering for those two ports, and everything works fine again.

Now if someone could just explain why the router firewall suddenly started blocking those ports and what purpose the "Enable IPSec Passthrough" option serves if you still need to manually set up the port forwarding. Or why it worked fine for the last 8 months without those ports being forwarded.

More Articles on Software & Product Development

Agile With a Lowercase “a”
”Agile“ is an adjective. It is not a noun. It isn’t something you do, it is something you are.
How Do You End Up With A Great Product A Year From Now?
Nail the next two weeks. 26 times in a row.
Build it Twice
Resist the urge to abstract until you've learned what is general to a class of problems and what is specific to each problem.