Cisco VPN Client through Linksys BEFSR41 router

Thanks for the quick response!  Some answers:

Local IP subnet at home - 192.168.1.x
IP subnet that the client gets - I'm not sure what to look at here.  Where can I find this?
IP subnet at the company - 172.16.x.x

Regarding using status, my attempt to connect is what's failing.  Is there any way to check on traffic or log stuff at this point before I'm actually connected?

I haven't tried adjusting MTU.  I can't adjust right now since I'm actually at work, but will try that as a first step when I get home later this evening.  I didn't initially try this because I figured that the problems caused by MTU size would manifest after connection, not during the actual connection and subsequent login process.  I could have been wrong about that.

Thanks again for the quick response.

Rich

Open the client from the systray and the Status should tell you what IP address you have.

You can start the log before you open the client, too.

Also, the newest 4.02 client is much nicer...

Update on my latest attempts:

I couldn't get the client far enough through the connection process to get anything at all in the systray and didn't have any luck with logging.  The logs kept coming up empty.

I dropped MTU down to 576 and still no luck.  Same result.

As a last resort, I borrowed a Netgear RT614v2 router from a friend and gave that a shot.  No special setup needed.  Plugged the machine into it, logged in to the VPN client and I'm on the network at full speed.

Part of me wants to keep troubleshooting the Linksys, but the part of me that's a father with a 3-month old and a wife says spend the $40 on the Netgear router and move on.  It includes an SPI firewall, so it's an upgrade anyway.

Any further ideas on the subject are welcome as I'm still not sure why I'm having all of this trouble with the Linksys.

Thanks!

How old is the Linksys? It could be defective...

The Linksys is pretty old as these things go - two or three years maybe?  It has the latest firmware, but perhaps there's something it just wasn't doing.  It's worked flawlessly up until now for everything else.

This morning I picked up a new Netgear RP614v2 identical to the one I tried yesterday.  Works perfectly.  No setup required.  There isn't even a place to do any configuration of IPSec (e.g. IPSec Passthrough on the Linksys).  No Port Forwarding is necessary.

Are there any known issues with the Cisco client and Linksys routers using the latest firmware?  I've read everything I could find on the subject and it seems like with the latest, it should all work.  

Ah, well.  Thanks, again, for the assistance in helping me to ensure that I wasn't missing anything obvious or even semi-obvious.  I just feel badly that this thread likely won't end with the answer that someone experiencing the same problem will want to hear.

Interesting.   That's exactly the version of the firmware I was running on the Linksys.  I wonder if it did have to do with a hardware difference in my older router.  I'd love to find someone else at work who's using a Linksys router (BEFSR41) to connect from home.  There MUST be a few at least given the popularity of that particular model.  If I do find someone who got it to work, I'll post the results back here.

For now, thanks again for all of your help to date!  It's been great to have someone knowledgable to walk through this with.

I am using this same Linksys 4-port router and am having the same problem with the Cisco VPN client, v4.0.3c.

Has anyone found a solution for this?  I'm running the latest firmware on the Linksys, 1.45.7, have IPSec Passthrough enabled.  

I can connect and the network at my work will give me the proper DNS and WINS addresses, all looks good - but when I try to ping something, it waits awhile then returns saying it's pinging the proper address, but get Request Timed Out.  Others are using the Cisco VPN Client with success, using the same settings I am.

So, I'm thinking it may be in the LinkSys.  This is one of the older models, maybe 3 years old.

I have the older version of the linksys 4-port rotuer and I cant connect to with my Checkpoint vpn client either.

Removing my old Watchguard Firebox VPN client fixed it.  I still had it installed.  Once I removed it, the Cisco VPN client worked immediately, even without a reboot.

Cisco has acquired linksys so hopefully all the newer models will not have this problem. Hopefully firmware upgrade will also fix this issue.

I have the linksys befsr41 router with firmware 1.45.6, Jun 24 2003.  I am using Cisco VPN Client v4.0.3 and I have no problems whatsoever connecting to work.  I purchased my router in 2000.  It is very old.  I don't think your problem lies with the age of your router, but the firmware. Upgrade to the latest version.  Also, you would want to make sure if you are using Windows that you have the latest updates.  There is a patch from Microsoft that corrects a bug with Transparent Tunneling.
 My settings:

PPTP Disabled
IPSEC Enabled
MTU 1500

I have no ports forwarded and no triggers.  My internal IP range is 192.168.1.X. Work IP range is 172.19.101.X.  Transparent Tunneling is inactive but enabled. Local Lan Disabled. 168bit 3DES encryption/HMAC-MD5 Authentication. IPSEC over UDP.

Hope this helps someone!

I have the firmware 1.45.7, Jul 31 2003. But there is another twist to my story. My VPN server at work is brand new, it might be a configuration error somewhere on the VPN server. But if I connect to the vpn server with a machine sitting on the internet there is no problem.

If you have a PC connected directly to the ISP without a router and you are able to connect to the VPN successfully then the VPN should be configured correctly.  What are you settings on your VPN client and what are the settings in your router?  Enable PPTP and IPSEC Passthrough and if you are using Transparent Tunneling you will want to make sure you have the latest Windows updates.   If you have all of this enabled and you're still not able to connect properly you might try fowarding UDP ports 500 and 4,500.  That's a shot in the dark, but if you're not able to connect then anything is worth a try right?

I'm not sure if everyone is trying to connect to a Cisco PIX firewall or Cisco Concentrator.  Two different solutions, but I will assume a PIX firewall.  Rather than dealing with Linksys, Netgear, or versions of code, it might be easier to configure the Cisco PIX firewall to provide a better VPN solution.  Make sure the PIX is running version 6.3 or later and configure it NAT traversal (which is not on by default):

isakmp nat-traversal

Then on the client make sure Transparent Tunneling is enabled for UDP.  Not TCP, the PIX doesn't understand TCP Transparent Tunneling (only the Cisco Concentrator does).  The nat-traversal command allows ESP packets to pass throught a NAT device.  You know when ESP packets are not being passed when you can make a VPN connection but nothing works.  I think someone had that problem.  Hope this helps.  

I was having this same problem but already had the latest firmware on my Linksys router.  But Cisco VPN **was** working on a wired NIC and on a Cisco wireless card, but **was not** working with a Linksys WPC11 v4 wireless card that I just bought.  I downloaded and installed the latest driver (5.158.1001.2003) and setup wizard / WLAN monitor (2.2.0.5) for that card and that fixed it.  Looks like the driver and config software that ships on the CD is ancient.  

I had a user that is using cable internet and the befsr41 and after about 3 and a half minutes it was disconnecting. I had her upgrade it to the latest version and it didn't help. I tried a firmware downgrade to the 1.45.6 june 2003 that cmirving suggested and it did seem to help out the problem. I called her back and talked with her on the phone for 11 minutes while she was connected to VPN and everything seemed to be good. I pinged her adddress from my machine a few times and also a few times from the VPN concentrator. So after it looked like everything was good I hung up the phone and danced around my cube in victory...Then about 3 minutes later she called back and said that just after we got off of the phone she was disconnected. I'm wondering if it might be a problem with the concentrator that it doesn't see enough of what it calls "interesting traffic" for the connection to stay alive. Maybe keeping a constant ping would help us determine if this is an issue. She went out to buy a new router though so if someone else has this router they might give that a try.  Try pinging an address at the office with ping -t x.x.x.x

She was using
Cisco VPN Client 4.6.00.0045
Connected to Cisco 3015 VPN concentrator
IPSEC over UDP 500 and 10000
Split tunneling disabled
Linksys BEFSR41 firmware 1.45.6
Cable internet through Insight Broadband
IBM Thinkpad
Windows 2000
Her network is 192.168.1.x 255.255.255.0
She is connecting to a 192.168.40.x 255.255.248.0

This may help her issue ej, it seemed to have fixed some of our machines, anyway.
For version 4 cards: http://www.linksys.com/support/top10faqs/wpc11/WPC11%20V4%20and%20VPN%20connections.asp
For version 3 cards: http://www.wireless-index.com/wireless_pc_cards/linksys_wpc11_wireless-b_notebook_adapter/

Got it working to MS VPN;  Think I had the same problem LINKSYS BEFW11S4 for VPN to work :
IPSEC passthru Disabled;  PPTp passthru Enabled;  That made all the difference

Did not have to put machine in DMZ;
No Port Forwarding necessary (tried with port Fwd to client, with port fwd to other machine and no port fwd and it worked.

Firmware:  1.44.2z Dec 13/2002