1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unable to establish VPN between befv41 and wrv54g

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by dmacman, Feb 22, 2005.

  1. dmacman

    dmacman Guest

    Hi all.

    I have setup our win 2k machine with a befvp41 router for a VPN. It was working OK with XP secpol on my boss's computer. Then it stopped working on his machine and we tried to fix it and finally gave up and boughta Linksys wrv54g for his house and mine.

    I tried to setup the tunnel on my machine (XP pro) and cannot get it working. Here is a breakdown of my settings on both ends.

    Here is what I have setup so far:

    Work Router (66.xxx.xxx.204 with a lan IP of

    Home Router (4.xxx.xxx.197 with a lan IP of

    The befvp41 Router at work was already setup at 66.xxx.xxx.204 with the lan address of .

    My home wrv54g Router is at the 4.xxx.xxx.197 address with my XP lan address of .

    I tried using the linksys QuickVPN,and it fails to connect.

    I tried secpol fromthe Liksys tech support call on Friday at:

    That, also did not work.

    I hope this is enough info to help you see what I am doing wrong. If not, please let me know.

    Thanks a lot,

  2. padgett

    padgett Network Guru Member

    When on DSL I found it necessary to set my BEFVP41 to "ANY" for the Remote Secure Gateway and Network before it would connect. Was getting the same Invalid ID error.

    Key is to start with the loosest configuration you can make work and then tighten down once successful.
  3. TazUk

    TazUk Network Guru Member

    The remote secure group refers to the private network at the other end so it should be set to Subnet,, on the BEFVP41 and Subnet, 192.168..168.0, on the WRV54G. Also the local sure group should be set to on the WRV54G.
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    All right, here goes:

    Linksys quickvpn establishes it's own secure tunnel, therefore there is no need to port forward "any" ports (i.e., 500, 1723, 1701, 4500...). By default, all wrv54g's have port 443 enabled to receive communication from the quickvpn client. Having said that, port forwarding would be more of an issue if you were using a "vpn server" that had two NIC's installed (multihomed). By saying this, I mean that you would have a cable/dsl modem connection that connects directly to the first NIC (direct internet connection); the second NIC that has in "internal" Ip assigned would be connected to an internal LAN.

    You don't have this issue with the WRV because all of the communication is "factory defaulted" between the wrv54g and the client (quickvpn).

    To make a basic vpn client (quickvpn) to vpn endpoint (wrv54g) connection, I started by disabling ipsec passthru, pptp, and l2tp. I then disabled vpn tunnels, gateways, to include disabling all port forwarding regarding vpn usage. The thing to keep in mind is that if you're looking to accept vpn connections only and act as an endpoint, then do all the following I just mentioned. If you want to connect to someone else who's acting as an endpoint, then you need to enable ipsec passthru and pptp (or l2tp depending on whether or not the person on the other end is using certificates; pptp is much easier and less overhead :) )

    Quickvpn is designed to connect to an "endpoint," meaning a wrv54g that is accepting vpn connections. What's not explained as far as I can tell is that when you are running a tunnel connection (wrv54g <-----> wrv54g) you don't need quickvpn; one client simply calls another and connects from there.

    For example, I connected to someone's wrv54g from my location after he configured the settings for an "endpoint" connection. Had he gone a step further and created an account for me on a computer on his network, I could have accessed files on his computer and vice versa, had I created an account for him on my computer, he could have simply traversed backwards and had access through my connection to a computer on my Lan...

    Once you can get a connection, then start turning everything back on one by one so you can maintain your vpn connection and do tunnels at the same time. I've never found anyone to do tunnel connections, but from what I've explained (through many sleepless nights of research and info from folks in other forums) tunnel vpn connections can be made by the wrv 54g...

Share This Page