Greenbow VPN Client and RV042 Setup

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by amadali, Dec 14, 2004.

  1. amadali

    amadali Network Guru Member

    Greenbow VPN Client to Linksys RV042

    RV042 Firemware 1.3.1
    Greenbow VPN Client - A quality VPN client
    Linksys RV042 Configuration
    Client to Gateway
    Group No 1
    Group Name Greenbow
    Interface WAN1
    Enable Check
    Local Group Setup
    Local Security Group Type Subnet
    IP Address x.y.z.0
    * Internal IP network
    Subnet Mask
    Remote Group Setup
    Remote Client Domain Name FQDN
    Domain Name
    IPSec Setup
    Keying Mode IKE with Preshared Key
    Phase1 DH Group Group2 (1024)
    Phase1 Encryption 3DES
    Phase1 Authentication SHA1
    Phase1 SA Lifetime 28800
    Perfect Forward Secrecy Check
    Phase2 DH Group Group2 (1024)
    Phase2 Encryption 3DES
    Phase2 Authentication SHA1
    Phase2 SA Lifetime 3600
    Preshared Key {Shared Key}

    Greenbow VPN Client Configuration
    Name rv042
    Interface * <- any dynamic IP address
    Remote Gateway {WAN IP address of RV042}
    Preshared Key {Shared Key}
    IKE: Encryption 3DES
    IKE: Authentication SHA1
    IKE: Key Group DH1024
    * This must match the RV042 setting
    Advanced:LocalID:Type DNS
    Advanced:RemoteID:Value {null}
    Advanced:RemoteID:Type {null}
    Advanced:Aggressive Check
    Name Tunnel1
    VPN Client Address A.B.C.D
    * IP MUST be of a different network address than the internal network.
    * The client will appear as this IP to the internal network.
    Address Type Subnet
    Remote LAN Address x.y.z.0
    * Internal IP Network. Must match RV042 setting.
    Subnet Mask
    ESP:Encryption 3DES
    ESP:Authentication SHA1
    ESP:Mode Tunnel
    PFS Check
    Group DH1024

    Here is a major 'gotcha'. Took about 4 hours to figure out.

    If you have set a 'DMZ host' on the RV042, it *can* (and in my case did) interfere with the VPN.

    The VPN setup works fine with the Greenbow client behind a NAT router (im guessing IPsec passthrough must be enabled).

    Hope this spares someone some angst.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice