Solved

Newbie to VPN and having problems - have (2) D-Link DFL-300 VPN/FW/Routers can't make connection both on cable modem...

Posted on 2004-08-05
17
563 Views
Last Modified: 2013-11-09
Okay I'm new to VPN so excuse my lack of the correct terminology.  But the situation is I've bought (2) D-Link DFL-300 VPN/FW/Routers (http://www.d-link.com/products/?pid=66) because I wanted to set up a VPN from my home to my office.  My home is in Atlanta, GA and office is in Inman, SC.  SC location has Charter high speed internet and GA location have Comcast high speed internet.  One DFL-300 is in SC location and the other is in GA.  LAN, firewall, routing, and connection is working fine on both locations just can not get VPN to connect, communicate, or work at all.  I've followed the D-Link instructions on how to set up VPN between (2) DFL-300 on their website but I've had no luck (http://support.dlink.com/faq/view.asp?prod_id=1219&question=DFL-300%20/%20DFL-80) .  Both the connections have dynamic IP's and I have spoken with both Broadband companies to verify if they block any ports to VPN or restrict any VPN.  They both say they do not block VPN ports and have no restrictions.  So back to the drawing boards now I am stumped on this one?  Part of the reason is I'm new to VPN so I probably lack the knowledge.  D-Link support site makes it sound so easy I knew their was more to it then what they had.  Sounds to easy to be true you know.  The support wasn't helpful period, when I mentioned to them about the DFL-300 they gathered all my information and said somebody will call me.  Been almost 2 weeks and no call yet, I've left messages and sent e-mails.  Okay any help would be appreciate greatly.  I've searched high and low and still I can not get these 2 working together.  Is it because both locations have Dynamic IP's?  Please post reply or feel free to e-mail me at bob.lee@apcsolution.com.  Thanks ahead.
0
Comment
Question by:apcsolution
  • 7
  • 7
  • 2
  • +1
17 Comments
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11733222
How did you test your vpn ?
With your current IP address ?
Check your public ip again and test the connection then get back here :)

check here : http://checkip.dyndns.org/
0
 

Author Comment

by:apcsolution
ID: 11733287
Well AshuraKnight I'm not sure how else to test it besides just following their instructions.  They say after you get all the settings in then you should be able to ping internal IP's.  I can't even get them to connect by clicking on the connect link after setup.  I've got my public IP's in correctly I double check it again following your link.  Appreciate your quick reponse, looking forward to hearing more from you.  Thanks.
0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11733440
So when you're in DLink configuration
At VPN Page

What do you see from the vpn configuration table ?
Name : DFL300toDFL300 (ex)
Gateway IP : this is should be your IP address at home
dest subnet : IP of your work comp.

0
 

Author Comment

by:apcsolution
ID: 11733521
Here is what I have.  Hopefully this will help some.  the preshared key is just an example but they are both the same on both ends.  

- SC Location -
Name:  apcs_sc
Gateway IP:  24.98.135.188
Destination Subnet:  192.168.10.0
PSK/RSA:  psk
Status:  Disconnect
Configure:  Connect Modify Remove

* In Detail *
VPN Auto Keyed Tunnel
Name:  apcs_sc
From Source:  Internal    
Subnet / Mask:  192.168.1.0 / 255.255.255.0
To Destination:  Remote Gateway -- Fixed IP:  24.98.135.188
Subnet / Mask:  192.168.10.0 / 255.255.255.0
Authentication Method:  Preshared
Preshared Key:  123456
Encapsulation:  Data Encryption + Authentication
IPSec Lifetime:  28800 Seconds
Schedule:  None

- GA Location -
Name:  Name:  apcs_ga
Gateway IP:  66.168.39.44
Destination Subnet:  192.168.1.0
PSK/RSA:  psk
Status:  Disconnect
Configure:  Connect Modify Remove

* In Detail *
VPN Auto Keyed Tunnel
Name:  apcs_ga
From Source:  Internal    
Subnet / Mask:  192.168.10.0 / 255.255.255.0
To Destination:  Remote Gateway -- Fixed IP:  66.168.39.44
Subnet / Mask:  192.168.1.0 / 255.255.255.0
Authentication Method:  Preshared
Preshared Key:  123456
Encapsulation:  Data Encryption + Authentication
IPSec Lifetime:  28800 Seconds
Schedule:  None
0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11733810
As the tutorial said :
Step 8 Select either Remote Gateway--Fixed IP or Remote Gateway--Dynamic IP. Enter the WAN (external) IP address of DFL-300 #2, if Remote Gateway--Fixed IP is selected.

I see that you're using the same IP for the Ip of your SC connection.
and don't use fixed ip, because you're on dynamic ip

And i presume your sc internal ip address is 192.168.1.1
and your ga is 192.168.10.1
is that right ?

please use dynamic ip setting for the router
you can use dynamic ip service from dyndns.com if needed
0
 

Author Comment

by:apcsolution
ID: 11733969
Your reply:

"I see that you're using the same IP for the Ip of your SC connection."

I am trying to look at where I used the same IP and can't figure out where you saw that at.  If you can point that out for me because I've double checked and can't figure where I used the same IP.  Also I have tried the Remote Gateway--Dynamic IP but the only issue with that is it doesn't give you a choice on which DNS to look for.  The only thing with that option you can put is the Subnet / Mask
0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11735480
Name:  apcs_sc
From Source:  Internal    
Subnet / Mask:  192.168.1.0 / 255.255.255.0
To Destination:  Remote Gateway -- Fixed IP:  24.98.135.188

there. On the fixed ip for sc comp you put the same IP with your gateway IP :)

And have you try to put your setting to dynamic ip ?
And one more thing, for static ip, the IP address of your connection is not the same with gateway IP (most of them)
usually gateway ip is the same with one of the dns ip.
0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11735543
"Also I have tried the Remote Gateway--Dynamic IP but the only issue with that is it doesn't give you a choice on which DNS to look for.  The only thing with that option you can put is the Subnet / Mask"

I know that, ok just do it with fixed ip right now.
But at later time, you had to change it into dynamic ip because your ip will constantly changed. So if you keep using that IP as a gateway, you won't connect with it anymore.

Do you sure the ip in your work comp haven't changed ?
How do you access it ? Via RD (remote desktop) or something ?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:apcsolution
ID: 11735847
Yeah, I connect through DNS or IP.  I have PCAnywhere on both ends so I can connect to office and here at home.  I can remote manage my firewalls also.  SC locations DNS name is http://aps.apcsolution.com/ and GA locations is http://apsga.dyndns.org/.  In the "To Destination:  Remote Gateway -- Fixed IP: " I've also tried using the DNS names of both of them and no luck also.  If I leave it as fixed IP with the DNS as long as the DNS never changes things should be fine right?  I've tried just IP and/or DNS bascially I get the same results.  With the IP I'm just putting in the remote ip which is the IP for my modem at GA location and the other is the IP for my modem in SC location.  Again I've tried putting IP and DNS.  I'm really stumped on this one.  I do appreciate you helping me like this.  I'm just out of ideas to try now.



0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11743037
Sorry, I know that it's something matter with your configuration but I can't explain it without put my hands on it directyly :)

So i'll make another question referring to this question to let other expert (who knows d-link configuration better) give some advise.

0
 
LVL 5

Expert Comment

by:AshuraKnight
ID: 11743041
here's the link for my question : http://www.experts-exchange.com/Networking/Q_21085688.html

:)

hope some1 will come and help you faster then me :P
0
 

Author Comment

by:apcsolution
ID: 11743252
Thanks though.  Any help is greatly appreicated.  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11744188
- SC Location -
Name:  apcs_sc
Gateway IP:  24.98.135.188  <--- this is GA's external IP address?
Destination Subnet:  192.168.10.0

- GA Location -
Name:  Name:  apcs_ga
Gateway IP:  66.168.39.44  <-- this is SC's external IP address??
Destination Subnet:  192.168.1.0
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11744475

I believe the "remote gateway" should be the IP address of the other DLink router.
For Example...


- GA Location -
To Destination:  Remote Gateway -- Fixed IP:  66.168.39.44
Subnet / Mask:  192.168.1.0 / 255.255.255.0


Should be


- GA Location -
To Destination:  Remote Gateway -- Fixed IP:  24.98.135.188
Subnet / Mask:  192.168.1.0 / 255.255.255.0


you want the router in Georiga to know that any IPs on 192.168.1.0 should be forwarded to the router in SC.  Make sure you reconfigure both routers.  Then do a tracert on a 192.168.1.x address to find out how far along it gets...
0
 

Author Comment

by:apcsolution
ID: 11748253
lrmoore, yeah those are the external IPs.

adamdrayer, I have tired what you recommended and I got no luck also.  I even used the DNS names with out any luck.  SC DNS is aps.apcsolution.com GA DNS is apsga.dyndns.org.  Traced it and got unreachable host.  Thanks for the suggestions.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
ID: 11749513
but did the trace show any results from internet servers and devices?
0
 

Author Comment

by:apcsolution
ID: 11749618
adamdrayer here is what i get below:

C:\WINDOWS\system32>tracert 192.168.1.5

Tracing route to 192.168.1.5 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2    14 ms    11 ms    12 ms  10.238.224.1
  3    12 ms    15 ms    15 ms  66.56.22.109
  4    15 ms    12 ms    13 ms  66.56.22.169
  5  12.124.58.41  reports: Destination host unreachable.

Trace complete.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 78
Need a cheap RFID setup 10 43
server plus 2 47
Resource cost of NAT vs routing 3 28
Let’s list some of the technologies that enable smooth teleworking. 
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now