Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: graffitisoul
graffitisoul Author
User level: Level 1
0 points

Accessing VPN Network

Hi, I realise that this question may have been asked before in one form or another as there are a lot of VPN discussions but I followed all the recommendations but don't seem to get anywhere so thought I'd try to explain my specific issue.


I've got an iMac and a MacBook all connecting to the Internet via the latest Apple Airport Extreme. I've recently starting working from home using my work laptop, which runs Windows XP and uses the Cisco AnyConnect VPN Client. The work laptop connects fine to the AirPort and I can also log into the VPN Network, and do very basic things, such as checking my e-mail and going on the Intranet. But that is where it all stops. I can't open any files stored on the server and so on and each time I try to, after a few minutes I get an error message saying that I'm disconnected from the disk.


I am usuing a Drytek modem, which plugs into the back of the AirPort, with the Airport doing all the 'hard work' such as connecting to the network, NAT is ticked and all that.


When I remove the Airport from the equation plug my normal ISP provided router into, I don't have any issues at all - either using the router's WiFi connection or plugging it into the back of the AirPort and connecting through the AirPort's WiFi connection.


This, obiovusly, is not ideal as I don't fancy playing around with my set-up all the time, not least as all the hardware is located in a rather difficult to get to area so I was hoping to be able to just use my standard set-up and connect to my work's VPN network using the AirPort, also getting rid of the ISP provided modem as that only offer Wireless G, which is not the most reliable either.


I was hoping that someone might be able to advise on a) if I'm able to actually use the AirPort to work from home and b) if so, what settings I have to change. EAch of my WiFi devices have a 'static' IP allocated to them through the AirPort so that's not changing, and I've tried to set the Airport to either distribute 10.0 and 194. addresses, as somewhere I read that this may cause issues, but it doesn't help at all.


What confuses me is that I can, with my original set up, use the Intranet and E-mail (Lotus Notes) and my work's IM service but that's all. I always thought if VPN doesn't work, nothing will rather than parts of it. I've checked everything with my work and they can't think of any solution either - and don't really support Apple products. But I guess the fact that it works through my ISP's provided modem (and even an old Netgear Router I have tried), makes me think that it's something to do with some setting on the AirPort that I haven't found yet :S.


Any advise is greatly appreciated.

Posted on Jun 4, 2011 7:27 AM

Reply
Question marked as Best reply
User profile for user: Tesserax
Tesserax
User level: Level 10
148,327 points

Posted on Jun 4, 2011 11:10 AM

The AirPorts are theoretically VPN pass-through devices. However, there is no guarentee that all VPN clients will be successful doing so.


When establishing an VPN connection, a number of VPNs allow for, at least, two types: 1) Tunnel-all and 2) Split-tunnel.


In the former, all traffic is sent to/from the tunnel. If you have a home network, you would not be able to print or share files on the home network when connected by VPN in this manner. On the other hand, a Split-Tunnels allows for data to be sent to both locations depending on the IP address.


Do you know which your Cisco VPN client is configured for?

View in context
9 replies
Question marked as Best reply
User profile for user: Tesserax
Tesserax
User level: Level 10
148,327 points

Jun 4, 2011 11:10 AM in response to graffitisoul

The AirPorts are theoretically VPN pass-through devices. However, there is no guarentee that all VPN clients will be successful doing so.


When establishing an VPN connection, a number of VPNs allow for, at least, two types: 1) Tunnel-all and 2) Split-tunnel.


In the former, all traffic is sent to/from the tunnel. If you have a home network, you would not be able to print or share files on the home network when connected by VPN in this manner. On the other hand, a Split-Tunnels allows for data to be sent to both locations depending on the IP address.


Do you know which your Cisco VPN client is configured for?

Reply
User profile for user: graffitisoul
graffitisoul Author
User level: Level 1
0 points

Jun 4, 2011 11:27 AM in response to Tesserax

thank you for replying. I don't know how the VPN network would be configured to be honest - I don't think I'd be able to find out by looking at the Cisco AnyConnect VPN Client, or at least I can't find anything which would indicated what set up there is.


Logging in from home using using the VPN client on my work laptop while being connected to the Internet via my ISP router (or I'd imagine any other router apart from the AirPort), I can effectively replicated everything I'm able to do in the office, that is if I want to print a document, I can send that to the printer at work etc, access all the files on any of the 5 network drives I'm mapped to and all that. While if I use the Airport, all I can do is opening my Lotus Notes, check my e-mail and send e-mails and browse the Intranet, but that's all.


You do mention Tunnel-all and Split tunnel and I do understand the difference. Looking at the AirPort Utility, under the Advance tap, there is a IPv6 option which currently sits as Link-local only. In the drop down menu, the following options do appear: Host, Tunnel, Router. Is that perhaps something I would need to have a play around with to manage to log into my work network via the Cisco AnyConnect and the AirPort? I should have maybe mentioned that I am still connected via WiFi to the Airport, with the ISP router plugged into the back of of the Airport, with the Airport set into Bridge Mode so I guess the ISP's router is doing all the work. My preferred set-up - is using the Drytek Modem and having the connection as PPoE with NAT enabled on the Airport, but with that set up, I can't do anything apart from e-mails and intranet.

Reply
User profile for user: Tesserax
Tesserax
User level: Level 10
148,327 points

Jun 4, 2011 11:39 AM in response to graffitisoul

Logging in from home using using the VPN client on my work laptop while being connected to the Internet via my ISP router (or I'd imagine any other router apart from the AirPort), I can effectively replicated everything I'm able to do in the office, that is if I want to print a document, I can send that to the printer at work etc, access all the files on any of the 5 network drives I'm mapped to and all that. While if I use the Airport, all I can do is opening my Lotus Notes, check my e-mail and send e-mails and browse the Intranet, but that's all.


The fact that you can access your work's email system from your work laptop at home does indicate that you have a successful VPN tunnel created between the two locations.


Looking at the AirPort Utility, under the Advance tap, there is a IPv6 option which currently sits as Link-local only. In the drop down menu, the following options do appear: Host, Tunnel, Router. Is that perhaps something I would need to have a play around with to manage to log into my work network via the Cisco AnyConnect and the AirPort?


No, the IPv6 setting is something totally different than the VPN connection, and you can safely ignore these settings for now. "Link-local only" would be the default setting for the AirPorts.


I should have maybe mentioned that I am still connected via WiFi to the Airport, with the ISP router plugged into the back of of the Airport, with the Airport set into Bridge Mode so I guess the ISP's router is doing all the work. My preferred set-up - is using the Drytek Modem and having the connection as PPoE with NAT enabled on the Airport, but with that set up, I can't do anything apart from e-mails and intranet.


Ah, yes. When configured as a bridge, the AirPort Extreme is a "passive" device. It is not providing any router functions at all ... but, instead, is performing as a combination wireless access point and Ethernet switch. Your ISP router would be handling the VPN tunnel.

Reply
User profile for user: dallasmacfan
dallasmacfan
User level: Level 1
12 points

Feb 21, 2014 12:38 PM in response to graffitisoul

I found this thread and have a similar situation except in my case I can access my work VPN using my Dell laptop however I get kicked off several times day. I can log right back in but obviously this is very inconvenient. I was having no issue with my older Linksys Router using the VPN but decided I wanted to upgrade to an Airport Extreme for various reasons. Note that all my mac products work fine but the Dell PC via VPN is VERY unreliable. Is there anything simple I can check or reset?

Thanks

Reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,202 points

Feb 21, 2014 2:42 PM in response to dallasmacfan

I just replied to a very similar post.


https://discussions.apple.com/thread/5924087?tstart=0


The Extreme is not using the same port opening type of protocol as PC is normally using.


And some Apple firmware have vpn bugs.. now and in the past and doubtless into the future.


You can try putting the pc into the dmz as suggested in the other thread.


But you might find you need to use manual port forwarding of the required ports. And in some cases even those will fail.



Is there anything simple I can check or reset?

Thanks

Apple routers.. they have now removed even a log or SNMP output.. or any known way to find out info like ports opening.

Not that they ever had much .. but now they have less.


The easiest solution.. buy a standard router.. and use the AE as a WAP and switch.

Reply

Accessing VPN Network

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up