Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1238
  • Last Modified:

VPN Problem with Linksys RV042 and Windows 7 File Sharing

I have setup a VPN connection between 2 locations that is successfully pingable between both locations.  
I attempted to setup filesharing on the systems but am unable to see or ping computers on the other subnets.  I am also needing to setup remote desktop, but that can be done later.  I am relatively new with Windows 7, but am really new to the file sharing proceedures in W7.  Couple of key things to know before hand:
Computers are set to be at "Work" not "Home."
Workgroup names are the same.
Is there a port that needs to be opened on the RV042?
0
BadPanda
Asked:
BadPanda
  • 15
  • 13
1 Solution
 
JohnBusiness Consultant (Owner)Commented:
The tunnel in the Linksys RV042 does not care about the client operating systems.

When you set up the tunnel in the RV02, did you use gateway <--> gateway ? According to the above, you would want this setup up.  Then make sure the VPN setups are the same on both ends.

Then, in the tunnel setup, look down the setup page to the advanced settings. Make sure the advanced settings are the same on both ends and then you might try turning on NAT Traversal to see if that helps. Experiment both ways.

Now look in the firewall tab. The settings in there should be all enabled except for remote management (unless you want that) and multicast pass-through.

Otherwise, if the tunnel is properly set up and working, the appropriate ports should already be working. I have not had to open specifi ports

.. Thinkpads_User
0
 
BadPandaAuthor Commented:
Thinkpads, thanks for the response.  yes, they were done gateway to gateway.  The VPNs are setup with subnets of 192.168.2.0 and 192.168.4.0 (there is a 3rd one not currently connected.)  Anyway, my thinking was that something in Windows 7 was preventing filesharing and browsing since we aren't using that HOMEGROUP that Microsoft throws all over the place lately.
To clarify, I can ping the other ROUTER.  I can not PING other PCs...even those that have their firewalls turned off.
0
 
JohnBusiness Consultant (Owner)Commented:
First, please do answer my settings questions above.

Second, then, on Windows 7, look at the following: In Control Panel -> Network and Sharing Center -> Advanced Sharing settings:

Turn on: Network Discovery, File and Print Sharing, Use 128 bit encryption, Password protected sharing, Use user accounts and passwords.

Turn off: Public folder sharing, media streaming. And the obverse of "Use user accounts" is to ensure Homegroup is off.

Try these settings, however, I don't think these settings affect the ability to ping the other end. You need to establish this before proceeding.

Now, do you have two firewalls. Please overtly check, because there is a Windows firewall and there may be your own AntiVirus firewall.

And then to belt and suspender, we cannot deal with firesharing until you can ping.

... Thinkpads_User
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
BadPandaAuthor Commented:
Thinkpads, I will get back to ASAP.  I have a quick cable-run to go do and then I'll be back.
0
 
BadPandaAuthor Commented:
I have gone through the settings as you suggested.  I also turned on NetBIOS in the advanced option but no luck.
I am unable to ping any PC on the other subnet.  I am able to ping the remote subnet router without issue.  I checked and am able to ping PCs from within their own subnets.
Definitely at the router.  Could this be a route thing?  Not sure.  I reread the documentation (still going through it) and don't see anything in it about this.
Panda
0
 
JohnBusiness Consultant (Owner)Commented:
Question:  When you say you can ping the other router, can you be at 192.168.2.x and ping 192.168.4.x ?  That is, can you ping from inside one end to inside the other end.  Ping the router gateway.

One thing you might try is to reset the two routers to factory condition, ensure the firmware is at 1.3.12.16, and then rebuild the tunnels.

Something I am not certain about:  One end of the system can be on a dynamic IP (external). But the other end must be static, I think. I do not think you can have both ends dynamic.

... Thinkpads_User
0
 
BadPandaAuthor Commented:
Out with flu. Will reply ASAP
0
 
BadPandaAuthor Commented:
"Question:  When you say you can ping the other router, can you be at 192.168.2.x and ping 192.168.4.x ?  That is, can you ping from inside one end to inside the other end.  Ping the router gateway." Yes, that is exactly what I am saying.  
Both routers were reset to factory already and am rebuilding them because the prior admin didn't have the passwords or anything else documented.  
As far as using dymic IP on both, if you used DDNS it wouldn't matter.  But these are both static IPs.  
0
 
JohnBusiness Consultant (Owner)Commented:
Thanks. Let us know when you have them rebuilt. I have clients with these little boxes on static IP's, set up as I suggested above and they communicate just fine. ... Thinkpads_User
0
 
BadPandaAuthor Commented:
They are rebuilt...I apologize I wasn't clear.  I had already reset them to factory and this is when the problems began.
As I said, they appear to connecting to each other just fine just not passing any info other than to the gateways themselves.  I can't ping anything else other than x.x.x.1 from the other subnet; 2-254 isn't available.
0
 
JohnBusiness Consultant (Owner)Commented:
So you are at 192.168.2.100 (say) and you can ping 192.168.4.1 but not 192.168.4.100?  Is there only one device at 192.168.4.x? And is that one single device a Windows 7 computer?  What IP address does this Windows 7 computer get? If there is more than one device at .4, what are they and what IP addresses do they get?  

I am away right now and not near my own RV042 but I should be able to assist.
... Thinkpads_User
0
 
BadPandaAuthor Commented:
Your scenario is correct.  The main office is the 192.168.2.x and it has multiple machines (I can't ping any of them.)  The branch office is 192.168.4.x and only has the one device which is a W7 machine. It receives a dynamic IP from the router which defaults at .100 I believe.
I am VERY thankful for the help thinkpads!
0
 
BadPandaAuthor Commented:
edit above comment:  Your scenario is correct.  The main office is the 192.168.2.x and it has multiple machines (I can't ping any of them FROM THE BRANCH OFFICE.)  
0
 
JohnBusiness Consultant (Owner)Commented:
At this point, I am not sure the tunnel is properly established. I don't see how so many devices cannot be pinged.

Check in the tunnel setup page that the connection button stays connected. It should say Disconnect.

.... Thinkpads_User
0
 
BadPandaAuthor Commented:
I do have the option to disconnect.  I disconnected the tunnels and reconnected the tunnels just to be sure.  No change.
0
 
JohnBusiness Consultant (Owner)Commented:
The RV042 has WAN and DMZ ports along with 4 LAN ports. I assume you have connected your internet source (DSL modem or like) into the WAN1 port and that your tunnel references WAN1. I also assume you have the RV042 on the other end properly set up with respect to ports as well.

I would re-emphasize two things from earlier.
(a) Make sure the firewall settings (in the firewall tab) are set properly. I do not have an RV042 at hand until Monday next but go into the firewall tab and make sure you are not blocking anything.
(b) Did you try setting NAT Traversal on one end and also try both ends. You need to experiment with this setting. Try none both ends, set one end with the other off, and then set both ends.  Make sure Aggressive mode is set the same on each end.

... Thinkpads_User

0
 
JohnBusiness Consultant (Owner)Commented:
Another thing to try (separate from the RV042) is to set up Wireshark on one computer and see what traffic is happening and from where when you try to ping a computer on the other end.  ... Thinkpads_User
0
 
BadPandaAuthor Commented:
Okay thinkpads.  Thanks for sticking with me.  I'm going to be working on a network for the next two days so I may only be able to get to this friday afternoon.
I'll get back to you as soon as possible.
0
 
JohnBusiness Consultant (Owner)Commented:
Monday would be fine as well, as I will be able to work with my own RV042 remotely and locally. So take your time and Monday is fine.  ... Thinkpads_User
0
 
JohnBusiness Consultant (Owner)Commented:
@BadPanda - It is Monday and I am at one other end of my home RV042 Cisco LinkSys Router (which has permanent Gateway <--> Gateway IPSec Tunnels to several clients) .  

I just pinged my home Windows 7 Pro machine with no issue. Last Friday from home I pinged a client XP Pro machine with no issue. So generally, connections work and with XP / Windows 7 .

So big picture:
1. Make sure your tunnels are mirror images of each other per steps above (which I can repeat if need be).
2. Make sure you have plugged into WAN1 (and not DMZ) on both routers.
3. Make sure client firewalls everywhere allow all subnets.
4. I have a HOSTS entry for each client. You may need a HOSTS entry.

... Thinkpads_User
0
 
BadPandaAuthor Commented:
I'm thinking I need to work on step 4.  Can you post a sample?
0
 
JohnBusiness Consultant (Owner)Commented:
The HOSTS file looks like this:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
#
# localhost name resolution is handled within DNS itself.
#      127.0.0.1       localhost
#      ::1             localhost
#
192.168.0.100      computername            # Description
192.168.0.101      otherpcname            # Description
----------------------
Lines beginning with # are comments.

So you need at one end, the internal IP of the other end, with the name of the computer. You need a line for each computer.

... Thinkpads_User
0
 
JohnBusiness Consultant (Owner)Commented:
Don't forget that the HOSTS file is only to relate IP address to computer name. If you are pinging by IP number, the HOSTS file does not enter into it. If you ping by computer name, then the HOSTS file does enter into it.

I double checked: I can ping my Windows 7 machine, my print server, and my wireless router from a client with a tunnel connected to my RV042.

So I still wonder about your router setup. Specifically (and some repitition here):
1. In the RV042 setup, in the Firewall tab, you need Firewall, SPI, DoS, and HTTPS all enabled. I have Block WAN request Enabled, but you might try it on one end Disabled. You should have Remote Management and Multicast disabled. Block (Java, Cookies etc) all unchecked. Don't block Java/ActiveX also unchecked.
2. I did NOT play with or alter any ports.
3. Make sure you are on WAN1 both ends.
4. In the VPN tab for a Tunnel, make sure local security groups are set to subnet and that subnet and mask are correct. Make sure the IPSec setup is mirrored both ends. Then in Advanced, Aggressive mode both checked or both unchecked. Compress unchecked. Keep Alive checked. AH Hash unchecked, NetBIOS unchecked. NAT Traversal EXPERIMENT all combinations. Dead Peer Detect checked.

.... Thinkpads_User
0
 
JohnBusiness Consultant (Owner)Commented:
Hello BadPanda -

Any luck pinging devices?  I am thinking you have used IP instead of Subnet in the local security groups (2 places).

By the way, you probably should increase the points in this question given the overall difficulty.

... Thinkpads_User
0
 
BadPandaAuthor Commented:
This job is for a client and they have been too busy to let me get back there.  
Could you clarify the last comment?  Where would this be checked and I can see if I did that?
Thanks!
Panda
0
 
JohnBusiness Consultant (Owner)Commented:
In the settings for local security groups in the VPN tab. You can select IP, Subnet or IP range. I think you might have selected IP and that is why you can only ping the gateway.

Yes, you have extended the points to 500. Thanks. ... Thinkpads_User
0
 
JohnBusiness Consultant (Owner)Commented:
Thank you. I was pleased to help you out with this. ... Thinkpads_User
0
 
BadPandaAuthor Commented:
you were awesome thinkpads.  Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 15
  • 13
Tackle projects and never again get stuck behind a technical roadblock.
Join Now