Problem solve Get help with specific problems with your technologies, process and projects.

I cannot establish a VPN connection the error I get is 'failure by initializing of IPsec link.' Can

I am using Cisco VPN client on my notebook to connect to corporate network from home. The connection goes through my NetPassage 15-D router and works fine. Now I am trying to use a WLAN connection - a WLAN card in my notebook and a D-Link DWL-700AP connected to the same router - but I cannot establish a VPN connection (failure by initializing of IPsec link). Could you help me solve this issue?
Your NP15D is a 4-port broadband router with stateful packet inspection. It's not usual for broadband routers that apply NAT to interfere with IPsec VPN connections, but the NP15D supports VPN passthrough and you've been able to connect when using a wired port. So we need to consider what's happening between the wired port used by your AP and your wireless notebook.

My guess is that your notebook is failing to get a DHCP address from your router, or your router is blocking traffic from your notebook, or VPN passthrough is failing in a more subtle fashion.

  1. Your router uses IP-based (not MAC-based) rules, so I don't think your firewall is blocking traffic. But there could be an issue with ARP and LAN addressing. Send some traffic from your notebook through your router. Then use the router's "SHOW ARP TABLE" command to see whether your router has an ARP table entry for the MAC address of your notebook's wireless adapter. If not, then it's possible that your router doesn't like having two devices (MAC addresses) connected to a single built-in switch port. Try changing the "uplink/normal" button and using a crossover cable from the LAN uplink port to your AP. From the router's perspective, the AP is behaving more like an uplinked LAN than a single device, so maybe this will help.

  2. If ARP isn't the problem, then use your notebook's link status to see whether you're getting an IP address from the router's DHCP server. By default the NP15D gives out addresses in the 192.168.168.* subnet. If you see no IP address or an IP address in the 169.254.*.* range, then DHCP is failing. If you suspect your problem is here, try configuring the router's advanced DHCP options to reserve a specific IP address for the MAC address of your notebook's wireless adapter. Consult your router's log to verify the address you specified is being assigned.

  3. If neither of these is the problem, then I'd suspect the VPN passthrough implementation on your router. VPN passthroughs vary quite a bit, ranging from just letting any IPsec ESP pass in/out to stateful handling of the IPsec tunnel so that arriving ESP packets can be forwarded to the right internal host on the LAN. If the router's VPN passthrough implementation depends on direct connection of the internal host to a switch port, that could be a problem. You might want to contact Compex Tech Support to ask about any physical connection requirements associated with using VPN passthrough on the NP15D.
This was last published in September 2004

Dig Deeper on Network Access Control