[WRV54G] Revised 6 Step Connection Approach for Quickvpn

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by DocLarge, May 1, 2005.

  1. DocLarge

    DocLarge Super Moderator Staff Member Member

    I've had a few requests to further break down the aspect of getting quickvpn to connect, so here's an expanded view:

    1) Disable pptp and L2tp
    2) Disable all vpn port forwarding (500, 1701, 1723, 4500) to minimize background process interference
    3) Disable all vpn settings (tunnel, gateway, IKE)
    4) Make sure quickvpn is the "only" client loaded on your machine (won’t work otherwise)
    5) Enable Ipsec on the wrv54g to allow quickvpn to connect “out†and/or if you have someone using a third party vpn client (like greenbow or ssh sentinel) so they can connect (examples below).

    Methods of Connection:

    1) greenbow-->modem-->internet<---modem<--WRV<--Srvr [connects]

    2) quickvpn-->modem-->internet<---modem<--WRV<--Srvr [connects]

    3) quickvpn-->WRV-->modem-->internet<---modem<--WRV<--Srvr [connects]

    4) greenbow-->WRV-->modem-->internet<---modem<--WRV<--Srvr [no connection]

    NOTE: If you have a vpn client who is trying to access the wrv54 through a direct connection while using a third party client, method 1 is the “only†available option, unless you understand the quickvpn/greenbow workaround configuration. If you have a vpn client who’s using quickvpn, either methods 2 or 3 are suitable. Again, the WRV will "only" accept quickvpn requests from behind another router due to quickvpn being designed "specifically" for use with the wrv. All other vpn requests from other clients behind routers will be "dropped" unless it's a direct connection (see option 1).

    6) Check under services if you are running a windows OS and make sure Ipsec is running (if you’ve tried ssh sentinel recently, this knocks ipsec offline).

    If you are going to try and connect with quickvpn from another location (i.e., a wi-fi internet café) to your wrv54g, that establishment (Starbucks, for example) “must†have ipsec enabled on their wi-fi router in order for you to connect out (just the same as if you were trying to connect from your own wrv54g to another wrv54g acting as an endpoint (vpn host).

    These are just the general ground rules to start out with. One last thing to consider is if you're getting "verifying network," check your mtu setting. At times, you have to lower it to avoid fragmentation of
    the data packets.

    As always, what's outlined is just a "baseline." As you start having success's, start varying your configuration
  2. slide2

    slide2 Network Guru Member

    hey Doclarge

    your 6 step vpn thing looks like it may be the solution to a few problems we are having over here with a client - but i'm not clear on whether or not your solution has been known to work with NAT-T? We have been having problems with the AG241 and decided to pick up the WRV54g, which looks like it may have even more problems??!

    this is really getting out of hand, time is running out with the client and i'm really pulling my hair out over this!

    also i have noticed that a few people on this site are quite adverse to using the QuickVPN client? is there any reason for this? are there functionality issues or something?

    and next question (of my 20 questions) is what is a good choice for an adsl modem to use between the WRV54g and the internet?

    thanks for any help anyone can give

    this is our network config::

    client->nat device->switch->modem->internet<-modem<-WRV54g

    we as of yet havent tried to set it up, as they are in australia and we are in new zealand and would like to test it before we send it over.

    any help most appreciated!

  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    Hi Sam,

    pardon my late response. Not to scare you, but you've stepped in the middle of some "ish" by buying this router merely being there is a big push for Linksys to "finish the job" (include NAT-t patches) with this device. But take heart, there have been some ways created to lessen the initial shock of the dreaded "Verifying Network" (resulting in no tunnel). :) :)

    There is no NAT-T issue using the quickvpn client because quickvpn (again) was designed specifically for use with/for the wrv54g. Due to port 443 (on the wrv54g) being configured to work primarily with the quickvpn client, the wrv will always accept requests from quickvpn regadless of the client having a direct connection to the internet (see option 1) or from behind another router.

    Most people do not want to use quickvpn due to difficulties in getting it to connect. Linksys "never" gave good instruction on "how to make a connection;" instead, they initially pushed information on how to "configure an ipsec policy." If you follow my directions, you'll have a quickvpn tunnel. In the beginning, I could never get a tunnel created due to having made one of the configuration errors I've pointed out in my previous post. The adsl modem I use is the x-modem ce from adslnation (www.adslnation.com). I'm sure there are others but being located in London, Uk, and the company is in Oxford, it was a logical choice. Great performance, no doubt!!

    If you are really adventurous, you can experiment with a configuration that, although convoluted, it works. Here's the post:


    "All" of use who've tried it can get this workaround to run. Before you can try this, you "must" be able to make a vpn connection with the quickvpn tool because greenbow will be utilizing quickvpn parameters.

  4. chris547

    chris547 Network Guru Member

    The only problem with Quickvpn is that it only works with XP or 2000, if your using something like a pocket pc, a Nokia 9500 or something else your out of luck :-(
  5. This sounds very ominous to me! What it sounds like is that QuickVPN uses port 443 to establish a connection - which means that any person hosting their own Exchange 2003 server either can not use OWA (as it connects through https requiring port 443 to be forwarded) or can not use QuickVPN.

    Is my assessment correct?

    I have clients that will be connecting from all around the US so there could be any number of situations that could come up. Will this be something that I have to worry about? Should I just go ahead and have them get another router for VPN? If so, which router? I've always been impressed with linksys - until now.
  6. AnimoEsto

    AnimoEsto Network Guru Member

    Outlook Web Access only connects via 443 *if* you are using Backend and Frontend Exchange Servers. If you are a single site org in exchange then you can use normal port 80
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice