MegaSack DRAW - 6pm Christmas Eve - LIVE on our YouTube Channel
So recently I swapped out our basic BT router as I was having work VPN issues and the TP Link Archer C80 has all but resolved those.
Only issues is the missus reports X-rays for the NHS and has had a work from home setup done, only it doesn’t work through the router!
Soon as I stick the BT router back in her connection works!
I’m thinking I want to be looking at port forwarding but I think there’s slim to no chance of getting the IP and port details for the checkpoint type box the VPN CONNECTS to. Has anyone seen this before and has any pointers?
the missus reports X-rays for the NHS and has had a work from home setup done
How? What does that setup look like?
only it doesn’t work through the router!
When it "doesn't work" what happens? Would you take a car to a garage and go "it doesn't work?" with no further explanation?
Describe the symptoms: does it fail to connect; does it connect but fail to transfer; something else; are there any error messages?
Does she not have an IT department?
My guess is maybe it uses a non standard port ( not 80,442 etc) and you need to look at the firewall settings on the router. You won’t need an IP address, just forward the required port to the same port internally so 5000 to 5000 for example….
We have sky and TP Link, Mrs FD has no problems at all with accessing any of her clinical NHS systems.
I’m no expert but would imagine it’s just some firewall setting thing
What is the ‘WFH setup’? Is there any physical hardware or is it just a VPN on the laptop?
Consumer routers rarely block anything outbound and most remote access solutions don’t require inbound to the end user.
Her IT dept should be able to advise/ fix.
Also check the IP address range of the DNS server which your home router uses - I had the same problem which went when I changed the home router address from 192.168.1.xx to 192.168.2.xx Apparently home and work on same range makes windows remote access software unhappy, vpn works fine and 3rd party software manages, but not windows. The PACS system we have uses a windows server, so also came back to life with the change!
Took 2mins to change on the router, home ip dynamic so everything reconnected. Worth a try 👍
Haha apologies I should’ve elaborated a bit more. So there’s a Cisco ASA security appliance which houses all the VPN connection details, a tower and 1 normal then 2 extremely high-res screens.
So the Software when clicked should log her onto a network location and from the naming convention suggests it connects into the domain at her work, the system for all the images though is hosted in Germany and On initial login it does a big download to pull back all the Xray images.
I’m a bit unsure about her IT team in this case as I suggested when it didn’t work, to try the old router back and they suggested it wouldn’t be that, then came back a second time saying they’d ruled out the router by using a known working setup.
However for my sanity I plugged the BT router back in and it worked straight away...
I think FD you’re all right, it probably just needs some port forwarding. I can’t even get into the IP addressing of the connection as it’s all locked down sadly, just thought I’d see if anyone was in the same boat since WFH
I refuse to put in the old BT router just because it works 😆
@dickyhepburn may well be onto something.
Are your two different routers using two different IP ranges inside? That could be the problem for either of your issues.
If she’s got an ASA then find out what IP your router assigns it, then port forward everything to that IP. Some routers call this DMZ.
Does she not have an IT department?
Took my wife approx 6 months to get her IT issues solved by the NHS IT department!
I had similar IT dept proving issues, so tried tethering to my iPhone hotspot and it worked fine, that convinced them it had to be the router, it was a chap on the TPLink forum who suggested the IP range thing, apparently it is due to the handshake which is initiated remotely vs the one done locally? Apparently BThubs use different IP ranges as BT love to log on remotely to check them (and you 😂😂) good luck take my advice with 2c as I’m just a clinician so WTF do I know!
Check the VPN passthough settings in the router are actually turned on, and flip them back off (save) and on again.
My wife has been working from home this week (NHS). We are with virgin, have superhub in modem mode and tp-link router connected. She had no issues logging in to the hospital system.
If it goes away by swapping the router, and all other things are equal, I'd be checking the MTU size and fragmentation settings on the Archer. Downloads etc failing for one application suggests this.
She has a physical ASA device at her endpoint?
By "locked down," you're saying the tower is provided by work so you can't view network settings, open a command prompt or anything?
You've explained what it should do which is great, but you're still telling us "it doesn't work" which is less useful. You're saying that it connects just fine but refuses to pass traffic? ANY traffic at all or just this download? Specifically, what happens when it fails?
@dickyhepburn may well be onto something.
Are your two different routers using two different IP ranges inside? That could be the problem for either of your issues.
Yeah, that's a really good shout.
Can I assume that there's more devices on the network than just her PC? You could use something else to see what subnet ranges are being allocated?
Basically, it use to work for her and then you broke it.
I think this is the answer to be fair, to find out the IP it’s getting and setup port forwarding to that IP.
Or will be the first thing I try, by not working, you click on the AGFA software desktop link and after trying to connect it says unable to connect to the resource, and the resource is what looks like a network location on their domain. It’s not just that though as her intranet site also doesn’t load. So it’s any connection to her work systems that’s failing so as mentioned it’ll either be the port forwarding that needs looking at or the IP range. I tried whitelisting that device but that doesn’t work.
Will let you know how I get on
I really don't think it's likely to be a port-forwarding issue. The whole point of a VPN is to extend your network, there's nothing to forward if you're on the same virtual LAN.
is her machine getting the same IP address from the new router? Possibly the Cisco ASA was configured with a specific IP address and the new router is dishing out a different one??? Also it might be a split tunnelling issue and the ASA has split tunnelling configured on a single IP rather than a range, this is less likely if the ASA was delivered already set up as they would want to just allow all 192.168 addresses to save additional config on each individual setup but it’s possible. Is there an IP reservation on the old router??
You might want to try plugging the old router in and check her IP. Apply that same IP to her PC with the new router plugged in.
When this set-up was first delivered did you have to provide any info to whoever set it up? e.g. internal subnet, external IP etc.? Did you need to configure anything on the BT router to get it working originally?
Port forwarding might be required in some configurations (but not all ports!) for an ASA to work with NAT but the BT router should have needed the same config.
If you are able to log in to the the tower can you get to a command line and ipconfig/all and see what the default gateway is (and is it pingable)? Is the default gateway IP the router or ASA or something else?
Thanks so I have no ability to administer the machine at all, it’s locked down so I can’t even open command prompt on it.
To answer the question, the BT hub needed no config at all, it just worked when I swapped out the TP-link and put it in it’s place.
I didn’t need to give any IP address range, I did ask if he needed to be in the router admin but was told it wouldn’t be needed.
I’m hoping he comes back to my partner with a rough idea of what needs to be allowed/setup on the router.
I can see that the BT router just allows all outbound traffic where I can imagine the TP-link is more restrictive.
If I do a proper “audit” of all the IP’s I should be able to locate the IP the ASA gets and May point me in the direction of a fix. Watch this space!
I'd also check for the vpn passthrough option on the TP link.
Also, restart the ASA, it might still have the IP from the old router on it.
I'm guessing that the tower is connected to the asa and the ASA is connected to the router?
I’ve not had chance to look at this yet but yes once the router was swapped I rebooted the ASA. The ASA is connected to the tower. The tower connected to a 4 port switch, the switch is home plugged to the router downstairs.
I rebooted the switch too.
The setup is faultless with my work connection, just hers that’s the issue
That sounds slightly weird. So you have:
ASA
|
PC
|
Switch
|
Router
?
The ASA has only one cable connected? And this works with one of the routers?
What IP addresses does the home hub give out compared to the TP link ? EG 192.168.0.x vs 192.168.100.x
Obviously I have no clue how the kit has been set up by the trust, but it sounds like a strange solution, or connected wrong.
i would check if you have uPnP enabled on the new router. its probably there by default on the BT one
