RV016 group VPN?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Silvan, Aug 29, 2006.

  1. Silvan

    Silvan LI Guru Member

    Hi all,

    I've browsed through some of the old RV016 threads and it looks like lots of VPN issues but i'm posting this question anyways.

    Just bought an RV016 to replace an existing Pix501 to have load balancing between two DSL connections.

    There will be two 'gateway to gateway' as linksys calls it and I also need a group vpn setup for certain office staff.

    I've been working on this for days now and have tried everything but no luck. Has anyone actually got the group vpn to work with the linksys quick vpn software? In the software client part is the username the groupvpn name on the router and the password the passphrase? That is what i've been doing and vpn passthrough is enabled but nothing works. I can get single clients setup on the router to connect however I really do need a group vpn.

    Also once this works, how will the users authenticate with the domain controllers? the current pix asks for their domain user/pass after the initial group vpn authentication. Any help would be appreciated. Thank you.
  2. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    The only help I can offer would be to ask if you flashed the latest firmware. Typically firmware updates seem to help resolve VPN connection issues.
  3. Toxic

    Toxic Administrator Staff Member

    quickvpn setup is in the "VPN Clients Access" section and not the GroupVPN policy. GroupVPN is for a configurable an IPSec VPN Client like Greenbow, SSH Sentinel etc. QuickVPN only needs Username/Password.

    Hope this helps
  4. Silvan

    Silvan LI Guru Member

    Thanks Toxic I will try that. The latest firmware is on the router btw. Are there any free vpn clients out there that would work for the group vpn?
  5. Silvan

    Silvan LI Guru Member

    I'm now getting the following error : "Initial Aggressive Mode message from x.x.x.x but no (wildcard) connection has been configured"

    I googled it and it said it could be because I was behind another router/firewall, however I've removed myself from any router or firewall and am still getting the same problem.

    Also i had to open up a whole bunch of ports to even get to this state. the RV016 firewall log files were denying access to IPSec (p500) ICMP and others even though i've enabled VPN passthrough.
  6. d__l

    d__l Network Guru Member

    Which VPN client are you trying to use to make the VPN connection?

    I know that error well and it is probably caused by the VPN client not submitting an email address authentication identifier(USER_FQDN) or the RV016 not configured to accept a VPN request from a dynamic IP with an email address authentication identifier.
  7. Silvan

    Silvan LI Guru Member

    I was using the trial version of GreenBow. Where in the client do I put the e-mail address?
  8. d__l

    d__l Network Guru Member

    I've never used Greenbow so I can't say, but in other clients and routers the email address is entered in conjunction with the Aggressive Mode setting.
  9. Silvan

    Silvan LI Guru Member

    Think I might have found it. What other clients have you used besides ssh sentinel?
  10. Toxic

    Toxic Administrator Staff Member

  11. Silvan

    Silvan LI Guru Member

    ugh, this thing is going out the window soon.
  12. d__l

    d__l Network Guru Member

  13. Silvan

    Silvan LI Guru Member

    Trying with the built-in Windows IPSec VPN and getting the following error...any ideas what causes it?

    [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet

    Sep 11 11:34:15 2006 VPN Log Cannot respond to IPsec SA request because no connection is known for[vpnclient@microsoft.com]

    Sep 11 11:34:16 2006 VPN Log Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x14071e05 (perhaps this is a duplicated packet)
  14. Toxic

    Toxic Administrator Staff Member

    lol good luck with Windows IPSec client. dont know anyone that has that working yet.
  15. Silvan

    Silvan LI Guru Member

    haha wonderful..
  16. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Why forcing the difficult path instead of the QuickVPN Client..or my preferred choice which works great on a whole bunch of RV0 units I have deployed..PPTP VPN.
  17. DocLarge

    DocLarge Super Moderator Staff Member Member

  18. TazUk

    TazUk Network Guru Member

    I think that version of SSH Sentinel has issues with XP SP1 and SP2 :unsure:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice