1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV54G / 20 VPN Tunnels / Questions

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by sydeburnz, Aug 7, 2005.

  1. sydeburnz

    sydeburnz Network Guru Member

    We have an IT guy for our company that recommended the WRV54G because we want to move our propietary software towards a centralized database structure. So, we bought one of these units for every single one of our stores, which now I am even wondering if we needed to do. Did every store need one?

    We are using the dedicated tunnel page and do not have any quickvpn software running. We also have a proxy set up so that we may observe web traffic and keep everyone using the work computers away from certain activity.

    It seems that every day, nobody can get on the net that is set up through the proxy because our WRV54G at the headquarters has locked up. A simple power cycle at HQ doesnt work because each store then needs to do the same thing so the vpn tunnel gets connected again.

    We have had the lines tested per linksys and we are practically on top of the CSO for bell, so the lines signal is excellent. We got a new modem, and per the techs request. we set up the PPoE in the modem in addition to the router and passed through the static IP. He said that sometimes this helps keep the modem up. Bell blames Linksys, Linksys blames bell.

    So, I guess I have a few questions.

    Is the best way to set up the VPN through the dedicated tunnel setup with the same unit at every store?

    What can I do to keep the WRV54G connected?

    Is it the VPN setup or something with the router?

    We are on our 2nd router at our HQ and using 2.37

    SBC DSL 3m/512k with a static ip address.

    Every store is set up on a seperate ip scheme:
    192.168.1.xxx
    192.168.2.xxx

    Thanks in advance for any input you provide!!
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    My initial question (if you dont' mind) is are you one of the IT folks for your company or one of the users? If you're not one of the IT folks, you might not want to mess with the configuration put in place. However, if you are just a user looking for the best way to work with your current situation, then I'd say you're stuck with a dedicated vpn tunnel. Quickvpn only allows "one" connection out at a time which doesn't make it a good option at all for a office needing vpn connectivity.

    The bad thing about a dedicated tunnel is the amount of bandwith needed to sustain it. A dedicated tunnel is "session oriented" meaning it stays connected even once it's through passing data which greatly diminishes your bandwith. Therefore, it's highly recommended you have "at least" 4mbps or more for that sort of configuration; anything less than that may make connections a little "sticky." Also, for each dedicated tunnel you set up (should you want additional dedicted vpn tunnels) that also is an increased impact on your available bandwith. FYI, using a dedicated vpn tunnel solution is a lot of overhead so come ready with bandwith.

    I personally don't understand why the tech had your modem set to PPPoE if you have a static IP. I would remove that setting myself, but that's going to be your tech's call.

    The best way to keep the WRV54G connected is to configure a dynamic dns along with your static IP; you guys should be free and clear at that point, but this is my version of the truth. As far as firmware goes, the beta 2.37.13 is "kick ass" (I think) but again, you need to see if your tech will allow it.

    Hang out long enough and some of the guys may give you different alternatives to consider. :)

    Doc
     
  3. kspare

    kspare Computer Guy Staff Member Member

    Use firmware 2.38....

    I run about 30 or so wrv54g's on my customer sites that all come back to a pix506 firewall. I've tested ALL the firmware and 2.38 has worked flawlessly for what you want to do. 2.37.13 will still hang once in a while. I've now have routers with 2.38 up for a good 3-4 months.

    Keep in mind when you upgrade to 2.38 you will have to manually type in the config for each router again....it sucks, but it's also the reason why I keep a few spares around...in the event I have to do an update, I just update a spare and go swap it out for minimal downtime....

    For my purpose which is very similar to yours, 2.38 is the only firmware i've found that doesn't crash or hang the router.
     
  4. sydeburnz

    sydeburnz Network Guru Member

    ok....thanks so far. i want to make sure that i am clear on a few issues.

    #1 - I am not 'the' IT guy, but I usually fix 80 percent of our IT problems that arrise. After seeing the 1st setup of the router, I did all the other stores and was verified by our IT guy. I can follow direx pretty easily and usually have a good hunch. Heck, he didnt even find this site. :)

    #2 - The firmware upgrade will have to be done on every single router? I have a few running 2.36 still from sheer laziness, but those stores dont seem to have any worse of a problem than the others.

    #3 - The modem is setup with our PPoE info now - before it was bridged. This new configuration was done because of the recommendations of the SBC tech, not ours. But, I also tend to agree. Im not sure why he recommended it and know that it didnt help.

    #4 - If the upgrade is done, is bandwidth still going to be an issue NOW? We are currently not set up to use a centralized database. As of now, basic web traffic and nightly backups from each store hit our server downtown. Is this enough to cause the router to lock up now? Or, are you stating that when making the move to the centralized database, we will have to get more bandwidth.

    #5 - Would it help to post any of the setup config info from the server (headquarters) and client (individual store) routers???


    Again, thanks for all the help. I can see the light at the end of the tunnel, I just hope it isnt a train. :)
     
  5. DocLarge

    DocLarge Super Moderator Staff Member Member

    Regarding bandwith, it's best that you watch what you have for right now and look for any signs that you might be maxing out (i.e., hung file transfers, slow responses from remote devices) you'll know if you see it.

    As far as posting any information, if you're going to post, just make sure it's not your "actual" settings; give examples that folks here can work with that are pertinent to your setup...

    Doc
     
  6. kspare

    kspare Computer Guy Staff Member Member

    Yes you will need to upgrade all of your routers to 2.38....I did a post a little while back while I tested all the firmware versions, the only one that is stable for me is 2.38.

    If bandwidth is really an issue, setup snmp and run mrtg against it and graph out your utilization. Don't take anyone's word for it, graph it out and you will KNOW for sure.

    If you need help with mrtg and the wrv54g let me know...I use it regularly.
     
  7. sydeburnz

    sydeburnz Network Guru Member

    I would like some more info on the mrtg and how to get ahold of the 2.38 firmware upgrade. Is it possible to test the new firmware at a couple stores and have the majority of the others on 2.37 just to get things going for testing and such? I mean, will it affect the stores still on 2.37 worse than what is happening now?

    The majority of the problems seem to be happening at our HQ, anyways.

    thanks again.
     
  8. kspare

    kspare Computer Guy Staff Member Member

    Upgrade the main office one for sure to 2.38, the do select remote office ones as well to support your testing.

    Send me a PM about mrtg and i'll help ya get going with that.
     
  9. mikeyes5

    mikeyes5 Guest

    The IT guy

    Im "the IT guy" mentioned above. First of all thanks for the input from you guys. I will be testing the 2.38 firmware and hopefully will clear up a few issues.

    Just wanted to clear a few questions:
    The WRV54G was used because it was the cheapest device out there at the time. The optimal solution would have used Cisco SOHO's at the edge site with a pix or 1721 at the main site running the VPN IOS. This was way out of the price point.

    PPPOE authentication is still used at the router because our local DSL ISP is nuts. They use PPPOE for everything including static connections. Our PPPOE connection will always be assigned our static address.

    The DSL problems (I think) are related to the infrastructure wiring in the area. We have 2 DSL location in town. 1 site in the old part of town has constant disconnect problems. When the modem drops the DSL signal the router locks up (hopefully 2.38 will fix that). In the newer part of town the 2nd site which is using identical hardware does not have the same DSL signal issues. The phone company keeps blaming everything other than their equipment. We have already replaced our modem filters etc. at their request with no change in the situation.

    Thanks again for all the input.
     
  10. sydeburnz

    sydeburnz Network Guru Member

    Just an update here and a hope that someone will still see this post and respond. :)

    We have not upgraded to the 2.38 yet as it isnt on the linksys website and want to make sure we dont do anything 'questionable' without trying all other avenues.

    SBC has done the following:

    Switched our modem (speedstreem 5100)
    Switched our filter
    Switched lines coming from the pole to our demarc
    Switched the lines coming the demarc to the jack
    Changed ports at central switch office
    Changed circuits at central switch office
    Switched modem to a bridged router (netopia)

    Alice Cooper is in town for a concert tonight and I was gonna try to see if he would come sacrifice a live chicken for us to see if that might work. :)

    Anyways, it seems as SBC has really done everything possible here and I am really starting to feel it is the router. Usually what happens is we get here in the morning and the connection is down. A restart on the router fixes it. Yes the circuit is dropping from SBC, but it usually re-established a connection in about 5-10 seconds. We looked at the log file on the modem today when the SBC tech was here. SO, is this really a problem with the router not recognizing when the circuit is back up? Also, after this happens, any computer within the network of our HQ cannot ping the router or any other computer. The internet connection dropping should not have anything to do with the internal network of stations connected to the router, should it?

    I dont know if I am on the right track or not, but figured I would post again to let those that helped before know our progress and possibly give a little more input.

    Thanks in advance.
     
  11. TazUk

    TazUk Network Guru Member

    I can't see there's anything questionable about using 2.38 :unsure: The reason it's not on the Linksys website yet is because it's a beta release and the way things are going may remain so indefinitely. If you want to go through official channels then contact Linksys tech support and ask them to email the firmware to you.
     

Share This Page