1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Office to Office VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Armadillo, Jun 1, 2005.

  1. Armadillo

    Armadillo Network Guru Member

    I am trying to make an office to office vpn connecting both networks
    together as one.

    I have two WRV54G routers, however all I have accomplished is getting
    headaches and well... nothing. Are these routers even capable of doing
    this task? I have tried everything I can think of including almost all
    versions of the firmware. I noticed alot of people are having difficulties
    with the WRV54G router.

    The routers work fine untill I try to program VPN information into them
    after that point they do not allow any traffic at all through to the internet.
    Linksys support was of no help, they are telling me the routers are
    proboably defective. Its difficult for me to beleive they are defective as
    the routers were each purchased a month or two apart from two totally
    different stores. Linksys support was of no help.

    Should I be using a different VPN router for this task? Perhaps the RV042?
    I also need Wireless-G capability, but I suppose a separate WAP can be
    used. This is why I first selected the WRV54G.

    All input is greatly appreciated. If you require any more information about
    my setup please let me know. Thanks in Advance.
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    I'm headed out to work at the moment, so, speaking for myself, I might have a few suggestions a little later...

    Doc
     
  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    Alrighty then...

    You don't really need to get a wireless repeater. The main issue of signal strength being weak with the WRV54G is because of the factory antenna strength. Check out this like to get a 7DBI Omni-directional High Gain Antennae from Linksys. It's compatible with the WRV54G:

    http://newsite.pagecomputers.com/st...category_name=18g18c130s567&product_id=623236

    I bought one for my WRV54G about 6 months ago and the coverage since then is excellent!! I haven't even considered using a access point because of having this installed.

    The "Quickvpn" function on this router works fine with firmwares 2.37E (50 client license firmware), 2.37.13, and 2.38. Should you want to use a third party client (SSH, Greenbow) make sure the computes make a "direct" connection (pc ----> modem--->internet). Your issue is configuration if everything works fine prior to tunnel configuration, from my perspective...

    Here's a post I got from a partner in another forum for configuring a wrv-to-wrv tunnel:
    -------------------------------------------------------------------------------------


    My Settings for a WORKING Gateway to Gateway VPN between Two WRV54G's. Both with firmware version 2.37.1

    IPSec Passthru Enabled
    PPTP Passthru Enabled
    L2Tp Passthru Enabled

    (don't think above are needed, but left as defaults - possibly creates extra overhead?)

    VPN Tunnel Enabled
    VPN Gateway Disabled

    Local Secure Subnet
    Group 192.168.71.0 255.255.255.0

    Local Secure Subnet
    Group 192.168.122.0 255.255.255.0

    Remote Secure IP Address
    Gateway 1.2.3.4

    Encryption 3DES
    Authentication MD5

    Key Exchange Auto(IKE)
    PFS Enabled

    Pre-Shared Key Enabled
    RSA Signature Disabled
    Key LifeTime 3600

    ADVANCED SETTINGS

    PAHSE1
    Operational Mode MAIN
    Encryption 3DES
    Authentication MD5
    Group 1024
    Key Lifetime 3600

    PHASE2
    Encryption 3DES
    Authentication Disable (this struck me as odd but I can't change it)
    PFS Enabled
    Group 1024
    Key Lifetime 28000

    Other Options
    Netbios BroadCast Enabled
    Anti-Replay Enabled
    Keep Alive Enabled
    If Ike Failed.. Disabled

    The above settings are the same on both WRV54G's (obviously). I should mention that the ISP is the same for both ends and that High Speed in Canada is fairly robust (only 2 major competitors exist). No disconnect problems at all after 3 weeks solid.

    Other VPN's I have had success with:

    Two BEFSX41's to an RV042
    WRV54G to BEFSX41

    I tried to get one working between a WRV54G and a RV042 but couldn't - even had Linksys on the phone but they couldn't figure it out (surprise surprise)
    -------------------------------------------------------------------------------------

    Give this a shot...

    Doc
     
  4. Armadillo

    Armadillo Network Guru Member

    Thanks for your advice. I will give this a shot tomorrow morning when I am
    at the second office and let you know how it works out.
     
  5. Armadillo

    Armadillo Network Guru Member

    I have tried the above without luck. In the status field in the security >
    vpn area it stays on "waiting for connection."

    -----

    I have also tried using the quickvpn software from the second office
    to the first and it says:

    1) Connecting
    2) Activating Policy
    3) Verifying Network
    4) The remote gateway is not responding, you will now be disconnected.
    Please try again later.
    5) Then it disconnects me.

    I noticed that on the router in the first office it says connected under
    status > vpn clients before it disconnects with quickvpn.

    I am currently using the v2.38 firmware on both routers.
    Any more ideas?
     
  6. Armadillo

    Armadillo Network Guru Member

    These are the Router's Settings:

    --- Router #1 ---

    PPPoE Internet Connection (aDSL 3000/384)
    MTU: Auto
    Local IP Address 10.0.1.1 255.255.255.0
    Local DHCP Server: Disabled

    IPSec Passthough: Enabled
    PPTP Passthough: Enabled
    L2TP Passthrough: Enabled

    Select Tunnel Entry: Tunnel1 (ANET)
    VPN Tunnel: Enabled
    VPN Gateway: Disabled
    Tunnel Name: ANET

    Local Secure Group: (Subnet) 10.0.1.1 255.255.255.0
    Remote Secure Group: (Subnet) 10.0.2.1 255.255.255.0
    Remote Secure Gateway: (IP Addr.) XXX.XXX.XXX.XXX [Public IP of Router 2]

    Encryption: 3DES
    Authentication: MD5

    Key Exchange Method: Auto(IKE)
    PFS: Enabled
    Pre-Shared Key: (Selected) *******
    Key Lifetime:3600

    Phase 1
    Operational Mode: Main
    Encryption: 3DES
    Authentication: MD5
    Group: 1024-bit
    Key Life Time: 3600

    Phase 2PFS: Enabled
    Encryption: 3DES
    Authentication: MD5

    Group: 1024-bit
    Key Life Time: 28000

    NetBIOS Broadcast: Enabled
    Anti-replay: Enabled
    Keep Alive: Enabled
    IKE Failure: Disabled

    --- Router #2 ---

    Static IP Internet Connection (T1 1544/1544)
    Local IP Address 10.0.2.1 255.255.255.0
    Local DHCP Server: Disabled

    IPSec Passthough: Enabled
    PPTP Passthough: Enabled
    L2TP Passthrough: Enabled

    Select Tunnel Entry: Tunnel1 (ANET)
    VPN Tunnel: Enabled
    VPN Gateway: Disabled
    Tunnel Name: ANET

    Local Secure Group: (Subnet) 10.0.2.1 255.255.255.0
    Remote Secure Group: (Subnet) 10.0.1.1 255.255.255.0
    Remote Secure Gateway: (IP Addr.) XXX.XXX.XXX.XXX [Public IP of Router 1]

    Encryption: 3DES
    Authentication: MD5

    Key Exchange Method: Auto(IKE)
    PFS: Enabled
    Pre-Shared Key: (Selected) *******
    Key Lifetime:3600

    Phase 1
    Operational Mode: Main
    Encryption: 3DES
    Authentication: MD5
    Group: 1024-bit
    Key Life Time: 3600

    Phase 2
    Encryption: 3DES
    Authentication: MD5
    PFS: Enabled
    Group: 1024-bit
    Key Life Time: 28000

    NetBIOS Broadcast: Enabled
    Anti-replay: Enabled
    Keep Alive: Enabled
    IKE Failure: Disabled
     
  7. DocLarge

    DocLarge Super Moderator Staff Member Member

    1) Check out the linksysinfo.org homepage; there's a setup guide to take you "step-by-step" through the quickvpn process.

    2) What's the MTU setting on router #2?

    3) The following link is "supposedly" applicable to the WRV54G (some setting options are different, says Linksys tech support *heh* :

    http://linksys.custhelp.com/cgi-bin...SZwX3NlYXJjaF90ZXh0PTE3MDU*&p_li=&p_topview=1

    Additionally, to establish a baseline when working on the router-to-router configuration, start at the "lowest settings" (i.e., disabled) and work your way up from there as you start making your connections, if any...

    Doc
     
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    Boom, baby!!!

    I had to go back a few posts, but I found a post that had some screenshots of a "working" wrv54g-to-wrv54g working tunnel. As usual, I can't get the pictures to post. I'll PM toxic and see if he can post them.

    Doc
     
  9. Kompressor

    Kompressor Network Guru Member

    I have successfully setup a site-to-site VPN using two WRV54G routers.
    I'm using Linksys' official beta firmware version 1.37.13.

    http://img67.exs.cx/img67/9521/49gh.png
    http://img67.exs.cx/img67/2650/37sg.png

    Of course, enable the connection on both ends, and it's normal for it to say "waiting for connection", navigate to the firewall tab and back to VPN again and it should now say Connected.

    If you're still having problems, make sure you're not being blocked by a corporate firewall or a ISP blocking ports.
     
  10. DocLarge

    DocLarge Super Moderator Staff Member Member

    Well speak of the devil!

    Armadillo, scratch what I said about finding some screenshots. The shots I was referring to I'd located were from a post Kompressor had made earlier this year,but he's just posted them again.

    Doc
     
  11. Armadillo

    Armadillo Network Guru Member

    It Worked!

    After some tinkering around with the settings and such, and referencing
    to the above posts I finally got the routers to connect to each other.

    I greatly appreciate both of your guys help, if there is anything I can do
    let me know.
     

Share This Page