1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cross Manufacturer VPN - RV042 <-> Watchguard SOHO6

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Jahntassa, Oct 1, 2005.

  1. Jahntassa

    Jahntassa Network Guru Member

    Okay, this is just a reference for anyone trying to get an RV042 to do a VPN Gateway-to-Gateway with a Watchguard SOHO6.

    RV042 Firmware:
    SOHO Firmware: 6.4.1 build 15

    Linksys Network
    IP Subnet:
    Netmask: (/24)

    SOHO Network
    IP Subnet:
    Netmask: (/24)

    Setup on the SOHO Side:
    In the Soho, login and go to 'Managed VPN'

    Add a gateway.

    Give it a unique name, doesn't matter what.
    Set the Shared Key to something. Letters/numbers/symbols is good.

    Mode: Main Mode
    Remote IP Address: The external IP of your RV042

    Local ID: The external IP of your SOHO
    Type: IP Address

    Remote ID: The external IP of your RV042
    Type: IP Address

    Authentication: SHA1-HMAC
    Encryption: DES-CBC

    Negotiation expiration in KBs: 0
    Negotiation expiration in hours: 8

    Diffie-Helmen Group: 1
    Uncheck 'Generate IKE Keep Alive'

    Phase 2 Settings
    Authentication: SHA1-HMAC
    Encryption: 3DES-CBC

    Uncheck 'Enable Perfect Forward Secrecy'
    Key expiration in KBs: 0
    Key expiration in hours: 8

    Next go below the Local/Remote network boxes and add your local and remote networks. In my case, it looks like:


    Click 'Add' then 'Submit'

    Setup the RV042

    1. Disable SNMP - Don't ask why. Just do it..it messes with packets going through the tunnel

    2. Firewall - MTU - Manual: 1292 - Found this tidbit on the forums somewhere, apparently the Auto MTU bites and causes issues

    3. VPN - Gateway to Gateway

    Here are the settings as I have it:

    Tunnel Name: Whatever you want goes here
    Interface: The interface with the external IP you set on the SOHO
    Enable: Check this.

    Local Secury Gateway Type: IP Only
    Local Security Group Type: Subnet

    Remote Security Gateway Type: IP Only
    IP Address: (IP of your SOHO)
    Remote Security Group Type: Subnet

    Keying Mode: IKE with preshared key
    Phase1 DH Group: Group 1
    Phase1 Encryption: DES

    Phase1 Authentication: SHA1
    Phase1 SA Life Time: 28800

    Uncheck Perfect Forward Secrecy

    Phase2 Encryption: 3DES
    Phase2 Authentication: SHA1

    Phase2 SA Life Time: 28800
    Preshared Key: Same as on the SOHO


    Check the following:
    Aggressive Mode
    NetBIOS Broadcast - Doesn't seem to have an affect through the SOHO

    Save settings.

    This is just how I have my networks setup. The RV042 is relatively 'stock' as far as settings go, and I believe the SOHO, in terms of VPN, is as well. I can probably give minimal help with this if you need it. Above is just how I have my boxes set to have a G2G tunnel that works.

Share This Page