1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Remote Secure Gateway: ANY (on WRV54G)

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by HercNav, Apr 1, 2006.

  1. HercNav

    HercNav LI Guru Member

    I just found out that SBC Global charges you over double if you want a static IP address. In fact, that package gives you FIVE static IP addresses (a HUGE waste when all you want is one). It was EXTREMELY dissappointing to hear that they couldn't just change my parents' current DSL to a static IP address....

    I have Cox Cable, and my WAN IP Adress may be dynamic, but at least it doesn't expire NEARLY as often as my parent's SBC Global account.

    I have successfully connected my WRV54G with my parents' when I ask for their WAN IP Adress over the phone, but that would quickly get annoying given their ever-changing WAN IP Address. So now I have to set my WRV54G VPN to accept "ANY" Remote Secure Gateway. I've tried disabling EVERYTHING under the "Firewall" sub-tab, but the two units won't reconnect. Again, I have successfully connected the two when I enter their current WAN IP Address, so I know the encryption is set up correctly. Am I missing something?
     
  2. TazUk

    TazUk Network Guru Member

    Firmware bug most likely, what version are you running?

    It would be better to setup a DynDNS account and configure the WRV54G to use FQDN for the remote secure gateway. If you do go that route then use a software DDNS client rather than the WRV's as that doesn't update automatically :whistle:
     
  3. HercNav

    HercNav LI Guru Member

    2.38.6
     
  4. HercNav

    HercNav LI Guru Member

    Is there anyone out there that is successully using "ANY" as their Remote Secure Gateway (or know if it is at all possible with a WRV54G)? And if so, what is the absolute minimum for "Firewall" sub-tab settings, and what Firmware Version are you using?
     
  5. HercNav

    HercNav LI Guru Member

    Didn't work for 2.37 either (Linksys' latest non-beta firmware to date)
     
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Try 2.37.13 (beta). PM me and I'll try to get it to you.

    As always, a beta is "try at your own risk" but I will say I've "never" had flash damage with this firmware.

    Doc
     
  7. TazUk

    TazUk Network Guru Member

    I've never had problems flashing any firmware to my WRV54G up to and including 2.39 :unsure:
     
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    Taz,

    what's different with 2.39 that you can see? I haven't tried it yet...

    This is absurd of me to ask, but by chance does it allow the WRV to pass GRE packets now?

    Doc
     
  9. TazUk

    TazUk Network Guru Member

    As I mentioned in the 2.39 firmware thread the only difference I've found is the option for VPN Gateway has been removed :?

    Any easy way of testing that?
     
  10. HercNav

    HercNav LI Guru Member

    I should probably ask again:

    How are the Security (Firewall) settings different when you select "Any" from when you select "IP Address" or "FQDN?" Can you still enable Filter Anonymous WAN Requests? How about the firewall itself--enabled, disabled?
     
  11. TazUk

    TazUk Network Guru Member

    Those settings effect how secure your VPN is and aren't connected with the firewall. IP Address and FQDN are effectively the same thing as it resolve the domain name to an IP, using a domain name is really for people with dynamic IP's so they don't have to keep changing the settings. Any would be used by someone who doesn't connect from the same place all the time i.e. travelling salesman, this is less secure as it could allow someone else to create a VPN tunnel to you.
     
  12. HercNav

    HercNav LI Guru Member

    So, if I'm using "Any" instead of "FQDN" or "IP Address," then I should still enable "Filter Anonymous WAN Requests" and "Firewall" without adverse effect.... I'm having a hard time wrapping my head around the idea that, I'm telling my WRV54G to connect to "Any" Remote Secure Gateway, but at the same time filter anonymous WAN requests....
     
  13. HercNav

    HercNav LI Guru Member

    I'm having a hard enough time connecting two VPNs and/or VPN clients with all the setting revealed to me--I''m not the least bit afraid someone might randomly choose my WAN IP Address and somehow connect.... Wouldn't that be a Linksys selling point, "We can't guarantee that you can connect your intended guests, but watch out for hackers!" :eek:
     
  14. TazUk

    TazUk Network Guru Member

    Yep :)
     
  15. HercNav

    HercNav LI Guru Member

    How's this for an experiment:

    I call my parents up, get their WAN IP Address, and connect the two VPNs. Everything looks great, and I still anticipate that their WAN IP Address will change in the near future so I change the Remote Secure Gateway on my VPN to "Any." It disconnects and stays disconnected. I put their WAN IP address back in, and it connects.

    Further experimentation: Set the Remote Secure Group to IP Range: Disconnects.

    Put it back to Subnet: Connects.

    Set the Remote Secure Group to "Any": Disconnects.

    Put it back to Subnet: Connects.

    WTFO?!? If Linksys had no intention for these options to work, why the @#$% did they include them?!?

    Again, sorry for the rant; I'm better now.... It works (to some degree). I should be thankful for that, I guess....
     
  16. ccbadd

    ccbadd Network Guru Member

    HercNav, Why don't you just set up DynDNS on both routers and use "FQDN" for the remote secure gateway to the DynDNS FQDN, like HercNav.DynDNS.org, or HercPapa.DynDNS.org? DynDNS.org is free and the client is built into the router and updates automatically when your wan ip changes. It works great and you will be able to relax.
     
  17. HercNav

    HercNav LI Guru Member

    Free, you say? Hmmm.... I honestly didn't realize that. Okay, so it should probably say network newbie under my name instead of connected client. And yes, I need to relax (Linksys has had my blood boiling from quite some time now). If you don't mind, could you open a new thread to educate this community on the ways of DynDNS, oh wise one....

    Thanks, by the way!
     
  18. ccbadd

    ccbadd Network Guru Member

    Well, I don't know about a new thread as it is fairly common knowledge, but just go to: www.dyndns.com and choose "Sign up now" in the top right hand side. once you have signed up, log in and go to "Services" and choose "Dynamic DNS". From there choose"Add Dynamcic host" and choose a host name. Once your done, log into your router and put your login, password and hostname in the "DDNS" settings of your router. You also have to choose your dns service in the drop down menu, which should be DynDNS.org. Piece of cake, and good luck!
     
  19. HercNav

    HercNav LI Guru Member

    Works like a CHARM! However, I need to connect my Pocket PC via GPRS, and not being able to set my Remote Secure Gateway and Remote Secure Group to "Any" just won't do. For now, the experiments I conducted answer this question: "Can it be done?" with a resounding "No." If anyone out there has positive result with using "Any" as the Remote Secure Gateway/Group, I'd love to hear your success story. Also, refer to my thread about connecting a PDA to WRV54G:
    http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=14488
     

Share This Page