1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN with RVS4000 and BEFSX41 not working.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by supert101, Jul 16, 2007.

  1. supert101

    supert101 LI Guru Member

    I had two of the BEFSX41 and one has gone down on me, I was hoping to use the new RV4000.

    But when I try and get the VPN connection backup it will not work.

    I can see the BEFSX41 try to connect to the RVS4000 but get errors.

    [VPN Log]: packet from 66.41.xx.xx:500: initial Aggressive Mode message from 66.41.xx.xx but no (wildcard) connection has been configured

    Or

    [VPN Log]: packet from 66.41.xx.xx:500: initial Main Mode message received on 68.115.xx..xxx:500 but no connection has been authorized

    When I try and have the RVS4000 try and connect to the BEFSX41 I see nothing in both logs.

    I even let linksys log in to the both routers, they said Setup looks good and it sounds like hardware issue with the RVS4000 and to take it back, Now having same issue with new one.

    I know it's not the BEFSX41 as it still is able to connect to it's other remote site with VPN.

    I have done search on these pages and other and still can not find answer.

    Any help would be greatly welcome.

    Thanks,
    Super Tech
     
  2. ifican

    ifican Network Guru Member

    At this point hard to say but if both of those messages are on the same device, aggressive and main mode are 2 different settings to create a tunnel and each router on either side needs to be set up the same way. Chances are the tech support help you got understands vpn's as well as you do. Have a friend that knows a bit about it have a look or you can send me a PM with info and i would be more then happy to see if anything is out of whack.
     
  3. supert101

    supert101 LI Guru Member

    That was trying both with and with out Aggressive mode turned on in each router. I have the setting for both the same at each time.

    I will provide the config's for both router's in a couple of hours, At work right now.
     
  4. ifican

    ifican Network Guru Member

    What are both sides using for identification?
     
  5. supert101

    supert101 LI Guru Member

    RVS4000 - V1.1.09

    Local Security Gateway Type: IP Only
    IP address: RVS4000 IP Address
    Local Security Group Type: Subnet
    IP Address: 192.168.10.0
    Subnet Mask: 255.255.255.0

    Remote Security Gateway Type: IP Only
    IP Address BEFSX41 IP Address
    Remote Security Group Type: Subnet
    IP Address: 192.168.11.0
    Subnet Mask: 255.255.255.0

    IKE with Preshared key

    Phase 1:
    Encryption: 3DES
    Authentication: MD5
    Group: 768-bit
    Key Life Time: 21600 Sec.

    Phase 2:
    Encryption: 3DES
    Authentication: MD5
    Perfect Forward Secrecy: Enabled
    Preshared Key: Matched with BEFSX41
    Group: 768-bit
    Key Life Time: 21600


    BEFSX41 - 1.52.9

    Local Security Group:
    Local Security Group Type: Subnet
    IP Address: 192.168.11.0
    Subnet Mask: 255.255.255.0

    Remote Security Group:
    Remote Security Group Type: Subnet
    IP Address: 192.168.10.0
    Subnet Mask: 255.255.255.0

    Remote Security Gateway: IP Addr.
    IP Address: RVS4000 IP Address
    Encryption: 3DES
    Authentication: MD5

    Key Management:

    Auto. (IKE)

    PFS: Enabled
    Preshared Key: Matched with BEFSX41
    Key Life Time: 21600 Sec.

    Advanced Settings:
    Phase 1:
    Operation mode: Main mode
    Proposal 1:
    Encryption: 3DES
    Authentication: MD5
    Group: 768-bit
    Key Life Time: 21600 Sec.

    Phase 2:
    Encryption: 3DES
    Authentication: MD5
    Perfect Forward Secrecy: Enabled
    Preshared Key: Matched with BEFSX41
    Group: 768-bit
    Key Life Time: 21600
     
  6. ifican

    ifican Network Guru Member

    On the surface everything looks ok assuming you have the password and ip's configured correctly. What i would start doing is trying to determine which setting is causing the stoppage. My guess would be pfs, so shut off pfs and try. You may need go back to the default key lifetime as well, at some point when the setting match up to both routers liking it will work. I dont know why but some of the routers with limited vpn configuration (basically when it makes you choose auto ike) do not like to play nicely with routers that give you total control. Play with a few of the settings and you will find one that works. If you would like to test the RVS to see if it works or not, I currently have a netscreen sitting on the border of the network that you can connect too that really doesnt care whats on the other side and just works.
     
  7. supert101

    supert101 LI Guru Member

    What are the settings for the Netscreen? Can you send them in private message?
     
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    Use firmware version 1.45 on your befsx41. In the past, it's been cited that later versions don't do vpn well "at all." Version 1.45 has been the standby for this older unit...

    Jay
     
  9. supert101

    supert101 LI Guru Member

    I will need to get back to that location to do that update or better yet I'll have the other remote site see if that can control PC behind the firewall to do the update for me.

    I think I'm also getting closer the Name I had for the connection had a space in it. when I remove the space the RVS4000 is now trying to connect to the BEFSX41.

    I'll Keep you posted.
     
  10. supert101

    supert101 LI Guru Member

    That did it...

    It connected right away...

    I seen the RVS4000 was trying to connect to the Test connection I had created for ifican link and I could see it trying to connect.

    The only dang difference was the space in the name and to think that does not make a difference on the BEFSX41's.

    Thank you all, for the Help.
    Super Tech
     
  11. supert101

    supert101 LI Guru Member

    I do have one last Question:

    Is there anyway we can get this in the Linksys Knowledge base?

    Super Tech
     

Share This Page