1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRG54G / Greenbow - No suitable connection for peer

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by lookinpanubb, Sep 28, 2005.

  1. lookinpanubb

    lookinpanubb Network Guru Member

    I have followed the various Greenbow setup guides to connect to my RV54G, but the best results that I have gotten are:

    "ips0_ipsec0"[6] 65.32.89.245 #6: responding to Main Mode from unknown peer 65.32.89.245
    "ips0_ipsec0"[6] 65.32.89.245 #6: Main mode peer ID is ID_IPV4_ADDR: '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: no suitable connection for peer '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: Main mode peer ID is ID_IPV4_ADDR: '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: no suitable connection for peer '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: Main mode peer ID is ID_IPV4_ADDR: '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: no suitable connection for peer '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: Main mode peer ID is ID_IPV4_ADDR: '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: no suitable connection for peer '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: Main mode peer ID is ID_IPV4_ADDR: '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: no suitable connection for peer '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: Main mode peer ID is ID_IPV4_ADDR: '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: no suitable connection for peer '164.120.28.102'
    "ips0_ipsec0"[6] 65.32.89.245 #6: max number of retransmissions (2) reached STATE_MAIN_R2
    "ips0_ipsec0"[6] 65.32.89.245: deleting connection "ips0_ipsec0" instance with peer 65.32.89.245

    Any ideas on how to fix this? Or is more information needed? Thanks!!

    Alex
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    Try changing your preshared key on the router and the client to a 12 character word (oddly enough, this seems to work at times)

    Doc
     
  3. lookinpanubb

    lookinpanubb Network Guru Member

    Switching

    Doc, thank you for your reply. I changed the preshared key and that message went right away. Unfortunately I'm back to the message, on the Greenbow console, stating that it's giving up on the message.

    Speaking of giving up, I've just about given up with this router! :) I bought a BEFVP41 V2 this afternoon and it works perfectly out of the box! Well, almost perfectly. The VPN connection worked exactly correct first shot out of the box. However, when I try to forward a port to my WRT54G...or even just try to save the port forwarding information...I get a big red 'Error 404 Not Found' page. Any ideas what that's about?

    I'm not actually giving up on the WRV54G...just taking a break from it. I'm going to loan it to some of the VPN guys at work (my other job) and see if they have any luck.

    Thanks for your help thus far!!

    Alex
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Please excuse the long post, but if you want to still get some use out of your WRV, you can do what I did...

    If you're trying to use greenbow while the wrv54g is directly connected to the internet (via your cable/xdsl modem), it's not going to work because the wrv does not support NAT-T. This was most likely done in order to promote the quickvpn client, which "does work" once you figure out the proper configuration for the client machine it will be loaded on (I use quickvpn daily).

    The BEFVP41 series supports NAT-T which is why you were able to connect with greenbow right out of the box. I'd suggest you work with the "two tiered" router configuration (I'm using this right now) and this will allow you to use greenbow "and" quickvpn inside of your home network infrastructure.

    Before doing all of the below steps make sure you connect straight thru cat5 from a LAN port on the wrv and run to your computer; log in with factory settings and make sure it's set for DHCP and set your LAN ip range (for example 192.168.3.1)

    On the BEFVP41:

    1) connect the befvp41 to your cable/xdsl modem
    2) configure it to give out one ip address
    3) run straight thru cat5 from one of it's LAN ports to the WAN port of the wrv54g


    On the WRV54G:

    1) make sure cat5 from one of the befvp41's LAN ports is connected to the WAN port of the wrv
    2) log into the wrv via direct connection or wireless
    3) you should see that the wrv's WAN ip will be whatever address it has pulled from the befvp41; the wrv will automatically register this path in its routing table (wrv does automatic discovery)
    4) set your wireless security (no SSID broadcast, static ip's if they aren't that many systems on wireless, WPA...)

    Alright, you now have two subnets. Let's say the befvp41 LAN scheme is 172.16.23.1 and the wrv LAN scheme (as previously stated) is 192.168.3.1. However, because it is pulling an ip address from the befvp41, it's "WAN" ip address is 172.16.23.2. "This" connection is what will allow the wrv to send/receive information via the befvp41 to the internet and receive information from the internet. Keep in mind they are still on different subnets so you may or may not be able to have both subnets communicate with each other.

    I've seen some posts where people with firewall routers were able to make entries that allowed one subnet to talk to the other in this type of setup. Right now, the wrv subnet (if I remember correctly) will be able to talk to the befvp41 subnet, but the befvp41 subnet can't talk to the wrv subnet.

    Last but not least, go back to your befvp41 router and forward ports 443 and 500 to the ip address that is registered on the wrv's WAN port (the ip address it pulled from the befvp41). Not that you asked, but this will allow you to use quickvpn. Hey, I work it like this everyday of the week for my quickvpn users :)

    As for greenbow, you can run it on "either subnet" now because the befvp41 router handles the NAT-T issue. Keep this in mind: when you setup greenbow in this config (or any other for that matter) start out with the following settings:

    local secure group: Use "subnet" (your local router's ip scheme)

    remote secure group: Use "any" ("Hail Mary" option)

    remote secure gateway" Use "any" ("Hail Mary" option again)

    Once you've got your "technique" in running this configuration, you can start substituting you remote group/gateway choices.

    I never use greenbow to connect in to my network (although I can with this config) because I either use quickvpn or the 2000 vpn server I've configured for remote vpn access also.

    My wrv actually performs better in this config (DHCP refresh time problem is gone!!) and I can run for weeks on end unless I have to make a setting change.

    Doc
     

Share This Page