1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV200 remote management through IPSec VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Sfor, Jun 3, 2007.

  1. Sfor

    Sfor Network Guru Member

    I played a bit with remote management. But, I found impossible to manage the router through IPSec VPN connection.

    But, perhaps I missed something during my experiments. So, I'm asking for comments, about this particular case.
  2. DerToob

    DerToob LI Guru Member

    I´m using two wrv200 with VPN connection and I can access the other site via the local IP (without using the remote port number)
  3. Sfor

    Sfor Network Guru Member

    Well. I have two WRV200 linked though a IPSec VPN, as well.

    In my case both neworks have different subnet IP's (As they should to, I think). And I can not access the other WRV200 web interface through VPN, for some reason.
  4. vpnuser

    vpnuser LI Guru Member

    Do you have Remote Management enabled?
  5. DerToob

    DerToob LI Guru Member

    I have remote Managment enabled and acitvated "allow remote ip : any", maybe that is the point.

    I tried it without remote managment enabled, but i won´t work.
  6. Toxic

    Toxic Administrator Staff Member

    Enabling Remote Management afaik is only if you use the WAN IP to connect to the routers webgui and not LAN IP address. You maybe able to contact the LAN IP but you will be on a different subnet from the remote site, and thus it will not let you use the remote's Webgui.
  7. Sfor

    Sfor Network Guru Member

    So, in order to access the LAN GUI, it is necesary to do it from the LAN subnet IP. But, how to create a same subnet LAN using an IPSec VPN. I'm not sure if it is possible, in this case.
  8. ifican

    ifican Network Guru Member

    The default gateway on your side (wrv200) should know how to already get there, you should not need to do anything special. If you can ping a machine on the other side you should beable to get to the lan side ip of the remote wrv200. Sometimes the 200 likes to just get mucked up, try rebooting it and then try again.
  9. Sfor

    Sfor Network Guru Member

    That's interesting. Every device from the remote network responds to ping, except for the router. So, I can not ping the LAN side of the remote WRV200 through IPSec tunnel.
  10. DocLarge

    DocLarge Super Moderator Staff Member Member

    Ahhh... A familiar annoying issue once again resurfaces :) If I vaugely recall, a Phase II negotiation appears suspect.

    Eric_Stewart and I played around with wallwatcher and a few scanning tools one night trying to figure out why Qvpn would connect but you couldn't ping the router (similar to yours) and what we saw was that Phase II (NAT-T) was "not" going through port 4500 as it was supposed to; it appeared to be using a port in the 4600' range. Nothing is more irritating than to make the connection but then not be able to ping the resources.

    I'll ask eric and see if he remembers anything else in particular about this.


Share This Page