• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7232
  • Last Modified:

Linksys RVS4000 vpn setup

I was trying to setup a VPN on RVS4000.

I configured a below VPN setting on RVS4000 but the status says it is down.

Can anyone tell me what is wrong and how to configure correctly?

 

Thanks


Local Group Setup  Local Security Gateway Type:   IP Only

IP address: xxx.xxx.160.99
Local Security Group Type:  Subnet
IP Address:  192.168.0.1  
Subnet Mask:  255.255. 255.0    
--------------------------------------------------------------------------------

Remote Group Setup  Remote Security Gateway Type:   Any

Remote Security Group Type:  IP Addr

IP Address:  192.168.2.0
This Gateway accepts requests from any IP address.
Subnet Mask:  255.255.255.0    
------------------------------------------------------------------------------

IPSec Setup  Keying Mode:  IKE with Preshared keyl
Phase 1:
Encryption:  3DES  
Authentication:  MD5
Group:  768-bit
Key Life Time:   28800Sec.

Phase 2:

Encryption:  3DES  
Authentication:  SHA1  
Perfect Forward Secrecy:  Enable


Status  Down
0
jasonkk
Asked:
jasonkk
  • 10
  • 8
  • 3
1 Solution
 
SysExpertCommented:
IP Address:  192.168.0.1    should be

IP Address:  192.168.0.0  probably

I hope this helps !
0
 
jasonkkAuthor Commented:
No, it still doesn't work.
Do you think all the setting that I mentioned above are correct?
0
 
SysExpertCommented:
1) did you ping from a 2.x address to a 0.x address or the reverse.

Tunnels only come up when there is traffic or you use a connect button ( if there is one )



Are both ends set up the same way ( revesed Local IPs though )


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jasonkkAuthor Commented:
Actually the 2.x is not real one I just put the number since it was mandatory field even though I selected the Any for gateway type.

Here is what I'm trying to do.
This RVS4000 router is in the office(T1) and I want to connect to the office network from my home(DSL).

RVS4000 IP: xxx.xxx.160.99 (Wan)
RVS4000 IP: 192.168.0.1 (Lan)
Home 192.168.1.8 (Lan)

Thanks

0
 
Rob WilliamsCommented:
IP Address:  192.168.2.0
                     0.0.0.0  = any
I would change that.

As SysExpert stated it will show status down unless a remote user is connected.
Based on your configuration I assume you are using an IPSec VPN client for remote users to connect. If so which client? Your configuration is not for use with Linksys Quick VPN or Windows clients, nor another remote VPN router. The only one I know that will work for sure is www.TheGreenBow.com
Instructions: http://www.thegreenbow.com/doc/tgbvpn_cg_Linksys_RVS4000_en.pdf
0
 
jasonkkAuthor Commented:
Thanks for your reponse.
I thought nobody is going to answer my question.
Fiirst, there is a summary status screen that shows connect button which it will change to disconnect after the connection so I think something is wrong with my setting.
Second, to use Quick VPN how the configuration need to be changed.

Thanks
0
 
Rob WilliamsCommented:
None of that page need be configured for the QuickVPN client. It is on a different configuration page and basically only needs a user name and password. You must also use the matching version of the QuickVPN client.
From the RVS4000 manual:
1.Click the VPN tab.
2. Click the VPN Client Accounts tab.
3. Enter the username in the Username field.
4. Enter the password in the Password field, and enter it again in the Re-enter to confirm field.
5. Click the Add/Save button.
6. Click the Active checkbox for VPN Client No. 1.
Click the Save Settings button.
0
 
jasonkkAuthor Commented:
I already setup the VPN client account page but I still can't connect.
I still think vpn setting on RVS4000.
Maybe I have to change the firewall setting too?
0
 
Rob WilliamsCommented:
All you have to do on the RVS4000 is username and password. I have done lots of them.
However the QuickVPN client is the most troublesome VPN client available today. There are pages of blogs outlining potential issues.
For starters:
-The RVL4000 must have a public IP assigned to it
-The client can only be behind a single routing device. i.e. it cannot be behind a modem that is a combined modem and router, in conjunction with a standard router
-it does not work at all behind some routers
-the site from which you are connecting cannot use the same subnet as the suite to which you are connecting
-the VPN client must match the version of the firmware on the router. Some versions require exporting a certificate from the router and installing on the client
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386737314B161&displaypage=nodata#versiondetail
-the traffic can be blocked by software such as Symantec anti-virus with Internet worm protection enabled, McAfee security suite, ZoneAlarm, Windows Live One Care, and others.

Some sample sites:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22427172.html?cid=237#a20027681
http://www.linksysinfo.org/forums/showthread.php?t=47114
http://www.linksysinfo.org/forums/showthread.php?t=35652
0
 
jasonkkAuthor Commented:
I've tried and still doesn't work.
0
 
Rob WilliamsCommented:
It is very difficult for us to isolate the problem. As mentioned though the QuickVPN works well there can be many issues that can block the VPN traffic. The links provided earlier list dozens of possible causes It is a case of addressing each one at a time. Also "still doesn't work" doesn't give us much to go on.
0
 
SysExpertCommented:
WHat do the logs on each side say. They should provide info regarding the VPN, and what is wrong.

0
 
jasonkkAuthor Commented:
In the log "home" cannot initiate the connection without knowing peer ip address.
And from the summary screen, the tunnel test button remains "connect" after I click.

And My answers for RobWill

-The RVL4000 must have a public IP assigned to it - Yes
-The client can only be behind a single routing device. i.e. it cannot be behind a modem that is a combined modem and router, in conjunction with a standard router - Tried at work and home
-it does not work at all behind some routers - ???
-the site from which you are connecting cannot use the same subnet as the suite to which you are connecting - Tried different subnet
-the VPN client must match the version of the firmware on the router. Some versions require exporting a certificate from the router and installing on the client - Tried both xp and vista version
-the traffic can be blocked by software such as Symantec anti-virus with Internet worm protection enabled, McAfee security suite, ZoneAlarm, Windows Live One Care, and others. - Disabled all

Some sample sites: - I've tried belows before I post the question here.
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22427172.html?cid=237#a20027681
http://www.linksysinfo.org/forums/showthread.php?t=47114
http://www.linksysinfo.org/forums/showthread.php?t=35652

Thanks for your help

0
 
Rob WilliamsCommented:
>>"In the log "home" cannot initiate the connection without knowing peer ip address."
Sounds as if the RVS4000 public IP is not accessible.
-Is it possible it is not assigned a true public IP ( you mention it is) or it is behind a router or modem that is a combined modem and router?
-The client is using the wrong IP?
-The client is using a FQDN that does not properly resolve to the correct IP?

>>"the VPN client must match the version of the firmware on the router."
By this I mean the Quick VPN has multiple version numbers such as 1.1.10, 1.2.8 They must be the appropriate version for your router and firmware. I would make sure you have the latest firmware for your router and matching VPN client from:
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386737314B161&displaypage=nodata#versiondetail

>>"the traffic can be blocked by software such as Symantec anti-virus "
Some, I don't recall have to be uninstalled, not just disabled. Also it will not work if many of the other IPSec VPN clients are installed on the same machine.
0
 
jasonkkAuthor Commented:
My answers are in Bold.
Sounds as if the RVS4000 public IP is not accessible. - It is accessable since port forwarding is working.
-Is it possible it is not assigned a true public IP ( you mention it is) or it is behind a router or modem that is a combined modem and router? - I'm using T1 Cisco 1720 router.
-The client is using the wrong IP? - What do you mean wrong IP?
-The client is using a FQDN that does not properly resolve to the correct IP? - I don't get it. why FQDN is related with this issue since we are using IP


0
 
Rob WilliamsCommented:
>>"I'm using T1 Cisco 1720 router"
Why not use the Cisco VPN client to connect to that directly?

I assume then you have Internet=>Cisco=>Linksys. VERY doubtful  this will work.

>>"What do you mean wrong IP?"
The IP in the client needs to match the public IP of the RVS4000.

>>"why FQDN is related with this issue since we are using IP"
Correct if not using FQDN for client it doesn't matter.
0
 
jasonkkAuthor Commented:
Currently, I don't have any information on this Cisco 1720 because the person who installed left nothing.
And I don't have the password to check what kind of settings we have.
Currently we don't use Cisco 1720 as a router we're using is as T1 modem I think.
But 5 public IPs are assigned to this Cisco 1720 and I'm using one of them for Linksys RVS4000.
 
0
 
Rob WilliamsCommented:
I am not sure if the Cisco will pass through the IPSec traffic to RVS4000, I don't know them well enough. I know the QuickVPN client is very fussy about multiple routers being in place.
0
 
jasonkkAuthor Commented:
Thank you !
I guess it has something to do with Cisco 1720
0
 
jasonkkAuthor Commented:
Do you think "cannot initiate the connection without knowing peer ip address." related with Cisco router?
0
 
Rob WilliamsCommented:
It could be if it is blocking the connection through it to the RVS4000's public IP.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now