I tried a port forwarding rule for TCP 10000 to the IP or the router and also to the IP of the laptop when it was plugged in directly. Neither of these worked.
I would expect someone else has run into this already, but I didn't see anything in the forums. Can someone let me know what is needed to resolve this? I have been back and forth with email support but we haven't gotten a resolution.
Try connecting your Ooma device behind (On the LAN Side of) your router. Than your VPN will function as before. Many people set-up their connection Modem-Router-Ooma without any problems at all. A few people have OoS issues connecting this way. If you do, post your problems in this forum and someone will give you directions how to make corrections to resolve the QoS issues.
a. Access your Ooma Telo “home port” by plugging in a patch (network) cable from the Ooma Telo home port to a computer’s network card port. Sometimes you have to restart your computer after installing the patch cable, so that a proper connection occurs. (In in your case, if the computer is connected to the router, and the router is connected to the Ooma device Home port, skip to step b.)
b. Type http://setup.ooma.com in you browser address window and hit enter. The “Ooma Setup” window opens.
c. In the left hand Navigation window, select “Network”.
d. Under “Network Settings” go to network connection: select the down arrow with your mouse and select “Automatic” (if not already set to Automatic).
e. Under “Modem Port MAC Address”, select Use Built in:
f. Select the “Update button”.
g. In the left hand Navigation window, select “Advanced”.
h. Under “Advanced Settings” go to DHCP Configuration. (Since you are connecting only your router to the Ooma device Home Port, you only need to issue one IP address to the router. To let the DMZ function properly, the router needs to have the same IP address issued each time it is restarted.)
i. Change Start Address: to 172.27.35.11
j. Change End Address: to 172.27.35.11
k. In DMZ add 172.27.35.11
l. Select the “Update button”.
m. Do a “cold boot” of the Ooma device.
n. After the Ooma device cold boot, do a “cold boot” of the router.
Maybe I should have told you to cold boot the Modem, than the Ooma device, than your router.
With this setup, were you able to connect to an Internet site like Google from your computer?
If you remove the Ooma device and connect the router directly to the modem, can you access the Cisco VPN without making any changes to the router?
You could try Port Forwarding in the Ooma Setup Advanced page. You would be forwarding 172.27.35.11,
using the ports that have to be opened, TCP, UDP, or both, for your Cisco VPN port requirements.
Make sure your router is Port Forwarded with the same ports and TCP or UDP settings, for the Static IP address assigned from your router, to the computer, that you are using for the Cisco VPN.
Note: another thing that you have to do is set Quality of Service in your Ooma device Advanced page. Click on the(?) which will lead you to instructions for setting QoS.
When done with setups, make sure you cold boot the Modem, than the Ooma device, than your router.
I tried port forwarding on both the router and the Ooma, but still no good.
I can still do UDP VPN, so I'm not completely out of luck, but it would be nice to know what in Ooma is keeping TCP VPN from working. Sounds like a good KB article if we can get this figured out.
If I place my VPN 3000 Concentrator behind a firewall or router running access control lists, which ports and protocols do I need to allow through?
A. This chart lists ports and protocols.
Service Protocol Number Source Port Destination Port
PPTP Control Connection 6 (TCP) 1023 1723
PPTP Tunnel Encapsulation 47 (GRE) N/A N/A
ISAKMP/IPSec Key Management 17 (UDP) 500 500
IPSec Tunnel Encapsulation 50 (ESP) N/A N/A
IPSec NAT Transparency 17 (UDP) 10000 (default) 10000 (default)
Note: The Network Address Translation (NAT) Transparency port is configurable to any value in the 4001 through 49151 range. In versions 3.5 or later, you can configure IPsec over TCP by going to Configuration > System > Tunneling Protocols > IPSec > IPSec over TCP. You can enter up to 10 comma-separated TCP ports (1 - 65535). If this option is configured, make sure that these ports are allowed in your firewall or router running access-control lists.