Solved

VPN w/dynamic IP using linksys RV042

Posted on 2004-10-18
9
930 Views
Last Modified: 2013-11-09
We are trying to establish a VPN from an employee's home (dynamic IP) to our corporate LAN (static IP) using a linksys RV042. We have successfully done this at two other locations with the linksys BEFVP41, but the "spiffy" new model does not seem to want to do it. Linksys is of absolutely no help (plus a waste of time).

Has anyone done this or have any hints as to what might be the problem?
0
Comment
Question by:percentage
  • 3
  • 2
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12340587
What do you have at your corporate end where the VPN terminates?
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12340631
Return the RV042 and stick with the BEFVP41.  The 41 can handle up to 50 IP Sec tunnels so you should be good with that.
0
 

Author Comment

by:percentage
ID: 12341104
We are trying to connect to a Sonicwall Pro. That is what the older Linksys boxes connect to.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12341198
Can you verify the encryption/hash/group mode that you are using on both ends?
How about the local/remote secure groups?
Do have the same LAN IP subnet on more than one site?
I'm assuming you chose 'gateway to gateway' mode on the RV042?
0
 

Author Comment

by:percentage
ID: 12360145
In the logs (on both units), we can see the tunnel trying to be established, but we keep seeing this:  "NO_PROPOSAL_CHOSEN", whatever that means.

We have two other older linksys units both comming into the 192.168.1.x network and they work fine.

These are the settings we have  on the new model linksys.

Sonicwall - WAN address xxx.xxx.xxx.xxx, LAN subnet 192.168.1.0
Linksys - Wan Address DYNAMIC, LAN subnet 192.168.5.0
 
SONICWALL settings:
Security Association: yyyyyyyyyyyy (WAN MAC address of the Linksys)
IPSec Keying Mode: IKE using Preshared Secret
Name: yyyyyyyyyyyy
Disable This SA: [Unchecked]
IPSec Gateway Name or Address: 0.0.0.0
Exchange: Aggressive Mode
Phase 1 DH Group: Group 1
SA Life Time: 28800
Phase 1 Encryption/Authentication: DES & MD5
Phase 2 Encryption/Authentication: Encrypt and Authenticate (ESP DES HMAC MD5)
Shared Secret: xxxxxxxxxxx
Specify destination networks below Network = 192.168.5.0; Subnet Mask = 255.255.255.0
Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
 
 
LINKSYS Settings:
Tunnel No.: 1
Tunnel Name: xxxxxxxxxxxx
Interface: WAN1
Enable: [checked]
Local Security Gateway Type: IP Only
IP Address: 0.0.0.0 (this field is populated with the dynamic address from the ISP)
Local Security Group Type: Subnet
IP Address: 192.168.5.0
Subnet Mask: 255.255.255.0
Remote Security Gateway Type: IP Only
IP Address: xxx.xxx.xxx.xxx (Sonicwall's WAN Address)
Remote Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0
Keying Mode: IKE with Preshared key
Phase1 DH Group: Group1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: [unchecked]
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Lifetime: 28800
Preshared Key: xxxxxxxx
Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12360565
>Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
                                                                                UNCHECK ^^^

That's the only thing I can see that may be out of sync...

The proposal is the transform policy, which has to match both sides, which appears to be what it needs to be..
Phase 1...
Group: 1
encryption: DES
Authentication: MD5
Lifetime: 28800
PFS: no

Phase 2...
Encryption: DES
Authentication: MD5
LifetimeL 28800

On SonicWall side, how does the Advanced settings compare to the other two tunnels that you have setup?
>Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now