We help IT Professionals succeed at work.

Linksys RVS4000 vpn setup

jasonkk
jasonkk asked
on
7,818 Views
Last Modified: 2012-06-27
I was trying to setup a VPN on RVS4000.

I configured a below VPN setting on RVS4000 but the status says it is down.

Can anyone tell me what is wrong and how to configure correctly?

 

Thanks


Local Group Setup  Local Security Gateway Type:   IP Only

IP address: xxx.xxx.160.99
Local Security Group Type:  Subnet
IP Address:  192.168.0.1  
Subnet Mask:  255.255. 255.0    
--------------------------------------------------------------------------------

Remote Group Setup  Remote Security Gateway Type:   Any

Remote Security Group Type:  IP Addr

IP Address:  192.168.2.0
This Gateway accepts requests from any IP address.
Subnet Mask:  255.255.255.0    
------------------------------------------------------------------------------

IPSec Setup  Keying Mode:  IKE with Preshared keyl
Phase 1:
Encryption:  3DES  
Authentication:  MD5
Group:  768-bit
Key Life Time:   28800Sec.

Phase 2:

Encryption:  3DES  
Authentication:  SHA1  
Perfect Forward Secrecy:  Enable


Status  Down
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007

Commented:
IP Address:  192.168.0.1    should be

IP Address:  192.168.0.0  probably

I hope this helps !

Author

Commented:
No, it still doesn't work.
Do you think all the setting that I mentioned above are correct?
CERTIFIED EXPERT
Top Expert 2007

Commented:
1) did you ping from a 2.x address to a 0.x address or the reverse.

Tunnels only come up when there is traffic or you use a connect button ( if there is one )



Are both ends set up the same way ( revesed Local IPs though )


Author

Commented:
Actually the 2.x is not real one I just put the number since it was mandatory field even though I selected the Any for gateway type.

Here is what I'm trying to do.
This RVS4000 router is in the office(T1) and I want to connect to the office network from my home(DSL).

RVS4000 IP: xxx.xxx.160.99 (Wan)
RVS4000 IP: 192.168.0.1 (Lan)
Home 192.168.1.8 (Lan)

Thanks

CERTIFIED EXPERT
Top Expert 2013

Commented:
IP Address:  192.168.2.0
                     0.0.0.0  = any
I would change that.

As SysExpert stated it will show status down unless a remote user is connected.
Based on your configuration I assume you are using an IPSec VPN client for remote users to connect. If so which client? Your configuration is not for use with Linksys Quick VPN or Windows clients, nor another remote VPN router. The only one I know that will work for sure is www.TheGreenBow.com
Instructions: http://www.thegreenbow.com/doc/tgbvpn_cg_Linksys_RVS4000_en.pdf

Author

Commented:
Thanks for your reponse.
I thought nobody is going to answer my question.
Fiirst, there is a summary status screen that shows connect button which it will change to disconnect after the connection so I think something is wrong with my setting.
Second, to use Quick VPN how the configuration need to be changed.

Thanks
CERTIFIED EXPERT
Top Expert 2013

Commented:
None of that page need be configured for the QuickVPN client. It is on a different configuration page and basically only needs a user name and password. You must also use the matching version of the QuickVPN client.
From the RVS4000 manual:
1.Click the VPN tab.
2. Click the VPN Client Accounts tab.
3. Enter the username in the Username field.
4. Enter the password in the Password field, and enter it again in the Re-enter to confirm field.
5. Click the Add/Save button.
6. Click the Active checkbox for VPN Client No. 1.
Click the Save Settings button.

Author

Commented:
I already setup the VPN client account page but I still can't connect.
I still think vpn setting on RVS4000.
Maybe I have to change the firewall setting too?
CERTIFIED EXPERT
Top Expert 2013

Commented:
All you have to do on the RVS4000 is username and password. I have done lots of them.
However the QuickVPN client is the most troublesome VPN client available today. There are pages of blogs outlining potential issues.
For starters:
-The RVL4000 must have a public IP assigned to it
-The client can only be behind a single routing device. i.e. it cannot be behind a modem that is a combined modem and router, in conjunction with a standard router
-it does not work at all behind some routers
-the site from which you are connecting cannot use the same subnet as the suite to which you are connecting
-the VPN client must match the version of the firmware on the router. Some versions require exporting a certificate from the router and installing on the client
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386737314B161&displaypage=nodata#versiondetail
-the traffic can be blocked by software such as Symantec anti-virus with Internet worm protection enabled, McAfee security suite, ZoneAlarm, Windows Live One Care, and others.

Some sample sites:
https://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22427172.html?cid=237#a20027681
http://www.linksysinfo.org/forums/showthread.php?t=47114
http://www.linksysinfo.org/forums/showthread.php?t=35652

Author

Commented:
I've tried and still doesn't work.
CERTIFIED EXPERT
Top Expert 2013

Commented:
It is very difficult for us to isolate the problem. As mentioned though the QuickVPN works well there can be many issues that can block the VPN traffic. The links provided earlier list dozens of possible causes It is a case of addressing each one at a time. Also "still doesn't work" doesn't give us much to go on.
CERTIFIED EXPERT
Top Expert 2007

Commented:
WHat do the logs on each side say. They should provide info regarding the VPN, and what is wrong.

Author

Commented:
In the log "home" cannot initiate the connection without knowing peer ip address.
And from the summary screen, the tunnel test button remains "connect" after I click.

And My answers for RobWill

-The RVL4000 must have a public IP assigned to it - Yes
-The client can only be behind a single routing device. i.e. it cannot be behind a modem that is a combined modem and router, in conjunction with a standard router - Tried at work and home
-it does not work at all behind some routers - ???
-the site from which you are connecting cannot use the same subnet as the suite to which you are connecting - Tried different subnet
-the VPN client must match the version of the firmware on the router. Some versions require exporting a certificate from the router and installing on the client - Tried both xp and vista version
-the traffic can be blocked by software such as Symantec anti-virus with Internet worm protection enabled, McAfee security suite, ZoneAlarm, Windows Live One Care, and others. - Disabled all

Some sample sites: - I've tried belows before I post the question here.
https://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22427172.html?cid=237#a20027681
http://www.linksysinfo.org/forums/showthread.php?t=47114
http://www.linksysinfo.org/forums/showthread.php?t=35652

Thanks for your help

CERTIFIED EXPERT
Top Expert 2013

Commented:
>>"In the log "home" cannot initiate the connection without knowing peer ip address."
Sounds as if the RVS4000 public IP is not accessible.
-Is it possible it is not assigned a true public IP ( you mention it is) or it is behind a router or modem that is a combined modem and router?
-The client is using the wrong IP?
-The client is using a FQDN that does not properly resolve to the correct IP?

>>"the VPN client must match the version of the firmware on the router."
By this I mean the Quick VPN has multiple version numbers such as 1.1.10, 1.2.8 They must be the appropriate version for your router and firmware. I would make sure you have the latest firmware for your router and matching VPN client from:
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386737314B161&displaypage=nodata#versiondetail

>>"the traffic can be blocked by software such as Symantec anti-virus "
Some, I don't recall have to be uninstalled, not just disabled. Also it will not work if many of the other IPSec VPN clients are installed on the same machine.

Author

Commented:
My answers are in Bold.
Sounds as if the RVS4000 public IP is not accessible. - It is accessable since port forwarding is working.
-Is it possible it is not assigned a true public IP ( you mention it is) or it is behind a router or modem that is a combined modem and router? - I'm using T1 Cisco 1720 router.
-The client is using the wrong IP? - What do you mean wrong IP?
-The client is using a FQDN that does not properly resolve to the correct IP? - I don't get it. why FQDN is related with this issue since we are using IP


CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Currently, I don't have any information on this Cisco 1720 because the person who installed left nothing.
And I don't have the password to check what kind of settings we have.
Currently we don't use Cisco 1720 as a router we're using is as T1 modem I think.
But 5 public IPs are assigned to this Cisco 1720 and I'm using one of them for Linksys RVS4000.
 
CERTIFIED EXPERT
Top Expert 2013

Commented:
I am not sure if the Cisco will pass through the IPSec traffic to RVS4000, I don't know them well enough. I know the QuickVPN client is very fussy about multiple routers being in place.

Author

Commented:
Thank you !
I guess it has something to do with Cisco 1720

Author

Commented:
Do you think "cannot initiate the connection without knowing peer ip address." related with Cisco router?
CERTIFIED EXPERT
Top Expert 2013

Commented:
It could be if it is blocking the connection through it to the RVS4000's public IP.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.