Multiple gateway to gateway with RV042?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by PASWebAdmin, Apr 4, 2007.

  1. PASWebAdmin

    PASWebAdmin LI Guru Member


    I spent several hours on tech support with Linksys, and finally managed to get a gateway to gateway connection setup between an RV042 and my local BEFVP41.

    My next step is to connect 3 other remote locations in a similar fashion. One location has the same BEFVP41, one location has a WRV54G, and the final location is going to have to use QuickVPN.

    So I tried to start with the QuickVPN, finally contacted tech support, and learned that in order for anyone to connect via QuickVPN, I have to disable my gateway to gateway connection, and this was *not documented*.

    So I disabled my gtog connection, went through several conf files to get the settings right for QuickVPN, and now I am actually able to connect with QuickVPN.

    My problem is, one of the locations is a Mac...

    The location that *has* to use the QuickVPN client is only temporary - so in a couple of weeks, I can ditch the software and go back to gateway-to-gateway - however, I was told that it wouldn't work to do that with 2 other routers connecting to this one.

    Perhaps I'm just brain-fried, but isn't that the purpose of the multiple tunnels?

    Shouldn't I be able to have 1 tunnel for my connection, another tunnel for connection 2 from another state, and another tunnel for connection 3 from yet another state? Or am I asking too much? :confused:

  2. TazUk

    TazUk Network Guru Member

    Yes the RV042 supports multiple simultaneous VPN tunnels :)
  3. PASWebAdmin

    PASWebAdmin LI Guru Member

    Ok thanks! I'm glad to know I'm not crazy...

    Any suggestion on what to use to connect to the RV042 via software from the Mac (OS X 10.4.9 ) ?
  4. ifican

    ifican Network Guru Member

    would be pptp, i believe mac also has am implementation for that.
  5. aviegas

    aviegas Network Guru Member

    There is no limitation to be *documented*. There is indeed poor tech support.

    The only reason to "disable" a gateway-gateway to allow for QuickVPN to work is if the gateway-gateway connection "overlaps" the QuickVPN one, that is, the QuickVPN remote address is the same as the remote gateway or is part of the network that is behind the remote gateway.

    For example, in you case QuickVPN will not work for any user behind the BEFVP41. The RV042 will perceive the connection as coming from the BEFVP41 (NAT) and therefore will not be able to distinguish between the gateway-gateway and gateway-user connection.

    This is not a limitation of the RV0xx routers, but a limitation of the IPSec architecture. IPSec does not uses ports, so it's a host-host communication and there can only be one "connection" per host-host pair. This imposes other limitations on routers, such as the way VPN passthru is implemented (beyond the scope here).
  6. fencepost

    fencepost Guest

    Just as another point of information, the RV042 will accept both gateway-to-gateway connections and QuickVPN connections at the same time with no problems at all.

    We use RV042s at a bunch of our customers (medical practices with multiple offices) to link them together with gateway-to-gateway connections using static IPs, plus we set up doctors and ourselves to be able to connect into the network using QuickVPN. No problems with any of it.

    We also have at least one site connecting in using a BEFSX41 VPN router, though there was a little fiddling to get it connecting (the VPN options aren't all quite the same).
  7. PASWebAdmin

    PASWebAdmin LI Guru Member

    I will spare everyone the agony of what you already know, but you are *absolutely right about that*

    OK, this makes sense, but I'm seeing a different behavior. Even if I am connected here with the BEFVP41, and a remote site is trying to use QuickVPN, they are instantly rejected. If I disable the gtog connection, they are able to connect. I have had 4 different tech support agents tell me that the gateway must be disabled for QuickVPN to work.

    So I finally resorted to disabling my gtog connections for now, and have been struggling with the Quick VPN software since then. This might need to be a new thread - someone let me know if so.

    I was able to get a connection using QuickVPN - I used the tab in the web interface to add a username and password and then connected. I get an initial connection that lasts for about 30 seconds, and then I get "remote gateway is not responding".

    When I am first connected, I am able to open a cmd prompt and type the internal IP address of the server and hit return. In about 5 seconds the login prompt comes up, I login, in about 10 seconds, I get an Explorer window that shows the domain name, the server IP and the shares. I click on a share to open it and I get the hourglass... that's when my connection is dead. I can still ping the server, but that's it.

    I suspected it was a firewall problem, but I tested with NO firewalls in between, and still get the same problem. It's not just at my location either - I can reproduce it at another location not using a BEFVP41.

    SO... after much firmware loading and reloading and rebooting and etc... the tech finally asked me why I wanted to use Quick VPN and told me that Microsoft has a VPN client that I could use.

    I asked how I would get help if it was the same problem and was told that I would have to contact Microsoft.

    I have a Mac here - it has been happily connected to the RV042 using VPN Tracker with Client to Gateway / Group VPN. I am having a connection issue with that, however I suspect that one IS a firewall problem that I can deal with later. I have another client offsite using a Mac behind the router her ISP gave her, and is connected via VPN Tracker with no trouble.

    So I went and got The Green Bow ... uninstalled QuickVPN, followed their suggested setup for this router, and have been connected for an hour now with no trouble.

    My problem is this: Group VPN only allows 2 tunnels.
    Can I connect 5 people to those 2 group tunnels? Or do I misunderstand the purpose of group VPN?

    TIA! Sorry for writing a tome...

  8. aviegas

    aviegas Network Guru Member

    The key thing is the nature of the remote clients:

    QuickVPN is based on the Microsoft VPN "client". In fact it's just a shell to perform some form of HTTPS (SSL/TLS) based authentication before connecting.

    I do not use GreenBow, but I know people that use it with a RV082. No problems there too. But I do see a lot of problems with the Microsoft VPN code.

    MS VPN is a pain. Why, because it's in the middle of the traffic/security policy stuff (that is basically a huge kludge). If there is any other policy controlling anything on the client machine, it may/will fail miserably. And guess what? No simple way to trace it! Why, because it's all under the covers...

    Is there any security police in place in the Windows client? Some crap out of a "domain controller" or "Active Directory"? As you are trying to access MS "shares", then maybe you are also using other MS "technologies".
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice