?
Solved

VPN Router-Client doesn't work out of USA

Posted on 2009-04-28
13
Medium Priority
?
713 Views
Last Modified: 2012-08-13
How do I setup the router?
Router Linksys WRV200 works with VPN in USA but South America (Ecuador, Argentina), we uses QuickVPN_Client_v1.2.11
0
Comment
Question by:FernandoMonroy
  • 6
  • 5
11 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 24259330
You have not provided any information on which to base a suggestion.
Do you see the connection attempts on the WRV200?
The location from which the VPN is attempted might have VPN access restricted/blocked.
What errors if any are seen on the client?
0
 

Author Comment

by:FernandoMonroy
ID: 24260415
We have access to the VPN in USA.
We are trying to access from  Ecuador and  Argentina without success.
When we ran the Quick VPN client  the systems send this message:
- Connecting
- Activating Policy
- Verifying Network,
 the program  send this error:
 The remote gateway is not responding. Do you want to wait?
Yes or No
We answer Yes

Without succes.

In the VPN Log we activity
 
"loading secrets from ëtc/ipsec.secrets"
listening for IKE messages
forgetting secrets
 
0
 
LVL 81

Expert Comment

by:arnold
ID: 24260464
VPN log is that from the wrv200?  The client reports that it is not receiving a response.  Do you see the request on the WRV?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:FernandoMonroy
ID: 24260585
Yes,  the VPN Log is from the WRV200
The client received the message ""The remote gateway is not responding. Do you want to wait?"
0
 
LVL 81

Expert Comment

by:arnold
ID: 24260716
The notice is that the client did not receive a response. and is generating the error notice.

This might be an issue with the location you are in that is not permitting VPN access.  You should check with the party through whom you connect to the net whether VPN access is being blocked.  If you use your own router, make sure that it has VPN IPSEC passthrough enabled.
0
 

Author Comment

by:FernandoMonroy
ID: 24260967
What are the parameters that my ISP could block for VPN acces?
0
 
LVL 81

Expert Comment

by:arnold
ID: 24261870
UDP Port 500/4500, 1723, 1701,10000 depending on what your VPN client uses.
Are you able to access SSL encrypted sites from these locations, setup an SSL VPN if the option exists.
0
 

Author Comment

by:FernandoMonroy
ID: 24308151
The ISP doesn't block those ports
0
 
LVL 81

Expert Comment

by:arnold
ID: 24310514
IF the ports are not being blocked, you should see at least access attempts on your side that either fail because of phase 1, phase 2, passphrase mismatch etc.  If you see no attempts, that suggest that it is being blocked/lost somewhere along the way..
If any of the packets reach your server, you should see it either an error because the packet was malformed/fragmented, etc.
0
 

Author Comment

by:FernandoMonroy
ID: 24354284
This messages are in the VPN Log:
150   [Sun 14:16:05]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
151   [Sun 14:16:05]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500
152   [Sun 14:16:07]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
153   [Sun 14:16:07]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500
154   [Sun 14:16:10]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
155   [Sun 14:16:10]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500
156   [Sun 14:16:14]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
157   [Sun 14:16:14]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500
158   [Sun 14:16:23]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
159   [Sun 14:16:23]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500
160   [Sun 14:16:40]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
161   [Sun 14:16:40]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500
162   [Sun 14:16:56]  packet from 71.231.2.207:500: next payload type of ISAKMP Message has an unknown value: 133
163   [Sun 14:16:56]  packet from 71.231.2.207:500: sending notification PAYLOAD_MALFORMED to 71.231.2.207:500

0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 24354380
payload_malformed might mean that there is an issue with the passphrase, policy mismatch. http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=83130 deals with the PFS option.  Could it be that you have the VPN client configured for PFS while the policy on the WRV has the PFS option disabled or vice versa?

i.e. check the policy on the WRV dealing with PFS settings and the remote LAN IPs as well as what the remote systems LAN IP is.
Also check what the VPN client logs.  If possible, make the logging more verbose on the VPN client side.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question