pablogiganti
asked on
Gateway to gateway VPN tunnel - Linksys WRVS4400N with AM200 Modem and RV082
Hi,
I have on one end a Linksys WRVS4400N connected to a Linksys AM200 ADSL Modem and on the other end a Linksys RV082 connected to a cable modem.
The cable modem and RV082 end is working fine. The router takes the static WAN IP address (lets call it 80.70.60.50) on the input and has a LAN IP like 10.10.0.X 255.255.255.0
The other end is also working fine but a bit different. It´s WAN IP address (lets call it 40.30.20.10) is not forwarded to the router. Instead the modem has DHCP enabled and it assigns this IP address 192.168.1.2 to the router.
So the router thinks that 192.168.1.2 is its IP address when in fact 40.30.20.10 is the WAN IP of the network.
When I try to establish a VPN tunnel I get this log message on the other network:
[Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
initiating Aggressive Mode #109, connection "ips0"
STATE_AGGR_I1: initiate
Received Vendor ID payload Type = [Dead Peer Detection]
Tunnel Negotiation Info] <<< Initiator Received Aggressive Mode 2nd packet
Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.1.2'
No suitable connection for peer '192.168.1.2', Please check Phase 1 ID value
initial Aggressive Mode packet claiming to be from 40.30.20.10 on 40.30.20.10 but no connection has been authorized
What am I doing wrong?
Thanks,
Pablo
I have on one end a Linksys WRVS4400N connected to a Linksys AM200 ADSL Modem and on the other end a Linksys RV082 connected to a cable modem.
The cable modem and RV082 end is working fine. The router takes the static WAN IP address (lets call it 80.70.60.50) on the input and has a LAN IP like 10.10.0.X 255.255.255.0
The other end is also working fine but a bit different. It´s WAN IP address (lets call it 40.30.20.10) is not forwarded to the router. Instead the modem has DHCP enabled and it assigns this IP address 192.168.1.2 to the router.
So the router thinks that 192.168.1.2 is its IP address when in fact 40.30.20.10 is the WAN IP of the network.
When I try to establish a VPN tunnel I get this log message on the other network:
[Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
initiating Aggressive Mode #109, connection "ips0"
STATE_AGGR_I1: initiate
Received Vendor ID payload Type = [Dead Peer Detection]
Tunnel Negotiation Info] <<< Initiator Received Aggressive Mode 2nd packet
Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.1.2'
No suitable connection for peer '192.168.1.2', Please check Phase 1 ID value
initial Aggressive Mode packet claiming to be from 40.30.20.10 on 40.30.20.10 but no connection has been authorized
What am I doing wrong?
Thanks,
Pablo
ASKER
Hi,
Thanks for your reply.
My ADSL provider uses the first config you see on the screenshot (PPPoA). If I switch to bridge the modem wont connect (I think) because there´s no place for user or password and the encapsulation will be different.
I´m currently using the DMZ option you mentioned but it doesn´t work.
Any other ideas?
Thanks a lot!!!
capture.jpg
Thanks for your reply.
My ADSL provider uses the first config you see on the screenshot (PPPoA). If I switch to bridge the modem wont connect (I think) because there´s no place for user or password and the encapsulation will be different.
I´m currently using the DMZ option you mentioned but it doesn´t work.
Any other ideas?
Thanks a lot!!!
capture.jpg
Does the WRVS4400N have WAN configuration option for PPPoA? Seems to me the RV082 doesn't work with PPPoA (does with PPPoE) but the WRVS4400N may work. If so the concept is to put the AM200 in bridged mode, and then configure the PPPoA/ISP options on the WRVS4400N.
If using the DMZ, which I haven't tried but a few others report having succeeded, you need to set the DMZ to be the LAN port of the WRVS4400N, and then forward all traffic to that IP. I am still not sure if the IPSec traffic will work with the fact that NAT is still in place.
I am not very familiar with the WRVS4400N as is not available here (Canada). Are you in Spain (noted time zone)? My daughter is back-packing through Europe and arriving in Madrid as we "speak". She is quite looking forward to it.
If using the DMZ, which I haven't tried but a few others report having succeeded, you need to set the DMZ to be the LAN port of the WRVS4400N, and then forward all traffic to that IP. I am still not sure if the IPSec traffic will work with the fact that NAT is still in place.
I am not very familiar with the WRVS4400N as is not available here (Canada). Are you in Spain (noted time zone)? My daughter is back-packing through Europe and arriving in Madrid as we "speak". She is quite looking forward to it.
ASKER
Rob,
I set the modem in bridge mode and the router in PPPoE mode with the corresponding username and pass and it didn´t work.
The modem has two types of bridge mode and an advance tab with many routing option. I think I tried them all and it didn´t work.
I thought it would be easier than what it is so I´ll take some screen shots and copy some logs and I´ll get back to you.
There´re many options and it will take me some time to do it, so please be patient.
Yes, I´m in Madrid and this is a good time of the year to visit the city (not too hot, not too cold)
Thanks a lot!!!
Pablo
I set the modem in bridge mode and the router in PPPoE mode with the corresponding username and pass and it didn´t work.
The modem has two types of bridge mode and an advance tab with many routing option. I think I tried them all and it didn´t work.
I thought it would be easier than what it is so I´ll take some screen shots and copy some logs and I´ll get back to you.
There´re many options and it will take me some time to do it, so please be patient.
Yes, I´m in Madrid and this is a good time of the year to visit the city (not too hot, not too cold)
Thanks a lot!!!
Pablo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Sorry for the massive delay. I found that the modem has two different bridge modes. I use one of them and it works like a dream.
The problem I have now is that computers on both sides can see each other using their IP addresses, but not their names.
Is that a DNS problem?
Thanks,
Pablo
Sorry for the massive delay. I found that the modem has two different bridge modes. I use one of them and it works like a dream.
The problem I have now is that computers on both sides can see each other using their IP addresses, but not their names.
Is that a DNS problem?
Thanks,
Pablo
Yes DNS.
On a LAN your network can rely on NetBIOS or DNS for name resolution, but NetBIOS uses broadcast traffic which is not routable so you rely need to configure DNS. Assuming you have your own DNS server at one or the other site you need to point your client machines to ONLY your DNS servers, and do not add a router or ISP even as a secondary. It's also a good idea to add the domain suffix to the NIC configuration if the machine is not a member of the domain, see:
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg
Having said that, under the extended options on the Linksys VPN configuration there is an option to enable NetBIOS traffic, which may help.
On a LAN your network can rely on NetBIOS or DNS for name resolution, but NetBIOS uses broadcast traffic which is not routable so you rely need to configure DNS. Assuming you have your own DNS server at one or the other site you need to point your client machines to ONLY your DNS servers, and do not add a router or ISP even as a secondary. It's also a good idea to add the domain suffix to the NIC configuration if the machine is not a member of the domain, see:
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg
Having said that, under the extended options on the Linksys VPN configuration there is an option to enable NetBIOS traffic, which may help.
ASKER
Hi,
I have NetBios Broadcast enabled on both sides but doesn´t do the job.
I don´t have a domain, just a small workgroup on both ends with no domain.
I don´t have a DNS server. Both routers take care of that, I believe...
My router´s IPs are
A= 10.10.0.1
B= 10.0.0.1
Should I enter on router A 10.0.0.1 as the DNS server address and vice versa? Is this what you mean?
A = 10.10.0.1 / DNS = 10.0.0.1
B= 10.0.0.1 / DNS = 10.10.0.1
Thanks for your advice,
Pablo
I have NetBios Broadcast enabled on both sides but doesn´t do the job.
I don´t have a domain, just a small workgroup on both ends with no domain.
I don´t have a DNS server. Both routers take care of that, I believe...
My router´s IPs are
A= 10.10.0.1
B= 10.0.0.1
Should I enter on router A 10.0.0.1 as the DNS server address and vice versa? Is this what you mean?
A = 10.10.0.1 / DNS = 10.0.0.1
B= 10.0.0.1 / DNS = 10.10.0.1
Thanks for your advice,
Pablo
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For the record, you shouldn't need Aggressive mode between two routers.
The other option which may work if stuck, is to put the WRVS4400N in the DMZ of the AM200 ADSL.