Solved

Linksys RVS4000 vpn setup

Posted on 2009-04-02
21
7,019 Views
Last Modified: 2012-06-27
I was trying to setup a VPN on RVS4000.

I configured a below VPN setting on RVS4000 but the status says it is down.

Can anyone tell me what is wrong and how to configure correctly?

 

Thanks


Local Group Setup  Local Security Gateway Type:   IP Only

IP address: xxx.xxx.160.99
Local Security Group Type:  Subnet
IP Address:  192.168.0.1  
Subnet Mask:  255.255. 255.0    
--------------------------------------------------------------------------------

Remote Group Setup  Remote Security Gateway Type:   Any

Remote Security Group Type:  IP Addr

IP Address:  192.168.2.0
This Gateway accepts requests from any IP address.
Subnet Mask:  255.255.255.0    
------------------------------------------------------------------------------

IPSec Setup  Keying Mode:  IKE with Preshared keyl
Phase 1:
Encryption:  3DES  
Authentication:  MD5
Group:  768-bit
Key Life Time:   28800Sec.

Phase 2:

Encryption:  3DES  
Authentication:  SHA1  
Perfect Forward Secrecy:  Enable


Status  Down
0
Comment
Question by:jasonkk
  • 10
  • 8
  • 3
21 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 24053751
IP Address:  192.168.0.1    should be

IP Address:  192.168.0.0  probably

I hope this helps !
0
 

Author Comment

by:jasonkk
ID: 24053955
No, it still doesn't work.
Do you think all the setting that I mentioned above are correct?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 24054099
1) did you ping from a 2.x address to a 0.x address or the reverse.

Tunnels only come up when there is traffic or you use a connect button ( if there is one )



Are both ends set up the same way ( revesed Local IPs though )


0
 

Author Comment

by:jasonkk
ID: 24054229
Actually the 2.x is not real one I just put the number since it was mandatory field even though I selected the Any for gateway type.

Here is what I'm trying to do.
This RVS4000 router is in the office(T1) and I want to connect to the office network from my home(DSL).

RVS4000 IP: xxx.xxx.160.99 (Wan)
RVS4000 IP: 192.168.0.1 (Lan)
Home 192.168.1.8 (Lan)

Thanks

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24064991
IP Address:  192.168.2.0
                     0.0.0.0  = any
I would change that.

As SysExpert stated it will show status down unless a remote user is connected.
Based on your configuration I assume you are using an IPSec VPN client for remote users to connect. If so which client? Your configuration is not for use with Linksys Quick VPN or Windows clients, nor another remote VPN router. The only one I know that will work for sure is www.TheGreenBow.com
Instructions: http://www.thegreenbow.com/doc/tgbvpn_cg_Linksys_RVS4000_en.pdf
0
 

Author Comment

by:jasonkk
ID: 24065035
Thanks for your reponse.
I thought nobody is going to answer my question.
Fiirst, there is a summary status screen that shows connect button which it will change to disconnect after the connection so I think something is wrong with my setting.
Second, to use Quick VPN how the configuration need to be changed.

Thanks
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24065174
None of that page need be configured for the QuickVPN client. It is on a different configuration page and basically only needs a user name and password. You must also use the matching version of the QuickVPN client.
From the RVS4000 manual:
1.Click the VPN tab.
2. Click the VPN Client Accounts tab.
3. Enter the username in the Username field.
4. Enter the password in the Password field, and enter it again in the Re-enter to confirm field.
5. Click the Add/Save button.
6. Click the Active checkbox for VPN Client No. 1.
Click the Save Settings button.
0
 

Author Comment

by:jasonkk
ID: 24065221
I already setup the VPN client account page but I still can't connect.
I still think vpn setting on RVS4000.
Maybe I have to change the firewall setting too?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24065317
All you have to do on the RVS4000 is username and password. I have done lots of them.
However the QuickVPN client is the most troublesome VPN client available today. There are pages of blogs outlining potential issues.
For starters:
-The RVL4000 must have a public IP assigned to it
-The client can only be behind a single routing device. i.e. it cannot be behind a modem that is a combined modem and router, in conjunction with a standard router
-it does not work at all behind some routers
-the site from which you are connecting cannot use the same subnet as the suite to which you are connecting
-the VPN client must match the version of the firmware on the router. Some versions require exporting a certificate from the router and installing on the client
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386737314B161&displaypage=nodata#versiondetail
-the traffic can be blocked by software such as Symantec anti-virus with Internet worm protection enabled, McAfee security suite, ZoneAlarm, Windows Live One Care, and others.

Some sample sites:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22427172.html?cid=237#a20027681
http://www.linksysinfo.org/forums/showthread.php?t=47114
http://www.linksysinfo.org/forums/showthread.php?t=35652
0
 

Author Comment

by:jasonkk
ID: 24081718
I've tried and still doesn't work.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 24083250
It is very difficult for us to isolate the problem. As mentioned though the QuickVPN works well there can be many issues that can block the VPN traffic. The links provided earlier list dozens of possible causes It is a case of addressing each one at a time. Also "still doesn't work" doesn't give us much to go on.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 24083625
WHat do the logs on each side say. They should provide info regarding the VPN, and what is wrong.

0
 

Author Comment

by:jasonkk
ID: 24088189
In the log "home" cannot initiate the connection without knowing peer ip address.
And from the summary screen, the tunnel test button remains "connect" after I click.

And My answers for RobWill

-The RVL4000 must have a public IP assigned to it - Yes
-The client can only be behind a single routing device. i.e. it cannot be behind a modem that is a combined modem and router, in conjunction with a standard router - Tried at work and home
-it does not work at all behind some routers - ???
-the site from which you are connecting cannot use the same subnet as the suite to which you are connecting - Tried different subnet
-the VPN client must match the version of the firmware on the router. Some versions require exporting a certificate from the router and installing on the client - Tried both xp and vista version
-the traffic can be blocked by software such as Symantec anti-virus with Internet worm protection enabled, McAfee security suite, ZoneAlarm, Windows Live One Care, and others. - Disabled all

Some sample sites: - I've tried belows before I post the question here.
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22427172.html?cid=237#a20027681
http://www.linksysinfo.org/forums/showthread.php?t=47114
http://www.linksysinfo.org/forums/showthread.php?t=35652

Thanks for your help

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24096251
>>"In the log "home" cannot initiate the connection without knowing peer ip address."
Sounds as if the RVS4000 public IP is not accessible.
-Is it possible it is not assigned a true public IP ( you mention it is) or it is behind a router or modem that is a combined modem and router?
-The client is using the wrong IP?
-The client is using a FQDN that does not properly resolve to the correct IP?

>>"the VPN client must match the version of the firmware on the router."
By this I mean the Quick VPN has multiple version numbers such as 1.1.10, 1.2.8 They must be the appropriate version for your router and firmware. I would make sure you have the latest firmware for your router and matching VPN client from:
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386737314B161&displaypage=nodata#versiondetail

>>"the traffic can be blocked by software such as Symantec anti-virus "
Some, I don't recall have to be uninstalled, not just disabled. Also it will not work if many of the other IPSec VPN clients are installed on the same machine.
0
 

Author Comment

by:jasonkk
ID: 24098500
My answers are in Bold.
Sounds as if the RVS4000 public IP is not accessible. - It is accessable since port forwarding is working.
-Is it possible it is not assigned a true public IP ( you mention it is) or it is behind a router or modem that is a combined modem and router? - I'm using T1 Cisco 1720 router.
-The client is using the wrong IP? - What do you mean wrong IP?
-The client is using a FQDN that does not properly resolve to the correct IP? - I don't get it. why FQDN is related with this issue since we are using IP


0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 24098677
>>"I'm using T1 Cisco 1720 router"
Why not use the Cisco VPN client to connect to that directly?

I assume then you have Internet=>Cisco=>Linksys. VERY doubtful  this will work.

>>"What do you mean wrong IP?"
The IP in the client needs to match the public IP of the RVS4000.

>>"why FQDN is related with this issue since we are using IP"
Correct if not using FQDN for client it doesn't matter.
0
 

Author Comment

by:jasonkk
ID: 24098844
Currently, I don't have any information on this Cisco 1720 because the person who installed left nothing.
And I don't have the password to check what kind of settings we have.
Currently we don't use Cisco 1720 as a router we're using is as T1 modem I think.
But 5 public IPs are assigned to this Cisco 1720 and I'm using one of them for Linksys RVS4000.
 
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24099399
I am not sure if the Cisco will pass through the IPSec traffic to RVS4000, I don't know them well enough. I know the QuickVPN client is very fussy about multiple routers being in place.
0
 

Author Closing Comment

by:jasonkk
ID: 31565940
Thank you !
I guess it has something to do with Cisco 1720
0
 

Author Comment

by:jasonkk
ID: 24100205
Do you think "cannot initiate the connection without knowing peer ip address." related with Cisco router?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24100264
It could be if it is blocking the connection through it to the RVS4000's public IP.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now