Solved

VPN w/dynamic IP using linksys RV042

Posted on 2004-10-18
9
936 Views
Last Modified: 2013-11-09
We are trying to establish a VPN from an employee's home (dynamic IP) to our corporate LAN (static IP) using a linksys RV042. We have successfully done this at two other locations with the linksys BEFVP41, but the "spiffy" new model does not seem to want to do it. Linksys is of absolutely no help (plus a waste of time).

Has anyone done this or have any hints as to what might be the problem?
0
Comment
Question by:percentage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12340587
What do you have at your corporate end where the VPN terminates?
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12340631
Return the RV042 and stick with the BEFVP41.  The 41 can handle up to 50 IP Sec tunnels so you should be good with that.
0
 

Author Comment

by:percentage
ID: 12341104
We are trying to connect to a Sonicwall Pro. That is what the older Linksys boxes connect to.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 79

Expert Comment

by:lrmoore
ID: 12341198
Can you verify the encryption/hash/group mode that you are using on both ends?
How about the local/remote secure groups?
Do have the same LAN IP subnet on more than one site?
I'm assuming you chose 'gateway to gateway' mode on the RV042?
0
 

Author Comment

by:percentage
ID: 12360145
In the logs (on both units), we can see the tunnel trying to be established, but we keep seeing this:  "NO_PROPOSAL_CHOSEN", whatever that means.

We have two other older linksys units both comming into the 192.168.1.x network and they work fine.

These are the settings we have  on the new model linksys.

Sonicwall - WAN address xxx.xxx.xxx.xxx, LAN subnet 192.168.1.0
Linksys - Wan Address DYNAMIC, LAN subnet 192.168.5.0
 
SONICWALL settings:
Security Association: yyyyyyyyyyyy (WAN MAC address of the Linksys)
IPSec Keying Mode: IKE using Preshared Secret
Name: yyyyyyyyyyyy
Disable This SA: [Unchecked]
IPSec Gateway Name or Address: 0.0.0.0
Exchange: Aggressive Mode
Phase 1 DH Group: Group 1
SA Life Time: 28800
Phase 1 Encryption/Authentication: DES & MD5
Phase 2 Encryption/Authentication: Encrypt and Authenticate (ESP DES HMAC MD5)
Shared Secret: xxxxxxxxxxx
Specify destination networks below Network = 192.168.5.0; Subnet Mask = 255.255.255.0
Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
 
 
LINKSYS Settings:
Tunnel No.: 1
Tunnel Name: xxxxxxxxxxxx
Interface: WAN1
Enable: [checked]
Local Security Gateway Type: IP Only
IP Address: 0.0.0.0 (this field is populated with the dynamic address from the ISP)
Local Security Group Type: Subnet
IP Address: 192.168.5.0
Subnet Mask: 255.255.255.0
Remote Security Gateway Type: IP Only
IP Address: xxx.xxx.xxx.xxx (Sonicwall's WAN Address)
Remote Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0
Keying Mode: IKE with Preshared key
Phase1 DH Group: Group1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: [unchecked]
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Lifetime: 28800
Preshared Key: xxxxxxxx
Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12360565
>Advanced - Aggressive Mode [checked]; AH Hash Algorithm [checked] value = MD5
                                                                                UNCHECK ^^^

That's the only thing I can see that may be out of sync...

The proposal is the transform policy, which has to match both sides, which appears to be what it needs to be..
Phase 1...
Group: 1
encryption: DES
Authentication: MD5
Lifetime: 28800
PFS: no

Phase 2...
Encryption: DES
Authentication: MD5
LifetimeL 28800

On SonicWall side, how does the Advanced settings compare to the other two tunnels that you have setup?
>Avanced Settings - Everything unchecked; Phase 2 DH Group: Group 1; Default LAN Gateway = 0.0.0.0; VPN Terminated = "At LAN"
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
assignment of laptops - risks 6 86
CentOS 7 wireless 2 35
Change to New Domain, carry Wks configs foward? 4 29
PoE Injector and switch 2 21
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question