Cross Manufacturer VPN - RV042 <-> Watchguard SOHO6

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Jahntassa, Oct 1, 2005.

  1. Jahntassa

    Jahntassa Network Guru Member

    Okay, this is just a reference for anyone trying to get an RV042 to do a VPN Gateway-to-Gateway with a Watchguard SOHO6.

    RV042 Firmware: 1.3.7.2
    SOHO Firmware: 6.4.1 build 15

    Linksys Network
    IP Subnet: 192.168.42.0
    Netmask: 255.255.255.0 (/24)

    SOHO Network
    IP Subnet: 192.168.65.0
    Netmask: 255.255.255.0 (/24)

    Setup on the SOHO Side:
    In the Soho, login and go to 'Managed VPN'

    Add a gateway.

    Give it a unique name, doesn't matter what.
    Set the Shared Key to something. Letters/numbers/symbols is good.

    Mode: Main Mode
    Remote IP Address: The external IP of your RV042

    Local ID: The external IP of your SOHO
    Type: IP Address

    Remote ID: The external IP of your RV042
    Type: IP Address

    Authentication: SHA1-HMAC
    Encryption: DES-CBC

    Negotiation expiration in KBs: 0
    Negotiation expiration in hours: 8

    Diffie-Helmen Group: 1
    Uncheck 'Generate IKE Keep Alive'

    Phase 2 Settings
    Authentication: SHA1-HMAC
    Encryption: 3DES-CBC

    Uncheck 'Enable Perfect Forward Secrecy'
    Key expiration in KBs: 0
    Key expiration in hours: 8

    Next go below the Local/Remote network boxes and add your local and remote networks. In my case, it looks like:

    Local: 192.168.65.0/24
    Remote: 192.168.42.0/24

    Click 'Add' then 'Submit'

    Setup the RV042

    1. Disable SNMP - Don't ask why. Just do it..it messes with packets going through the tunnel

    2. Firewall - MTU - Manual: 1292 - Found this tidbit on the forums somewhere, apparently the Auto MTU bites and causes issues

    3. VPN - Gateway to Gateway

    Here are the settings as I have it:

    Tunnel Name: Whatever you want goes here
    Interface: The interface with the external IP you set on the SOHO
    Enable: Check this.

    Local Secury Gateway Type: IP Only
    Local Security Group Type: Subnet
    IP: 192.168.42.0
    Mask: 255.255.255.0

    Remote Security Gateway Type: IP Only
    IP Address: (IP of your SOHO)
    Remote Security Group Type: Subnet
    IP: 192.168.65.0
    Mask: 255.255.255.0

    Keying Mode: IKE with preshared key
    Phase1 DH Group: Group 1
    Phase1 Encryption: DES

    Phase1 Authentication: SHA1
    Phase1 SA Life Time: 28800

    Uncheck Perfect Forward Secrecy

    Phase2 Encryption: 3DES
    Phase2 Authentication: SHA1

    Phase2 SA Life Time: 28800
    Preshared Key: Same as on the SOHO

    Advanced:

    Check the following:
    Aggressive Mode
    Keep-Alive
    NetBIOS Broadcast - Doesn't seem to have an affect through the SOHO

    Save settings.


    This is just how I have my networks setup. The RV042 is relatively 'stock' as far as settings go, and I believe the SOHO, in terms of VPN, is as well. I can probably give minimal help with this if you need it. Above is just how I have my boxes set to have a G2G tunnel that works.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice