We are being setup with a client over their VPN to support them remotely. We are unable to access their VPN through our server, they said to look and make sure that the TCP ports are enabled for their security setup (ports are in the 4000 range).
How do you look for this and how do you enable a range if it is not already enabled?
do you have any ipfiltering or firewalling happening between you and the client with teh problem. if so ask the firewall team if they are blocking any ports above 1024.
this sounds like a good logical first step.
No, firewall has not been setup yet and there is no filtering being done either. NAT is enabled.
NAT (Network Address Translation) is not compatible with most VPN technologies. If the VPN is IPSEC based this is certainly the case. Cryptographic systems that use IPSEC (or similar techology) insure the integrity of the IP packet by running cryptographic checksum (kinda) algorithm against the packet. If the packet has changed, it will be dropped.
NAT changes the IP address in the head. This is a violation of the integrity checking mechanism of IPSEC. This is a big problem with NAT. You should consider turning off NAT if you want a clean, not kludgy VPN solution.
If you are not sure of this reply, please post the details of what cryptographic protocols are being used in the VPN tunnel. I can help you if you provide the details on how the tunnel is operating.