VPN w/dynamic IP using linksys RV042

We are trying to establish a VPN from an employee's home (dynamic IP) to our corporate LAN (static IP) using a linksys RV042. We have successfully done this at two other locations with the linksys BEFVP41, but the "spiffy" new model does not seem to want to do it. Linksys is of absolutely no help (plus a waste of time).

Has anyone done this or have any hints as to what might be the problem?
Who is Participating?
lrmooreConnect With a Mentor Commented:
>Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
                                                                                UNCHECK ^^^

That's the only thing I can see that may be out of sync...

The proposal is the transform policy, which has to match both sides, which appears to be what it needs to be..
Phase 1...
Group: 1
encryption: DES
Authentication: MD5
Lifetime: 28800
PFS: no

Phase 2...
Encryption: DES
Authentication: MD5
LifetimeL 28800

On SonicWall side, how does the Advanced settings compare to the other two tunnels that you have setup?
>Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway =; VPN Terminated = "At LAN"
What do you have at your corporate end where the VPN terminates?
Return the RV042 and stick with the BEFVP41.  The 41 can handle up to 50 IP Sec tunnels so you should be good with that.
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

percentageAuthor Commented:
We are trying to connect to a Sonicwall Pro. That is what the older Linksys boxes connect to.
Can you verify the encryption/hash/group mode that you are using on both ends?
How about the local/remote secure groups?
Do have the same LAN IP subnet on more than one site?
I'm assuming you chose 'gateway to gateway' mode on the RV042?
percentageAuthor Commented:
In the logs (on both units), we can see the tunnel trying to be established, but we keep seeing this:  "NO_PROPOSAL_CHOSEN", whatever that means.

We have two other older linksys units both comming into the 192.168.1.x network and they work fine.

These are the settings we have  on the new model linksys.

Sonicwall - WAN address xxx.xxx.xxx.xxx, LAN subnet
Linksys - Wan Address DYNAMIC, LAN subnet
SONICWALL settings:
Security Association: yyyyyyyyyyyy (WAN MAC address of the Linksys)
IPSec Keying Mode: IKE using Preshared Secret
Name: yyyyyyyyyyyy
Disable This SA: [Unchecked]
IPSec Gateway Name or Address:
Exchange: Aggressive Mode
Phase 1 DH Group: Group 1
SA Life Time: 28800
Phase 1 Encryption/Authentication: DES & MD5
Phase 2 Encryption/Authentication: Encrypt and Authenticate (ESP DES HMAC MD5)
Shared Secret: xxxxxxxxxxx
Specify destination networks below Network =; Subnet Mask =
Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway =; VPN Terminated = "At LAN"
LINKSYS Settings:
Tunnel No.: 1
Tunnel Name: xxxxxxxxxxxx
Interface: WAN1
Enable: [checked]
Local Security Gateway Type: IP Only
IP Address: (this field is populated with the dynamic address from the ISP)
Local Security Group Type: Subnet
IP Address:
Subnet Mask:
Remote Security Gateway Type: IP Only
IP Address: xxx.xxx.xxx.xxx (Sonicwall's WAN Address)
Remote Security Group Type: Subnet
IP Address:
Subnet Mask:
Keying Mode: IKE with Preshared key
Phase1 DH Group: Group1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: [unchecked]
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Lifetime: 28800
Preshared Key: xxxxxxxx
Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.