1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN Site to Site Using WRV54G Behind WRT54G

Discussion in 'Networking Issues' started by rangermonk, Feb 19, 2006.

  1. rangermonk

    rangermonk Network Guru Member

    Good Evening,

    Trying to setup a site to site vpn with 2 WRV54G routers behind 2 WRT54G perimeter routers. The link doesn't want to connect. I just get "Resolving Hostname...". Here is my configuration:



    WRT54G v2.2 (4.20.7 firmware) Perimeter for WRV54G Router 1:

    Hostname: WRT54G
    Domain: none
    MTU: Auto

    Local IP: 192.168.1.150
    Subnet: 255.255.255.0

    Port Range Forward:
    Port 443 TCP to 192.168.1.155 (WRV54G Router 1)
    Port 500 UDP to 192.168.1.155 (wRV54G Router 1)



    WRV54G (2.38.6 firmware) Router 1:

    Hostname: vpn1
    Domain: none
    MTU: Auto

    LocalIP: 192.168.1.155
    Subnet: 255.255.255.0

    VPN:

    Passthrough:
    Ipsect: enable
    PPTP: enable
    L2TP: enable

    VPN Tunnel: Enable
    VPN Gateway: Disable

    Tunnel Name: tunnel1

    Subnet
    Local Secure Group: 192.168.1.0
    Mask: 255.255.255.0

    Remote Secure Group: 192.168.6.0
    Mask: 255.255.255.0

    Remote Secure Gateway: x.x.x.x (Static IP From Provider at remote site)

    Encryption: 3DES
    Authentication SHA1

    Key Management
    Key Exchange: Auto(IKE)
    PFS: Enabled
    Pre-Shared Key:tunnelx1
    Key Lifetime: 3600

    Ethernet Cable from WRV54G WAN Port to Ethernet Port on WRT54G





    WRT54G v5 (1.00.6 firmware) Perimeter for WRV54G Router 2:

    Hostname: WRT54G
    Domain: none
    MTU: Auto

    Local IP: 192.168.6.150
    Subnet: 255.255.255.0

    Port Range Forward:
    Port 443 TCP to 192.168.6.155 (WRV54G Router 2)
    Port 500 UDP to 192.168.6.155 (wRV54G Router 2)




    WRV54G (2.38.6 firmware) Router 2:

    Hostname: vpn2
    Domain: none
    MTU: Auto

    LocalIP: 192.168.6.155
    Subnet: 255.255.255.0

    VPN:

    Passthrough:
    Ipsec: enable
    PPTP: enable
    L2TP: enable

    VPN Tunnel: Enable
    VPN Gateway: Disable

    Tunnel Name: tunnel1

    Subnet
    Local Secure Group: 192.168.6.0
    Mask: 255.255.255.0

    Remote secure group: 192.168.1.0
    Mask: 255.255.255.0

    Remote secure gateway: x.x.x.x (Static IP From Provider at remote site)

    Encryption: 3DES
    Authentication: SHA1

    Key Management
    Key Exchange: Auto(IKE)
    PFS: Enabled
    Pre-Shared Key:tunnelx1
    Key Lifetime: 3600

    Ethernet Cable from WRV54G WAN Port to Ethernet Port on WRT54G

    The reason my WRV54G's are behind the WRT54G's is because I'm also running a Win2k VPN server and have clients connecting in and out. The Win2k behind the WRV54G doesn't work (as DocLarge and many others on this site have pointed out), so for the time being I still need the Win2k Server. Any ideas on where my misconfiguration might be? I'm thinking it could be a cabling issue, would I need to use a "straight cable" to connect between routers? I'm asking since the WRV54G shows an orange light on the WAN port, which usually indicates no WAN connection or a non-working WAN connection.

    If anyone might have some ideas about connecting a site to site setup between the WRV54G to a Win2k VPN server, that would be helpful. I haven't found a post thru my searching that gives a setup for that scenario.

    Thanks in advance.
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    Ideally, here's how you setup a WRV behind another router:

    1) Run "straight thru" CAT 5 from one of the LAN ports on the WRT to the "WAN" port on the WRV
    2) Set the WRT's DHCP server to give out an IP address for the WRV to pull
    3) Make sure the WRV is set for "Auto Detect" (which by default is DHCP)
    4) Set the WRV's LAN ip address to something "different" from the LAN IP of the WRT
    5) Forward ports 443 (SSL) and 500 (UDP) from the WRT to the IP address the WRV receives from the WRT

    If you're running vpn servers, then obviously you know to have port 1723 forwarded towards the ip address of the vpn server.

    Doc
     
  3. rangermonk

    rangermonk Network Guru Member

    Ok...I'll give that a shot....but why would I want to give the WRV a different subnet other than the WRT? Why wouldn't giving the WRV just a different lan ip work? Security reasons?
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    My bad if the terminology is confusing things. Giving the WRV a different LAN IP "is" essentially putting it on a different subnet, so we both mean the same thing...

    This is how my setup is put together. My border router is an SMCBR18VPN firewall router with the WRV behind in the exact configuration I described to you and I'm able to use my quickvpn without issues.

    Doc :thumb:
     
  5. rangermonk

    rangermonk Network Guru Member

    Ok...gotcha. As always, thanks for the help, Doc.
     
  6. rangermonk

    rangermonk Network Guru Member

    Ok...got another question...I setup both WRV's with a different subnet than the WRT's they are behind. The internet LED is now green instead of orange on both WRV's. But now, my tunnel went from "Resolving Hostname" to "Waiting for Connection". I've read a few places that the initial tunnel can take awhile to initate, but no one had an exact figure. Obviously it depends on configuration. Any ballpark figure on how long the initial connection take?

    I have also forwarded ports 500 UDP and 443 TCP on the WRT's to the WRV's.
     
  7. DocLarge

    DocLarge Super Moderator Staff Member Member

    Alright,

    I'm now tracking here. From what I can tell at this moment, I'm not sure you're not going to be able to set up a site-to-site behind the WRT with the WRV54G. My bad, somewhere along the way, I was thinking you wanted to use your WRV54G as a termination point behind your WRT54G to use for quickvpn connections.

    Normally, when I do site-to-site connections between my WRV54G's, the WRV54g is always the perimeter router. However, there was someone in another forum who was able to make a vpn connection to a RV042 router with a BEFSX41 from behind a WAG54G:

    http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=11646

    See if this might be of some help.,.

    Doc
     
  8. rangermonk

    rangermonk Network Guru Member

    Thanks for the info Doc...despite my best efforts, I couldn't get the WRV site to site working behind the WRT. Wouldn't link up.
     
  9. DocLarge

    DocLarge Super Moderator Staff Member Member

    Alright,

    then it's a definite. You're WRV definitely has to be in front. Still, that's not going to work for you, right?

    Doc
     

Share This Page