at my whit's end!

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by grastard, Aug 31, 2006.

  1. grastard

    grastard LI Guru Member

    I am ready to start crying like a 12 yr old girl over this issue. Dsl modem in bridge mode connected to a linksys befvp41 router. That is connected to a switch then the know. I only need one VPN tunnel up right now and I cant even get that. I have Greenbow 3.1 that i'm trying to configure to connect to it. I have the logs set up on the router that shows no attempt even to connect and when i try to open a tunnel, Greenbow just sits there. i dont get an error message or any indication that it will do anything but tell me that its "opening tunnel".

    The settings, ie. preshared key, encryption, pfs, key frame are matched perfectly on both the router and the greenbow client. I really am at a loss here. If there is anybody has any suggestion or has had a similar problem please let me know what you did or what you've tried so i can get this up. I very much appreciate any help i can get. Thanks.

  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    Okay, first thing:

    1) Is your router connecting to the internet while the router/modem gateway is in bridge mode?

    2) Are all other machines behind your befvp41 able to get to the internet:

    If it's yes to both those questions, then take a look at the link below.

  3. grastard

    grastard LI Guru Member

    Everything has internet connectivity. I followed that guide and applied every detail of it but to no avail. Even locally, within the lan i set the gateway as the routers local but that didn't even show an attempt to connect on the router's log. Incidentally, this is my second router because after talking to linksys tech support for 2 hours they told me it was bad and to get a new one. Is it possible I got another bad one? Thanks

  4. arr2036

    arr2036 Network Guru Member

    I know it sounds stupid, but just check that your routers firewall is set to allow packets through on port 500 and port 51 (ipsec & ike), as I had this exact same problem on a netgear router and that fixed it.
  5. Toxic

    Toxic Administrator Staff Member

    port 51?

    IPsec-based VPN's need UDP port 500 opened for ISAKMP key negotiations, IP protocol 51 for Authentication Header traffic (not always used), and IP protocol 50 for the "encapsulated data itself.

    50 and 51 are protocols and NOT ports.
  6. grastard

    grastard LI Guru Member

    The router and the firewall are one in the same. shouldn't I just need to configure the vpn tunnels since that should open the connection?
  7. DocLarge

    DocLarge Super Moderator Staff Member Member

    Realistically, "no," unless it's specificed in the vpn client documentation that you need to do so. The main thing to ensure is that you have "ipsec pass-thru" open on both the client-side router you'll be connecting through "and" the endpoint router that's hosting the the tunnel.

    Additionally, make sure that the IPSEC service is enabled under "services." I've seen it firsthand myself where I've tried to use another IPSEC vpn client (ssh sentinel) and it's knocked IPSEC services offline; once I re-enabled it, I was able to connect with greenbow.

    Out of curiousity, what type of router/modem gateway do you have that's currently running in bridge mode?

  8. DocLarge

    DocLarge Super Moderator Staff Member Member



    I deleted your post because it had an exposed WAN IP address in it; I didn't want to take the chance that a passerby "might" take that as an opportunity to start hacking.

    I did catch that you are using a 2wire. If possible, could you repost your picture "without" a WAN address being displayed? :)

  9. grastard

    grastard LI Guru Member

    its false. No such WAN IP exists. It was simply an example to show that I am using the correct WAN IP instead of the LAN IP. Here it is again with the WAN deleted. Thanks.
  10. grastard

    grastard LI Guru Member

    Just an update: I've now tried this from inside the network, outsided the network from 2 different locations and WAN's and 2 different computers. I'm beginning to think that it is the router. Or that i'm a complete idiot and i should take up scuba diving instead. Thanks.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice