1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN Tunnel WRV54G <==> DI-824VUP

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by dplus, Aug 28, 2005.

  1. dplus

    dplus Network Guru Member

    Hi all,
    I happen to have a WRV54G and a DI-824VUP routers and I wanted to make a VPN tunnel between them. So I updated the firmware on the WRV54G to 2.37.9 and tried the VPN tunnel. It worked and now the WRV54G says "Connected". Also the DI-842VUP says Established.

    The problem comes when I try a ping to remote LAN. I just get "Request Timed Out" in both directions. Is there any recommendations to make this work? Maybe I'm missing something.

    The current config is as follows:

    Office A:
    LAN: 10.1.1.x/24
    Router: 10.1.1.1

    Office B:
    LAN: 10.1.2.x/24
    Router: 10.1.2.1 (WRV54G)

    Security -> VPN:

    IPSec Pass: Enabled
    PPTP Pass: Enabled
    L2TP Pass: Enabled

    VPN Tunnel: Enabled
    VPN Gateway: Disabled

    Local Secure Group (Subnet)
    IP Address: 10.1.2.0
    Mask: 255.255.255.0

    Remote Secure Group (Subnet)
    IP Address: 10.1.1.0
    Mask: 255.255.255.0

    Remote Secure Gateway (FQDN)
    xxxxx.dyndns.org

    Encryption: 3DES
    Auth: SHA1

    Key Exchange Method: Auto(IKE)
    PFS: Enabled
    Pre-Shared Key: {shared string}
    Key Lifetime: 3600

    As I said the tunnel is up but I cannot do anything else.
    Any help would be appreciated.

    Thanks
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    Check and see if you have any software firewalls enabled on the nodes at the remote end. If you have to, add the pc's requireing access to their trusted zones, thus allowing communication. Once you do that, try pinging the nodes you want to communicate with by their ip addressess if you haven't already tried that.

    Doc
     
  3. dplus

    dplus Network Guru Member

    Already tried

    If I try to ping the router on the other end it will not respond. Both routers are in the DMZ for each network and the computers I'm trying to reach have firewalls disabled.

    Any other suggestions?
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Funny you should mention that. I have a WRV54G and an SMCBR18VPN router and thought I'd test a theory by setting up a gateway between my SMC and my WRV54G. Sure enough, I got the "exact" same error you did (Request Timed Out) and I know for a fact that if I set up a gateway between my WRV54G and the remote WRV54G, I get all my pings back.

    I'm connected to my remote WRV54G right now via a vpn gateway courtesy of my smcbr18vpn router and I'm still getting "no ping" return, but I'm still able to transfer files. Is this stealth for yer azz, or what?!?!

    Realistically, I think it has something to do with the (possibly) both router's SPI firewalls cancelling the ping out. I'm not even going to speculate on whether or not it has something to do with different vendors until I set up another endpoint router (like my WAG54G) to test this hunch. In the meantime, if you can transfer files just like I can in this configuration also, you've got an extremely secure vpn setup because hypothetically, the remote connection doesn't exist!! :thumbup:

    *Hmmm* *Scratch* *Scratch* ----> (Doc be "thinkin'...)

    You know, this seems like a pretty secure configuration or (quite possibly) a freaking "vulnerability" now that I think about such a site-to-site setup. Although you know it's out there, it can't really be proven due to the pings not being acknowledged. Think about, if not for the site admin knowing about it, NO ONE ELSE would ever know such a backdoor to a site existed with a configuration like this.

    All of you criminals stop cheering :)

    Doc
     
  5. dplus

    dplus Network Guru Member

    Cannot do anything

    The thing here is that I cannot do anything. I cannot ping, I cannot see computers on the other side, I cannot browse anything. I'm as if the tunnel doesn't exist. Even though both routers say Connected, nothing goes by. That's my problem and I have tried seveal things (basically enabling everything and disabling any restriction) but nothing makes any difference.

    What else can I do?

    Thanks
     
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Damn,

    you are 100% on lockdown. No matter what you do, the only signifying any sign of a handshake is just the connection; I'm a little stumped on this one :eyebrow:

    Anyone else ever run into this?

    Doc
     

Share This Page