?
Solved

VPN w/dynamic IP using linksys RV042

Posted on 2004-10-18
9
Medium Priority
?
946 Views
Last Modified: 2013-11-09
We are trying to establish a VPN from an employee's home (dynamic IP) to our corporate LAN (static IP) using a linksys RV042. We have successfully done this at two other locations with the linksys BEFVP41, but the "spiffy" new model does not seem to want to do it. Linksys is of absolutely no help (plus a waste of time).

Has anyone done this or have any hints as to what might be the problem?
0
Comment
Question by:percentage
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12340587
What do you have at your corporate end where the VPN terminates?
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12340631
Return the RV042 and stick with the BEFVP41.  The 41 can handle up to 50 IP Sec tunnels so you should be good with that.
0
 

Author Comment

by:percentage
ID: 12341104
We are trying to connect to a Sonicwall Pro. That is what the older Linksys boxes connect to.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12341198
Can you verify the encryption/hash/group mode that you are using on both ends?
How about the local/remote secure groups?
Do have the same LAN IP subnet on more than one site?
I'm assuming you chose 'gateway to gateway' mode on the RV042?
0
 

Author Comment

by:percentage
ID: 12360145
In the logs (on both units), we can see the tunnel trying to be established, but we keep seeing this:  "NO_PROPOSAL_CHOSEN", whatever that means.

We have two other older linksys units both comming into the 192.168.1.x network and they work fine.

These are the settings we have  on the new model linksys.

Sonicwall - WAN address xxx.xxx.xxx.xxx, LAN subnet 192.168.1.0
Linksys - Wan Address DYNAMIC, LAN subnet 192.168.5.0
 
SONICWALL settings:
Security Association: yyyyyyyyyyyy (WAN MAC address of the Linksys)
IPSec Keying Mode: IKE using Preshared Secret
Name: yyyyyyyyyyyy
Disable This SA: [Unchecked]
IPSec Gateway Name or Address: 0.0.0.0
Exchange: Aggressive Mode
Phase 1 DH Group: Group 1
SA Life Time: 28800
Phase 1 Encryption/Authentication: DES & MD5
Phase 2 Encryption/Authentication: Encrypt and Authenticate (ESP DES HMAC MD5)
Shared Secret: xxxxxxxxxxx
Specify destination networks below Network = 192.168.5.0; Subnet Mask = 255.255.255.0
Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
 
 
LINKSYS Settings:
Tunnel No.: 1
Tunnel Name: xxxxxxxxxxxx
Interface: WAN1
Enable: [checked]
Local Security Gateway Type: IP Only
IP Address: 0.0.0.0 (this field is populated with the dynamic address from the ISP)
Local Security Group Type: Subnet
IP Address: 192.168.5.0
Subnet Mask: 255.255.255.0
Remote Security Gateway Type: IP Only
IP Address: xxx.xxx.xxx.xxx (Sonicwall's WAN Address)
Remote Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0
Keying Mode: IKE with Preshared key
Phase1 DH Group: Group1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: [unchecked]
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Lifetime: 28800
Preshared Key: xxxxxxxx
Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 12360565
>Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
                                                                                UNCHECK ^^^

That's the only thing I can see that may be out of sync...

The proposal is the transform policy, which has to match both sides, which appears to be what it needs to be..
Phase 1...
Group: 1
encryption: DES
Authentication: MD5
Lifetime: 28800
PFS: no

Phase 2...
Encryption: DES
Authentication: MD5
LifetimeL 28800

On SonicWall side, how does the Advanced settings compare to the other two tunnels that you have setup?
>Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question