1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RVS4000 Quick VPN Issue

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by TheCiscoKid, May 1, 2007.

  1. TheCiscoKid

    TheCiscoKid LI Guru Member

    :help: I'm really hoping that someone will have an answer for this:

    My LAN at home is 192.168.1.x
    My LAN at work is 10.1.x.x

    I'm trying to connect using Quick VPN from my office to my home. I can connect just fine and the icon symbol turns green and says connected. After 10 seconds or so I get the error message "The remote gateway is not responding."

    If I try and ping my home router I get message "Negotiating IP Security."

    What gives?

    Sincerely Frustrated,
    -Ryan
     
  2. tester0101

    tester0101 LI Guru Member


    I AM HAVING SAME ISSUE RIGHT NOW.
    MY ROUTER RVS4000 HAVE 1.0.16 FIRMWARE I GAVE LINKSYS TECHNICIEN ACCESS VIA REMOTE MANAGEMENT AND HE CHECK THE CONFIG OF THE ROUTER AND HE SAID OK THE ONLY COMPLAINT I HAVE FROM HIM IS TO UPGRADE THE FIRMWARE TO 1.1.09
    THEN TRY TO ACCESS FILES ON THE SERVER.

    I WILL UPGRADE THE FIRMWARE IN THE NEXT 24 HOURS FROM 1.0.16 TO 1.1.09 AND I WILL LET YOU KNOW.
     
  3. vikingwarrior

    vikingwarrior LI Guru Member

    "Remote Gateway Not Responding"

    Hehe..>I see the RVS4000 is still a piece of crap for VPN issues.

    I installed this router as an upgrade to a WRV54G which functioned fine using the Linksys QuickVPN software. When I say it functioned fine....it was perfect... no issues. Would connect every time and stay connected.

    Upgraded to the RVS4000 mainly for the gigabit ethernet ports (which rock, by the way) but, also to continue to use the QuickVPN for remote access functionality. Wrong.... I tried every configuration on the host router and the remote router.... no luck. I would get to the "Verifying Network" stage and then get the "remote gateway not responding" message every time.

    However, as soon as the process reaches "Verifying Network" I am able to see the remote computers via a search on the remote computer's LAN IP address (search for computers on the internet via Windows XP). I can browse to the file shares and transfer files to and from..... Eventually, the "remote gateway not responding" message will pop up, BUT.... as long as you don't click "OK" on that message, you're still connected. So, I just never click "OK" on the error message until I'm done with my tasks..... I've never seen a solution to this problem and Linksys support is worth about as much as a one-legged cat trying to cover up a turd.

    Give it a try.... it's not even near perfect, but it works. Just move the error message box out of the way so you don't accidentally hit the "OK" button until you're done transferring files and such....

    Later,

    Sam
     
  4. vpnuser

    vpnuser LI Guru Member

    Sounds like the firewall on the QuickVPN client PC is blocking the ping so that you kept seeing the "remote gateway not responding" warning message. As you said, the tunnel is connected since you can do file transfer.
     
  5. aviegas

    aviegas Network Guru Member

  6. TheCiscoKid

    TheCiscoKid LI Guru Member

    I've tried the fix, but to no avail. It seems my problem might be slightly more complicated... Even though QuickVPN says that I'm connected, I can't actually connect to anything* inside my home LAN on the 192.168 network. Nor can I ping it. I keep getting the error "Negotiating IP Security"

    I've tried this on two computers... Both XP 2. :(
     
  7. ifican

    ifican Network Guru Member

    This really sounds like a nat issue. Im not sure what router you are running at work but it sounds like the router that is doing nat that you are sitting behind has no idea what to do with the returning ipsec packets. I have not used the new quickvpn so i dont know if it has a nat-t option. Nat in general can do some goofy things to vpn's, couple that with initiating the session from behind a nat device you have no control of or know how its configured and you will see lots of things like this. I dont know how big your company is or if they are running any other vpn's. However depending on your company security policy and how well you know your net admins they can help you fix this, though if they will is another story.
     
  8. TheCiscoKid

    TheCiscoKid LI Guru Member

    The same happened when I tried this from my other home on a small FVS114. So while that connection was NAT'd, it was very simple.

    I would welcome other suggestions though. The RVS4000 has some great features; I really don't want to chuck it.

    -Ryan
     
  9. markvb

    markvb Guest

    I have a new 4400wvrs at the office, and a WRT54GS here at home. After weeks of stumbling around, I got my desktop to connect and access shared drives at work. For some reason my laptop won't and get the Verifying network lockup.

    All firewalls are off.

    Therefore the problem is not within the router setups, but must be software conflict?? within the laptop itself or setup of network adapter. Does this make sense?

    Mark.
     
  10. lespaa

    lespaa Network Guru Member

    A "Remote gateway is not responding" temp solution

    I came across this issue and just happened across a solution that works in my situation. I really don't know why this would be though. Try changing your windows tcp/ip settings to have a static IP as opposed to one acquired through DHCP. I just did that and it works. BTW Windows firewall on the client is currently off (you should be able to turn it on and punch the holes through it if need be). Doesn't really suit my needs, but it's interesting.

    Router: WRV200 1.0.29
    Symptoms:
    - QuickVPN client successfully connects through port 60443
    - After 18 seconds a window is shown with "the remote gateway is not responding"
    - The client is listed as connected in the VPN Clients Status page with the correct connection time
    - Pinging network assets responds with "Negotiating IP Security" message
     
  11. TheCiscoKid

    TheCiscoKid LI Guru Member

    Yup, still no luck... Hopefully Linksys will release a firmware upgrade... whenever they get around to it... So much for the "business series"
     
  12. vpnuser

    vpnuser LI Guru Member

    I cannot use QuickVPN to connect to my home router since my company's firewall is blocking the ESP traffic. If I travel, I can QuickVPN into my home network without a problem.
     
  13. sinux

    sinux LI Guru Member

    That's it!!

    Thank you very much! I just needed to set a fixed ip addess on the client and now it's working fine!!

    Sinux
    RVS4000 - Win XP Home SP2

    Here is the log of the connexion :
    Sep 25 14:55:03 - [VPN Log]: added connection description "lionel_rw_rw"
    Sep 25 14:55:04 - [VPN Log]: listening for IKE messages
    Sep 25 14:55:04 - [VPN Log]: forgetting secrets
    Sep 25 14:55:04 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
    Sep 25 14:55:05 - [VPN Log]: "lionel_rw_rw": route-client output: 0
    Sep 25 14:55:13 - [VPN Log]: packet from 84.72.xx.yy:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    Sep 25 14:55:13 - [VPN Log]: packet from 84.72.xx.yy:500: ignoring Vendor ID payload [FRAGMENTATION]
    Sep 25 14:55:13 - [VPN Log]: packet from 84.72.xx.yy:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to6
    Sep 25 14:55:18 - [VPN Log]: packet from 84.72.xx.yy:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: responding to Main Mode from unknown peer 84.72.226.214
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: STATE_MAIN_R1: sent MR1, expecting MI2
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: STATE_MAIN_R2: sent MR2, expecting MI3
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #3: Main mode peer ID is ID_FQDN: '@P3060'
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: deleting connection "lionel_rw_rw" instance with peer 84.72.xx.yy {isakmp=/ipsec=#0}
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: I did not send a certificate because I do not have one.
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
    Sep 25 14:55:18 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
    Sep 25 14:55:19 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #4: responding to Quick Mode {msgid:c087ff24}
    Sep 25 14:55:19 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Sep 25 14:55:19 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Sep 25 14:55:19 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Sep 25 14:55:19 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #4: STATE_QUICK_R2: IPsec SA established {ESP=x7391592d <0xcc48bb17 xfrm=ES_0-HMAC_MD5 NATD„.72.226.214:4500 DPD=none}
    Sep 25 14:56:13 - [Access Log]I TCP Packet - 192.168.1.100:1288 --> 10.0.0.100:80
    Sep 25 14:56:19 - [Access Log]I TCP Packet - 192.168.1.100:1288 --> 10.0.0.100:80
    Sep 25 14:56:28 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #3: received Delete SA payload: deleting ISAKMP State #3
    Sep 25 14:56:28 - [VPN Log]: packet from 84.72.xx.yy:4500: received and ignored informational message
    Sep 25 14:56:31 - [Access Log]I TCP Packet - 192.168.1.100:1290 --> 10.0.0.100:80

    The acces log is when I'm connecting to a web server in the lan through the vpn.
     
  14. sinux

    sinux LI Guru Member

    :mad:

    It worked only once!!!
    I've been connected 2hours. I disconnect and after that I could not connect any more!!
    Here the log file for the 2nd attempt (with fixed ip) :

    Sep 25 15:54:02 - [VPN Log]: packet from 84.72.xx.yy:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    Sep 25 15:54:02 - [VPN Log]: packet from 84.72.xx.yy:4500: ignoring Vendor ID payload [FRAGMENTATION]
    Sep 25 15:54:02 - [VPN Log]: packet from 84.72.xx.yy:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to6
    Sep 25 15:54:02 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: responding to Main Mode from unknown peer 84.72.226.214
    Sep 25 15:54:02 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    Sep 25 15:54:02 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: STATE_MAIN_R1: sent MR1, expecting MI2
    Sep 25 15:54:02 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    Sep 25 15:54:02 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    Sep 25 15:54:02 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: STATE_MAIN_R2: sent MR2, expecting MI3
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: Main mode peer ID is ID_FQDN: '@P3060'
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: I did not send a certificate because I do not have one.
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #6: responding to Quick Mode {msgid:f9f19298}
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Sep 25 15:54:03 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #6: STATE_QUICK_R2: IPsec SA established {ESP=x42c19b2a <0xcc48bb18 xfrm=ES_0-HMAC_MD5 NATD„.72.226.214:4500 DPD=none}
    Sep 25 15:54:03 - [VPN Log]: packet from 84.72.xx.yy:4500: Informational Exchange is for an unknown (expired?) SA
    Sep 25 15:55:41 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #5: received Delete SA payload: deleting ISAKMP State #5
    Sep 25 15:55:41 - [VPN Log]: packet from 84.72.xx.yy:4500: received and ignored informational message
    Sep 25 16:17:14 - [VPN Log]: packet from 84.72.xx.yy:4500: Informational Exchange is for an unknown (expired?) SA
    Sep 25 16:17:15 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy: terminating SAs using this connection
    Sep 25 16:17:15 - [VPN Log]: "lionel_rw_rw" #6: deleting state (STATE_QUICK_R2)
    Sep 25 16:17:15 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy: deleting connection "lionel_rw_rw" instance with peer 84.72.xx.yy {isakmp=/ipsec=#0}
    Sep 25 16:17:15 - [VPN Log]: "lionel_rw_rw": deleting connection
    Sep 25 16:17:15 - [VPN Log]: ERROR: "lionel_rw_rw": pfkey write() of SADB_X_DELFLOW message 39 for flow int.0@0.0.0.0 failed. Errno 14: Bad address
    Sep 25 16:17:19 - [VPN Log]: "lionel_rw_rw": unroute-client output: 0

    And here is another attempt with the dhcp turned on for the client :

    Sep 25 21:28:45 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
    Sep 25 21:28:46 - [VPN Log]: "lionel_rw_rw": route-client output: 0
    Sep 25 21:28:56 - [VPN Log]: packet from 84.72.xx.yy:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    Sep 25 21:28:56 - [VPN Log]: packet from 84.72.xx.yy:500: ignoring Vendor ID payload [FRAGMENTATION]
    Sep 25 21:28:56 - [VPN Log]: packet from 84.72.xx.yy:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to6
    Sep 25 21:28:56 - [VPN Log]: packet from 84.72.xx.yy:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: responding to Main Mode from unknown peer 84.72.xx.yy
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: STATE_MAIN_R1: sent MR1, expecting MI2
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: STATE_MAIN_R2: sent MR2, expecting MI3
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[1] 84.72.xx.yy #1: Main mode peer ID is ID_FQDN: '@Compaq-N800w'
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #1: deleting connection "lionel_rw_rw" instance with peer 84.72.xx.yy {isakmp=#0/ipsec=#0}
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #1: I did not send a certificate because I do not have one.
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
    Sep 25 21:28:56 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #2: responding to Quick Mode {msgid:0f232681}
    Sep 25 21:28:57 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Sep 25 21:28:57 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Sep 25 21:28:57 - [VPN Log]: initiate on demand from 10.0.0.200:0 to 192.168.1.13:0 proto=0 state: fos_start because: acquire
    Sep 25 21:28:57 - [VPN Log]: cannot initiate connection for packet 10.0.0.200:0 -> 192.168.1.13:0 proto=0 - template conn
    Sep 25 21:28:57 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Sep 25 21:28:57 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x7f21db07 <0x70031c43 xfrm=ES_0-HMAC_MD5 NATD„.72.xx.yy:4500 DPD=none}
    Sep 25 21:30:37 - [VPN Log]: "lionel_rw_rw"[2] 84.72.xx.yy #1: received Delete SA payload: deleting ISAKMP State #1
    Sep 25 21:30:37 - [VPN Log]: packet from 84.72.xx.yy:4500: received and ignored informational message
    Sep 25 21:32:43 - 10
    Sep 25 21:33:27 - [VPN Log]: packet from 84.72.xx.yy:4500: Informational Exchange is for an unknown (expired?) SA

    -------------

    Router address :
    WAN :84.72.xx.xx
    LAN 10.0.0.200 /255.255.255.0

    Client address :
    WAN :84.72.xx.yy
    LAN if dhcp enabled : 192.168.1.13/255.255.0.0
    LAN if fixed ip 192.168.1.100/255.255.0.0

    Hope it'll help
    SINUX
     
  15. itudo

    itudo Guest

    Same problem

    Hi,

    I have the same problem (RVS4000 displays "connected", but Client could not access the network. When I ping around a little bit, the message "negotiating IP security" appears). The XP SP2 fix didn't solve the prob, all firewalls are off, the installed firmware has the current version.

    Are there any answers from the linksys support what to do?

    Bye,
    Patrick
     

Share This Page