1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV0041 VPN setup is killing me

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by beowulfs, Aug 1, 2006.

  1. beowulfs

    beowulfs Network Guru Member

    Background:

    I worked at a company where I used Cisco 1760 routers for both site to site vpn and client to site vpn. I used the cisco software to connect. Looking at the configuration files now, I wonder how I ever knew what I was doing. It's like anything else I guess. You need to do it, you learn it (or pay someone to do it and learn it from them), you do it, and then you forget it when you no longer use it. Just a little background to let you know what I'm familiar with.

    Problem:

    Since I got this RV0041 router I have been trying to set up a VPN client to site. I want the vpn to go like this:

    Client with dynamic public ip address -> rv0041 with static public ip address -> internal network.

    I've tried safenet, greenbow, and quickvpn.

    I cannot use quickvpn (unless I switch to beta firmware I think, and I'd rather use a full fledged client anyway) because my port 443 is routed away from my router.

    I got safenet to work ONCE on a dialup connection and even then it was a really weird connection. Since then that configuration has been lost, of course, and I can't duplicate it. Here's what safenet gives me now on the router with the firewall off:

    Aug 1 11:14:31 2006 VPN Log Ignoring Vendor ID payload [47bbe7c993f1fc13...]
    Aug 1 11:14:31 2006 VPN Log Ignoring Vendor ID payload [da8e937880010000]
    Aug 1 11:14:31 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Aug 1 11:14:31 2006 VPN Log Ignoring Vendor ID payload Type = [XAUTH]
    Aug 1 11:14:31 2006 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
    Aug 1 11:14:31 2006 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]
    Aug 1 11:14:31 2006 VPN Log [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
    Aug 1 11:14:31 2006 VPN Log Initial Aggressive Mode message from 66.209.15.234 but no (wildcard) connection has been configured


    I have never been able to get greenbow to work. I don't get anything if I have the router firewall on, and when I turn the firewall on the router off (and I do NOT want to have to turn the firewall off), this is all I get in the syslog:

    Aug 1 10:16:07 2006 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
    Aug 1 10:16:07 2006 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]
    Aug 1 10:16:07 2006 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Aug 1 10:16:07 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Aug 1 10:16:07 2006 VPN Log [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
    Aug 1 10:16:07 2006 VPN Log Initial Aggressive Mode message from 66.209.15.235 but no (wildcard) connection has been configured


    I have followed all the guides I can find from routerworld to the greenbow site. Any help would be much appreciated. I'm just doing this so I can get into my home network while I'm on the road. Thank you.
     
  2. beowulfs

    beowulfs Network Guru Member

    ^bump^
     
  3. Toxic

    Toxic Administrator Staff Member

    what version of QuickVPN are you using? tbh you will need to use the beta if you want quickvpn. however check out the various greenbow guides DocLarge has posted. these should be a similar setup for your RV0041
     
  4. beowulfs

    beowulfs Network Guru Member

    i'm not using quick vpn. right now i've got safenet 10.0.3 installed. it's really messed up because the only way i can even get the wildcard message is to turn off the firewall. at this point i'm considering using the beta just to see if that is the case.
     
  5. beowulfs

    beowulfs Network Guru Member

    thanks toxic. i loaded up the beta firmware and badda bing badda boom, first try. so, and i'll report this in the firmware sticky, 1.3.6 on the rv0041 solved my 3rd party safenet vpn issues. thank goodness for that. of course, now i've got to update my proset utility. if it's not one thing it's another. by the way, on the vpn, for all those who are trying, start out with simple settings and passwords. once that works, slowly increase complexity until you get what you want. i started out 3des, sha, with a short psk and now i'm aes256 and sha with a much longer psk.

    now i've just got to get netbios and/or a virtual adapter figured out so i don't have to get ip addresses all the time.
     
  6. Toxic

    Toxic Administrator Staff Member

    no problem. that the reason we setup this site to try and help the users. we dont expect to get eveyones problems solved but every little bit helps.

    btw have a look at my NetBios over VPN guide. I hope this works:)
     
  7. beowulfs

    beowulfs Network Guru Member

    i've already been there. i've got a full fledged windows 2003 domain at home. i'm just spoiled by the cisco client. it created a virtual adapter that the router assigned an ip address to on a separate subnet. it took a lot of jiggering to get all the subnets to talk to each other (there were 4, not counting the vpn subnets. those took it up to 7), but it was awesome in the end. if you had a fast enough connection, it really was like sitting in your own desk. you could even opt for a usb handset and use the cisco phone software to carry your extension with you. nobody did this but me of course, cost being prohibitive, but it was aweomse nonetheless.

    i'm thinking i'll probably have to either figure out a way to setup a virtual adapater or just modifiy whatever connection i'm using to include my private addresses for dns and wins.
     
  8. Toxic

    Toxic Administrator Staff Member

    are all your PC IP Addresses set by a DHCP server? if so then the default NetBios Setting of each LAN Adapter is as so:

    Default: Use NetBios setting from DHCP server. If Static IP Address is used or DHCP server does not provide NetBios Setting, enable netbios over TCP/IP

    Try enabling each LAN Adaptor with the "Enable netbios over TCP/IP" setting instead. this may work if DHCP Server is not setup for NetBios.
     
  9. beowulfs

    beowulfs Network Guru Member

    all the internal pc's have dynamic addresses with netbios enabled. it's just the vpn ones that i'm going to have fun with.
     
  10. Toxic

    Toxic Administrator Staff Member

    k.. well good luck. I suppose the LMHOSTS sollution would be an easy option, as once you have created one lmhost file you can use this for all of them.
     
  11. beowulfs

    beowulfs Network Guru Member

    yah. i don't want to do that either, because of the dynamic addresses. internally they network is perfect for me, exchange 2003 server, windows 2003 web server, and gigabit. It's just getting the vpn's to resolve those addresses that's going to give me some thought. at this point though, i'm stopping, because trying to work on a vpn from a dongled cingular 2125 cell phone is not easy to say the least. i need a second broadband connection in my house so i can test my vpn. that sounds economical. i'll put in the order today. not. thanks for all the help. if i find of way of doing what i want to, i'll post it back here. however, i'm thinking i'll just end up remoting in to one of the servers (since they are the only statics), finding the ip address of the computer i want from the dhcp server, and doing it that way. i suppose i could reserve addresses in dhcp and then use lmhosts, but that's getting way to cumbersome, not to mention the fact that i've still got to support my wife and my parents if they want on. like i said, we'll see.
     
  12. Toxic

    Toxic Administrator Staff Member

  13. beowulfs

    beowulfs Network Guru Member

    it has it, but i don't know if i can use it. it's an sfp jack and i don't have an adapter.
     

Share This Page