RV042 - QuickVPN from DMZ, Verifying network then fail.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by BrandonIT, Jun 23, 2005.

  1. BrandonIT

    BrandonIT Network Guru Member

    I am using an RV042 in DMZ mode. On the DMZ I have a wireless router hooked up to service wireless clients, a WRT54G.

    When I try to VPN in from the DMZ I get to "Verifying Network..." and then about 60 seconds later it fails saying "remote gateway not responding" or something to that effect.

    The network setup looks like this.

    Internet (router)
    -RV042- (DMZ) -> WRT54G (wireless LAN 192.168.3.x)
    (internal LAN 192.168.242.x)

    Has anyone successfully setup the QuickVPN to run from the DMZ? Do I need to open anything special to allow this to work? I've tried opening up IPSec from the DMZ to anywhere, but that didn't help. I even opened up EVERYTHING from the DMZ to anywhere, but no go.

    I'm believing there may be a firmware issue with running the QuickVPN from the DMZ to get to the internal, but I wanted to ask around first.

    Any help would be appreciated.

    EDIT: More information:
    I have verified the IPSEC, PPTP, and L2TP passthrough are all enabled on the wireless router (WRT54G) on the DMZ.

    I have flashed the RV042 up to the latest published firmware from the Linksys website. I have also flashed the WRT54G up to the latest published firmware for it as well. (I am NOT running any beta software)

    I can surf the web no problem using a wireless laptop connected to the wireless router which is on the DMZ of the RV042. But QuickVPN refuses to connect.
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    Have you ever had quickvpn connect before?
  3. BrandonIT

    BrandonIT Network Guru Member

    Yes. VPN will work fine from outside the network, from the internet. I'm using the same userid/password for DMZ testing.

    EDIT: More information
    However, the computer that's working outside the network is not the same computer as the one I'm testing from the DMZ with.

    I'll hook the DMZ computer up to my internet connection tonight and test to make sure the VPN client on the actual computer is up and running.

    Will post results Friday (June 24th) if possible.
  4. BrandonIT

    BrandonIT Network Guru Member

    NEW INFO: Tested DMZ computer from home internet. Works fine.

    I took the computer I was testing the DMZ VPN with, home. I hooked the computer up to my home internet connection, fired up the QuickVPN software, changed the address I was VPN'ing to, and everything connected fine. Could ping, get DNS resolution, everything.

    So the machine works.

    The DMZ however still doesn't.

    EDIT: When I said "NO beta" earlier, I didn't mean I was against using 'beta' firmwares, I just meant I was not using any at the moment. I'm not against it, as long as they are relatively stable. Since this installation is off-site and I only have physical access to it 2 days a week, then it's important that it be a stable installation if possible.
  5. DocLarge

    DocLarge Super Moderator Staff Member Member


    if it works fine at home, that means there might be something "suspect" about the settings or the LAN connection...

  6. BrandonIT

    BrandonIT Network Guru Member

    I admit I'm not really sure what you mean when you say "LAN connection".

    Since I can surf the internet from the DMZ then I have to assume the LAN connection going from the DMZ computer to the wireless router to the RV042 to the internet is all good.

    So, as you say, that leaves 'settings'. Problem is, the only settings that I'm aware of that would affect VPN access from the DMZ are these:

    1.) VPN Clients - I have defined a working user and tested it.
    2.) DMZ - I have setup the DMZ and it is successfully segregating.
    3.) Firewall Rules - I have tried opening all DMZ traffic to all IP's, including internal.

    So I'm at a loss as to what other settings there may be. I suppose my next test will be to take out the wireless router (WRT54G) from the picture.

    If no other ideas are floated, I'll plug my DMZ test machine directly into the DMZ port on the RV042 and see if I can VPN in. If I can, then obviously it is a problem with the WRT54G blocking me. Then I can start troubleshooting that. Otherwise, it means the DMZ is the actual problem.

    EDIT: More information
    The internal LAN is working fine as well. I can surf the web from internal machines just fine.
  7. BrandonIT

    BrandonIT Network Guru Member

    Plugged the working DMZ test machine directly into the RV042, removing the WRT54G from the picture altogether.

    Could not connect with the VPN software. Though I could surf the web just fine.

    I am now firmly convinced this is probably either a firewall access rules problem, or a problem in the firmware of the RV042 itself.

    I will attempt to contact Linksys, probably tomorrow (Sunday) to see what they have to say about it.
  8. BrandonIT

    BrandonIT Network Guru Member

    Well, I finally got around to contacting Linksys through their Live Chat to see if my DMZ connection problems are my fault or theirs.

    Turns out it's theirs. Apparently, connecting to the VPN from the DMZ port is not supported, at least according to my support tech.

    Here's part of the transcript from that chat:

    Lia P(17497): You need to connect the WRT54G to the regular port of the RV042 . The linksys router has a feature to have a wireless security.

    Brandon: I could do that. However, if I do, that puts the WRT54G clients on the same network as my church office. Which is what I'm trying to avoid since the wireless network is vulnerable to hacking.

    Brandon: Even the WPA-PSK is possible to crack with enough time.

    Lia P(17497): That is correct.

    Lia P(17497): But the VPN will not work if you will stick to your connection.

    Brandon: So, just so I can make sure, then you are saying I cannot use the VPN software through the DMZ port on the RV042?

    Lia P(17497): No.


    So, it looks like I will need to find another way to secure my wireless clients away from my network.

    I will now attempt to get a 2nd IP address from my provider and use the WRT54G on the same outside network as the RV042. I'm not as happy about putting my wireless network almost directly on the internet, but it looks like that's the only way my wireless clients will be able to use their VPN software to get into the internal network, while still keeping the majority of wireless users away from my internal network as much as possible.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice