Can Someone Comment: DMZ not allowed if using VPN???

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by BrandonIT, Mar 10, 2006.

  1. BrandonIT

    BrandonIT Network Guru Member

    From the site:
    Troubleshooting Linksys QuickVPN Connections

    Router Settings
    These settings, which can be found in the web-based Setup utility of your router, should be configured to allow QuickVPN connections.

    Host Name: <should be left blank>
    Domain Name: Should be filled in with any domain name followed by .com, .net, .org, etc. (for example, The domain does not have to be a valid domain that exists on the Internet. Without a domain name, you may get an "ERROR: malformed status line -1" entry in the wget_error.txt log file (found in the \Program Files\Linksys\Linksys VPN Client folder)
    MTU: An MTU value of 1428 can be used and decremented further to test.
    HTTPS (RV-series VPN routers only): Should be set to Enable.
    Port Forwarding: Ports 443 and 500 should not be forwarded to the LAN. These well-known ports are used to create the secure IPSec tunnels used by QuickVPN.
    DMZ: DMZ (De-Militarized Zone) features should not be used.
    QuickVPN Client user accounts: QuickVPN Client user accounts need to be set (checked P) to Active.


    So has anyone gotten QuickVPN working reliably when using the DMZ as well on the RV0XX series?

    Personally, I use an RV042 and we've been having a terrible time trying to get the VPN working even after following the stickies here.
  2. TazUk

    TazUk Network Guru Member

    By turning on the DMZ your telling the router to forward all packets to a local IP address, this would include the Quick VPN packets which would prevent the tunnel from being initiated. Why do you need to use the DMZ anyway?
  3. BrandonIT

    BrandonIT Network Guru Member

    (A Clarification: This is in reference to an RV042 - which according to my understanding of Linksys marketing hype - is a "business-class" firewall/router.)

    If that's the case, I may have misunderstood what their marketing terminology of "DMZ" meant. On my home router, DMZ means forward all packets to the specified address.

    But on my work firewalls, DMZ refers to a separate subnet, with the ability to route packets to the internal and external interfaces. (This is what I wanted).

    I have a wireless network (using a WRT54G :) ) attached to the DMZ network jack on the RV042. This wireless network is inherently insecure because I am using 64-bit WEP.

    Because the wireless is insecure, I need it to be kept as separate as possible from the main LAN. So I bought the RV042 with the understanding that it offered a DMZ network (just like our Cisco PIX's at work) AND the ability to act as a VPN host for my users.

    (I have to use 64-bit WEP because I'm using 2 WAP54's as repeaters off the main WRT54G to connect three different buildings at our site with internet access. According to Linksys tech support, the WAP's are unable to handle higher encryptions when being used as repeaters.)

    So, that is why I need a DMZ functionality. However, if the DMZ functionality is NOT the ability to have a second subnet off the same router, but instead just a "throw open all ports" to an IP like any home $9.99 router, well...maybe I overpaid for this $200 firewall...
  4. TazUk

    TazUk Network Guru Member

    Well if you go to Setup, DMZ Host it probably says the following in the right hand panel

    I don't have a RV042 myself so I'm just going by the UI that's on this site
  5. TazUk

    TazUk Network Guru Member

    Looking at the picture the WAN2 port has DMZ above it, so maybe you can run another LAN from that port at the expense of a second WAN connection :???:
  6. BrandonIT

    BrandonIT Network Guru Member

    According to what I've read that's correct. However, as I've found with the Linksys WAP's and repeating, just because a product says it can do something, that doesn't mean it can do that AND everything else. Many times I think it's an "either/or" not an "and."

    Anyway, I'm hoping someone with an RV042 can add some light to this problem.

    I'd like to know if I'm the only one that's using the DMZ functionality of the RV042.
  7. jwdenzel

    jwdenzel Network Guru Member

    I'm trying really hard to use the DMZ port functionality on the RV042, but I simply can't get it to work. I'm just trying to get my incoming WAN traffic to forward to the webserver plugged into the DMZ port. No dice.

    Here's the threadI started for my issue. Any help would be appreciated.

    BTW -- I also want to eventually use the VPN capabilities of the device. It would suck if they could not work together.

  8. BrandonIT

    BrandonIT Network Guru Member

    Yeah, JWD, I really like the "on paper" ability to have a seperate DMZ subnet, AND the ability to have incoming VPN connections to the LAN. I'm just not sure it's entirely possible. I've had nothing but trouble with the QuickVPN solution. I've only gotten it working once reliably on one computer. Now that's broken.

    I see Linksys has just released a new RV042 firmware and it looks like a new QuickVPN client just got released too. We'll see if updating the router firmware to this newest, updating QuickVPN, and turning off the DMZ functionality has any affect on my problems.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice