1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

QuickVPN traffic route

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by olos, Oct 9, 2006.

  1. olos

    olos LI Guru Member

    Hello,

    I have a question regarding QucikVPN connection. Rv042 have network set to 10.201.205.x and i'm connecting from computer which works in 10.66.77.x network to 10.201.205.22. I can see in Sygate Firewall logs that all traffic is "routed" (correct me if i'm wrong) using 10.8.1.17 (this address i can see in firewall traffic logs). Now, the question. Is this address (10.8.1.17) can cause that 1 of our remote clients which works in 10.8.x.x network is unable to connect using QucikVpn (hang on VerifyingNetwork message). Is it possible to change this address ?

    Sorry if this is silly question

    Regards
    Tom
     
  2. ifican

    ifican Network Guru Member

    Well this is a little vague, but, if you are connecting from the 10.66 network to the 10.201 network via quick vpn then what you are seeing in the firewall logs is log traffic from that machine being on the 10.8 network at some time. On the flip side if the 10.66 host is trying to route traffic via 10.8 and is not connected to that network, then you will have no access whatsoever.

    If you are getting all the way to "Verifying Networks" then your connectivity is good, what generally causes that error is a firewall setting thats not allowing ipsec or more specifically nat-t (udp 4500) through. There are several other IP based reasons that would also cause that but from what you describe you dont fall into that category. Either turn off your firewall all together telling it not to start on reboot and reboot, or allow the 10.201 network as a trusted network and you should be good.
     
  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    Additionally here's a few "classic" symptoms to check for:"

    REASONS YOU CANNOT CONNECT WITH QUICKVPN (NEW)

    1. The quickvpn client is not the only vpn client loaded on the client machine.

    2. MTU on the WRV54G you are connecting to isn't set at "auto" and/or the packets being sent from the client computer are too large (should this be the case, download "DrTCP" and set the MTU of the client's NIC to 1458). Additionally, it doesn't hurt to check and see if the MTU on the client router is set at "auto" also.

    3. You are trying to connect through a dialup or ISDN connection.
    NOTE: I have never been able to connect from a dialup/ISDN connection with quickvpn. More power to those who can.

    UPDATE: Recently, someone was able to connect over dialup in a highly "unusual" manner Basically, when connecting over ISDN, quickvpn hangs at “verifying network” but it will still negotiate the ip security portion and allow you access to your LAN. The only way to close the connection is to terminate it through task manager.

    4. The firewall software on your computer is registering the "ACK" conversation from the distant-end device (wrv54g) as an "Invalid ICMP Type." In this instance you can either "shut down" the firewall for the session or, as I've done, uninstalled my firewall software (NIS 2004) and quickvpn, then reinstalled both (Norton first followed by quickvpn). After that, launch quickvpn, and once Norton detects it, it establishes all the proper rules to allow it to pass through the firewall. Hopefully your firewall software should do the same.

    In the case of #4, I never caught this until I noticed after reloading one of my computers, I had to drop the firewall on one of them to access "the same damn share" as the others, but I didn't have to bring the firewall down on any of the others except that one particular machine.

    5. IPSEC Passthru is not enabled on the client/distant end router.

    6. You have communication software loaded that is preventing quickvpn authentication with the wrv54g router

    Note: I loaded software from motorola cellphone that installed its own "liveupdate" software that blocked quickvpn from talking to my wrv54g router. I knew there was a program I'd recently loaded that was most likely the problem because I had just used quickvpn an hour prior.

    7. You have installed two nic’s on the client computer and quickvpn is trying to utilize the connection that is not assigned an ip address. Simply disable the card that is not being used.

    8. IPSEC is not running on the client computer you’re connecting with. To remedy this, go into control panel, administrative tools, then click on services. If IPSEC isn’t started, set it to automatic and start the service. If you’ve ever used ssh sentinel, this knocks your ipsec out and you have to go into windows services to restart it.

    9. The user account and password is not created or has not been typed in correctly.

    10. Large downloads will disrupt the routers tables causing quickvpn to not respond every so often.

    11. Quickvpn terminates in the middle of a quickvpn session. Just like #10, this hoses up the routing tables for vpn. The answer is to delete all existing accounts and recreate them (don’t create the same username and passwords twice) or reset the router to factory default and start from scratch.

    12. HTTPS is not Enabled by default (For RV0XX Series Only). If you will use the Linksys QuickVPN Client Software for allowing VPN Clients to connect.

    NOTE: NetBIOS is not supported across a QuickVPN connections. Use either WINS, DNS or the LMHosts Methods.

    These configurations are just what I’ve noticed when having quickvpn problems. People world wide have been following this guide with and have had success with the WRV54G, RV042 and the RV082 routers. Again, this is just a baseline. When you figure out what you need, just vary things as needed.

    Jay
     

Share This Page