Link to home
Create AccountLog in
Avatar of mwhatfield
mwhatfield

asked on

VPN connection problems

I have a Linksys RV082 at corp office with 6 vpn tunnels.  5 tunnels are configured without any issues working fine with Netgear Fsv 318.  Th 6 tunnel is new and using a Fvg318.  I have a dsl and cable isp at corp office that is in use with the RV082 since it is a dual wan router.  I us the dsl as primary connection wth cable as backup.  So when I set up VPN tunnels with new routers I use my cable modem to simulate the remote site.  My problem is that I can get Tunnel 6 up and running fine between the dsl and cable modem connection at my office.  But when I deploy the router at the remote site using the dsl connection at the site it has connectivity  to the internet but the VPN will not connect.  The setting are the same as the test because I use the wan IP at the remote for Identity in IKE.  I have 2 of these routers same issues.  I am running the latest firmware it is a version 1 router but netgear claims it can run the v2 firmware which is what I have installed.  I have FSV114 that will connect at the office in test mode but same problem at remote site.  I am not understanding what the problem could be. Does anyone with true experience in VPN with this equipment have any ideas.  I have called netgear and linksys with no success.  Netgear 2 hours no help.  Linksys bumped it up to level 2 support and put me on hold until they dropped call on 2 occasion.  So that is a dead end.  Embarq has had problems with our DSL line since we had it installed.  This is a new building and location for service in a semi rural area.  They have had to reset the card the DSL connects to at the hub.  Now they are going to replace the card because we have had some many problems.  Could this card be the issue why my VPN is not working on this site but works in test environment at my office with cable modem service?
Avatar of myin68
myin68
Flag of United States of America image

Do the offices have different internal IP structures, or the same?  Having the same internal IPs will cause a problem.  

Are you able to tell if all the negotiations to establish the VPN were successfull (phase I & II)?  You could try using a shared secret password to test if it's authentication that's causing the problem.
Avatar of mwhatfield
mwhatfield

ASKER

The office internal is 192.168.1.0  tunnel 1 has 192.168.2.0 tunnel 2 has 192.168.3.0 and so on to the 6 tunnel 192.168.7.0 ...Which as I stated works fine at the office using a cable modem. But when it is at the remote site it is connected with dsl and will not connect.  I use DSL at all sites without issue.  That is why this is such a mystery.  In summary my config works fine with cable modem but not with dsl at new site.  And cable modem service is not available at new site.  The DSL is down right now and the Embarq is going to switch out cards that the dsl is on. I hope that is the problem and VPN will finally work.
Did you verify the IP address at the remote site?  You may have requested static, but ISP may have given you a different IP than you think, or it's assigned by DHCP and differnet that you think.
YES. its dynamic like the other 5 tunnels and I use dyndns.com to resolve the ip address my vpn uses the FQDN to resolve ip address and it works fine at test environment but not at the remote site so I typed in the dynamic address on both routers to use as IDENTITY at both end points. I use a static for corp office router.  I have 5 tunnels working fine with dyndns updater clients.  So to answer your question I verified and the dynamic address.
These are the Logs from routers,
At the Corp office I get this in Router log:  
Mar 2 22:45:40 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 2 22:46:47 2008     VPN Log    Initiating Main Mode to replace #726  
Mar 2 22:46:47 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 2 22:47:57 2008     VPN Log    Initiating Main Mode to replace #727  
Mar 2 22:47:57 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 2 22:48:41 2008     VPN Log    initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #705  
Mar 2 22:48:41 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet  
Mar 2 22:48:43 2008     VPN Log    [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet  
Mar 2 22:48:43 2008     VPN Log    [Tunnel Negotiation Info] Inbound SPI value = 7e7e2631  
Mar 2 22:48:43 2008     VPN Log    [Tunnel Negotiation Info] Outbound SPI value = 330a952  
Mar 2 22:48:43 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet  
Mar 2 22:48:43 2008     VPN Log    [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected  
Mar 2 22:49:21 2008     VPN Log    Initiating Main Mode  
Mar 2 22:49:21 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 2 22:50:05 2008     VPN Log    Initiating Main Mode  
Mar 2 22:50:05 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 2 22:51:15 2008     VPN Log    Initiating Main Mode to replace #731  
Mar 2 22:51:15 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
 
 
I nothing shows up in the Netgear Log file.???
It seems that something is blocking VPN ports before it reaches the router therefore nothing is showing in the VPN log file at remote site.  Thats why I believe the card at the ISP hub the DSL is plugged into is unstable and not allowing all traffic to pass thru. Its my theory and tommorrow they are swapping the card out.  I will know for sure.
The remote site DSL just came back online.  The VPN is still down and the Router Log in the office says.
Mar 4 19:33:14 2008     VPN Log    Initiating Main Mode  
Mar 4 19:33:14 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 4 19:34:06 2008     VPN Log    Initiating Main Mode  
Mar 4 19:34:06 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 4 19:35:16 2008     VPN Log    Initiating Main Mode to replace #1179  
Mar 4 19:35:16 2008     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet  
Mar 4 19:35:28 2008    Connection Refused - Policy violation    UDP 0.0.0.0 "not my real ip" -0.0.0.0:500 "server ip zeroed out" on ixp1
I just logged into Corp Office Router and the VPN is now up.  There is now information in the Remote Netgear router log as there should be giving details of the connection processed.  It is now in my belief that the malfunctioning card that as far as I know hasnt been swapped yet is unstable causing the VPN connection problem.   I will see in the morning with the new card is in..But as of know the VPN is working. This has been a 2 month issue with 5 routers later that I have swapped out because ISP blaming my equipment.  GOOOOOOD LORRRD!!!
ASKER CERTIFIED SOLUTION
Avatar of mwhatfield
mwhatfield

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer