Solved

VPN w/dynamic IP using linksys RV042

Posted on 2004-10-18
9
933 Views
Last Modified: 2013-11-09
We are trying to establish a VPN from an employee's home (dynamic IP) to our corporate LAN (static IP) using a linksys RV042. We have successfully done this at two other locations with the linksys BEFVP41, but the "spiffy" new model does not seem to want to do it. Linksys is of absolutely no help (plus a waste of time).

Has anyone done this or have any hints as to what might be the problem?
0
Comment
Question by:percentage
  • 3
  • 2
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12340587
What do you have at your corporate end where the VPN terminates?
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12340631
Return the RV042 and stick with the BEFVP41.  The 41 can handle up to 50 IP Sec tunnels so you should be good with that.
0
 

Author Comment

by:percentage
ID: 12341104
We are trying to connect to a Sonicwall Pro. That is what the older Linksys boxes connect to.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12341198
Can you verify the encryption/hash/group mode that you are using on both ends?
How about the local/remote secure groups?
Do have the same LAN IP subnet on more than one site?
I'm assuming you chose 'gateway to gateway' mode on the RV042?
0
 

Author Comment

by:percentage
ID: 12360145
In the logs (on both units), we can see the tunnel trying to be established, but we keep seeing this:  "NO_PROPOSAL_CHOSEN", whatever that means.

We have two other older linksys units both comming into the 192.168.1.x network and they work fine.

These are the settings we have  on the new model linksys.

Sonicwall - WAN address xxx.xxx.xxx.xxx, LAN subnet 192.168.1.0
Linksys - Wan Address DYNAMIC, LAN subnet 192.168.5.0
 
SONICWALL settings:
Security Association: yyyyyyyyyyyy (WAN MAC address of the Linksys)
IPSec Keying Mode: IKE using Preshared Secret
Name: yyyyyyyyyyyy
Disable This SA: [Unchecked]
IPSec Gateway Name or Address: 0.0.0.0
Exchange: Aggressive Mode
Phase 1 DH Group: Group 1
SA Life Time: 28800
Phase 1 Encryption/Authentication: DES & MD5
Phase 2 Encryption/Authentication: Encrypt and Authenticate (ESP DES HMAC MD5)
Shared Secret: xxxxxxxxxxx
Specify destination networks below Network = 192.168.5.0; Subnet Mask = 255.255.255.0
Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
 
 
LINKSYS Settings:
Tunnel No.: 1
Tunnel Name: xxxxxxxxxxxx
Interface: WAN1
Enable: [checked]
Local Security Gateway Type: IP Only
IP Address: 0.0.0.0 (this field is populated with the dynamic address from the ISP)
Local Security Group Type: Subnet
IP Address: 192.168.5.0
Subnet Mask: 255.255.255.0
Remote Security Gateway Type: IP Only
IP Address: xxx.xxx.xxx.xxx (Sonicwall's WAN Address)
Remote Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0
Keying Mode: IKE with Preshared key
Phase1 DH Group: Group1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: [unchecked]
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Lifetime: 28800
Preshared Key: xxxxxxxx
Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12360565
>Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
                                                                                UNCHECK ^^^

That's the only thing I can see that may be out of sync...

The proposal is the transform policy, which has to match both sides, which appears to be what it needs to be..
Phase 1...
Group: 1
encryption: DES
Authentication: MD5
Lifetime: 28800
PFS: no

Phase 2...
Encryption: DES
Authentication: MD5
LifetimeL 28800

On SonicWall side, how does the Advanced settings compare to the other two tunnels that you have setup?
>Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question