1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BEFSX41 VPN Issues

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by BDollas, Jul 6, 2005.

  1. BDollas

    BDollas Network Guru Member

    I've got a BEFXS41 that our server's behind. I'm trying to allow us to be able to access it from our homes; two of us on cable modems, one DSL, two with routers, one just straight cable modem - all dynamic IPs. Two are on XP and one is on Win2k.

    I've read a few things online but haven't been able to get it to work. I thought you guys might just be what I'm looking for. I tried the most simple set up I could (all IPs, etc) but wasn't able to make it happen.

    We recently added a second DSL connection not connected to our router, so I'd be able to test options from there.

    If anyone knows how I should set up my BEFSX41 VPN I'd be much appreciative!
     
  2. TazUk

    TazUk Network Guru Member

    What are you using on the client side to make the connection i.e. VPN router, Windows VPN client, other VPN client :?:

    What settings are you using at both ends :?:
     
  3. BDollas

    BDollas Network Guru Member

    On the client side I'm using just the WinXP "Network Connections" software. I haven't tried using the Win2k computer yet.

    When I've tried using the XP to connect to the static IP provided by our DSL line. Would that be the right way to go? It just says it can't make the connection.

    If possible, I'd like step by step instructions for the BEFSX41 and I'll just go trial and error on the WinXP machines.

    I know that I'm not being much help! Sorry :oops:
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    GREENBOW VPN SETUP GUIDE FOR WRV54G

    Use version 2.50 of the greenbow client by the way. Also, third party vpn clients "will not" connect to a WRV54G if you are connecting from behind another WRV54G; you will have to make a "direct connection" (computer to modem) to connect. Linksys devices that do not have this NAT-T problem when "hosting" VPN tunnels are the WAG54G ADSL Gateway (sold over here in England and Europe) which supports 5 IPSEC tunnels, the BEFVP41, which supports 50 IPSEC tunnels, and the BEFSX41, which supports 2 IPSEC tunnels. If you want to make a secure vpn connection from one WRV54G to another, you'll need to use the Linksys Quickvpn client.

    Below is a baseline example to get started.

    Phase I (Greenbow VPN Client):
    1) Tunnel: The name you use should be the same on the router you're connecting to
    2) Interface: leave it as an asterik.
    3) Remote gateway: The WAN address (ISP provided ip address) of the router you're trying to connect to obviously.
    4) Pre-shared key: Use a hexadecimal string beginning with 0x (i.e. 0x123456789 with most other routers); if you are connecting to a WRV54G, upper or lowercase words seem to work better (meagainstwhomever).
    5) Certificate: N/A
    6) Encryption: Use 3DES
    7) Authentication: SHA (the equivalent on the WRV54G is SHA1)
    Key Group: Set this to DH1024
    9) Save and apply settings.

    Phase II (Greenbow VPN Client):
    1) Tunnel Name: Same as Phase I
    2) Vpn client address:"Your" WAN ip address (provided to you by your ISP) if you are connecting directly to a modem; use the local LAN IP if you are behind a router that supports NAT-T (again, the WRV54G, right now, does not support this feature; use quickvpn instead).
    3) Address Type: Use Subnet address. Input the Remote LAN's local IP settings
    (i.e.) Local IP: 192.168.1.5
    Subnet: 255.255.255.0
    4) Encryption: 3DES
    5) Authentication: SHA
    6) Mode: Tunnel
    7) PFS: Ensure this box is checked
    Group: The group should be dh1024
    9) Save and apply settings

    Additionally, make sure you set the "maximal lifetime settings" for encryption and authentication to "3600." You can do this by clicking on the "parameters" link.


    ON THE ROUTER (WRV54G)

    IPSEC: Enabled
    PPTP: Enabled
    L2TP: Disabled

    Tunnel Name: Same as Greenbow
    VPN Tunnel: Enabled
    VPN Gateway: Disabled


    Local Secure Group: Your local router settings. Either host or subnet work (I prefer subnet)

    Remote Secure Group: The router/client at the distant end. Either input the local LAN settings of the “remote†router/client by choosing the “Subnet†option or use “Any†to make your initial connection; I’d recommend using “Any†first (handles all incoming connections). Try using “Subnet†to specify connections (Local LAN IP and Subnet) after you get the hang of it. “Any†isn’t too secure but allows you to see the connection for the first time without breaking a sweat. Once you understand the configuration better, vary your configuration.

    Remote Secure Gateway: This is the WAN IP “or†the FQDN of the router/client that is going to be connecting to your WRV54G. My personal success comes from using “Any†and “FQDN.†Use FQDN if you have registered a dynamic dns name (you can do this at www.dyndns.org).

    Encryption and Authentication is 3DES and SHA1.

    Key Management: Auto(IKE) [Enabled]
    PFS: Enabled
    Pre Shared Key: Same as Greenbow
    Key Lifetime: Same as Greenbow


    Click “Advanced VPN Tunnel Setup:

    Phase I:

    Mode: Main
    Encryption: 3DES
    Authentication: SHA1
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Phase II:

    Encryption: 3DES
    Authentication: SHA1
    PFS: Enabled
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Under “Other Options,†check the “Netbios†option and leave all others blank, unless required.


    VERY IMPORTANT: Make sure all of your greenbow settings match your router settings and that the remote ip settings are different from your own!

    Just in case anyone new to this forum doesn't understand the difference between PPTP server settings and Linksys Quickvpn, the settings listed above for greenbow connectivity are "specifically" intended for use with the built-in pptp server that comes with the WRV54G (50 available tunnels). The Quickvpn client sets all of this up when it loads on the client computer. The only difference is quickvpn uses MD5 for authentication.

    Here are some brief examples to connect greenbow to the wrv54g:

    Config #1

    Local Secure Group: Subnet
    Remote Secure Group: Any
    Remote Secure Gateway: Any
    Config #2

    Local Secure Group: Host
    Remote Secure Group: Host
    Remote Secure Gateway: FQDN


    These greenbow settings work with the RV0XX series routers also, although some settings may vary on the client side. Hell, some settings may vary altogether, but you'll get some satisfaction out of this.

    Doc
     
  5. turtle2472

    turtle2472 Network Guru Member

    As a newB here I thought to revive this thread rather than create my own.

    TazUK, DocLarge or other who knows this stuff: these questions are for you...

    I have a BEFSX41 for my network. I'm running 5 PC's and one Mac. My configuration is:
    Cable HSI --> BEFCMU10 Ethernet connected --> BEFSX41 --> EZXS16W --> WRT54G, 5 PC's, 1 Mac, PSUS4, PAP2, and NSLU2. Also connected to the BEFSX41 directly is a Motorola Vonage Phone adapter. The WRT54G serves my PDA's and occasional laptop roaming, nothing consistently wireless though. BEFSX41 is my DHCP server and the WRT54G has DHCP disabled. I have static IP’s for WRT54G, PSUS4, and NSLU2, dynamic for the rest.

    My IP Address is dynamic, though I have a DynDNS.org address configured and updated automatically through the BEFSX41.

    In going through all the threads on a search for the BEFSX41 I have gathered that I need to follow the "Greenbow" Setup guide to allow my Laptop to VPN connect to the network.

    Here are my needs:
    a. Connect to my network for file/printer sharing from remote.
    b. Encrypted Internet connection while at a public hotspot or hotel through my 15MB/2MB cable connection.
    c. Access to Remote Desktop Connection with at least one of my WinXP Pro computers.
    d. A maximum of two remote connections at once.

    I'm just not really clear on this though:
    1. I saw somewhere that the Vonage phone adapter *might* cause an issue with the VPN connection. Is this true? If so, how can I reconfigure my network to minimize issues? I currently have two adapters, one Linksys and one Motorola.
    2. When at a public hotspot and I open the VPN connection with Greenbow on my WinXP Home Laptop, am I able to open a Remote Desktop Connection with one of my XP Pro computers and surf the web through that connection?
    3. Is Greenbow my only option or just my best? I want the best while spending the least.
    4. Will Greenbow clash with my Cisco VPN client (4.0.2) on my work laptop? Or can I use the Cisco VPN client on my BEFSX41? Since I have access to the Cisco VPN software can I use it instead on both my laptops?
    5. Is there anything different I need to know that isn’t listed in this thread already to configure Greenbow?

    The only VPN Clients I currently have is the one built into WinXP and Cisco 4.0.2. I can get what is needed though.

    Thanks in advance. I might just get this yet!
     

Share This Page