RVS4000 & VPN passthrough not working

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mlamorte, Nov 15, 2007.

  1. mlamorte

    mlamorte LI Guru Member

    Okay, I'm at wit's end here. I've Googled and researched and troubleshot and posted to Linksys' forums with no luck, so I figured maybe I'll post here.

    I have an RVS4000 serving as the gateway for our LAN. Behind the RVS, I have an Xserve running an L2TP VPN, which is tied to the users & groups permissions for the Xserve itself. Because of this, I can't use the VPN built into the RVS4000, so I'd like to simply pass all VPN traffic through the RVS4000 to the Xserve. A simple port forwarding, thanks. And it doesn't flippin work.

    I know the VPN on the Xserve is configured correctly because with plain ol' port forwarding on the ancient NetGear wired router, it worked fine. (We only upgraded because we needed a firewall and more port forwarding slots & port range forwarding, which the 7-year-old Netgear lacked. Plus it was slow as dirt.)

    I'm not comfortable with trying new beta firmware unless I know for certain that it will fix this problem. Other than that I've changed the MTU settings, put the Xserve as a DMZ host, and toggled a bunch of settings (IPS, rest to factory defaults, etc.) Nothing works... Client machines (OS X 10.4 and 10.5) get the same error after trying to connect for 45-60 seconds: "The connection has failed. Please verify your settings and try again."

    My RVS4000 config is as follows:
    Firmware: V1.1.09
    VPN: not configured
    DDNS: off
    IPSec, L2TP, and PPTP PassThrough: Enabled
    Ports 500, 1701, 1723, and 4500: forwarded to the appropriate internal IP

    All other forwarded ports -- pointing to the Xserve and various other boxes -- work fine.

    Any thoughts or suggestions?
  2. pablito

    pablito Network Guru Member

    Logs say what??

    I'm not familiar with either router/firewall but a few checks:
    Look around the posts here to be sure that the RVS actually handles NAT-T.
    Is your Xserve and the other end setup to do NAT-T.
    Did you make sure that you are forwarding the right thing UDP/TCP.
    Are the firewall rules are ok (port forwarding should take care of that).

    I've done VPNs with an RV that was behind a NAT'd WRT54 using DMZ. Unless something is misconfigured then perhaps the RV4 is mangling the pass through.
  3. mlamorte

    mlamorte LI Guru Member

    NAT-T isn't needed on the RVS or the Xserve, just port forwarding. And, as I mentioned in the original post, all other forwarded ports -- pointing to the Xserve and various other boxes -- work fine.

    The TCP/UDP settings for the forwarded ports are set correctly.

    The firewall rules are set correctly.

    Again, as I mentioned in the original post, even setting the Xserve as a DMZ host works properly for everything ***except*** VPN.

    I'm no hardware engineer, but methinks this is a firmware problem unless someone else can tell me what I'm missing.
  4. curtismartell

    curtismartell LI Guru Member

    VPN Passthrough: RESOLVED By 1.1.03

    I had this same issue with VPN passthrough. To make a long story short, it is resolved by firmware version 1.1.03. I think you need to call tech support to get it because it is still in Beta.
  5. mlamorte

    mlamorte LI Guru Member

    1.1.03 or 1.1.13? I'm already running 1.1.09, but 1.1.13 and 1.1.14 are out and available for download from this site, although they're still in beta... If it's 1.1.13 that fixed the bug for you, I'll install it today unless someone has a good reason why 1.1.13 shouldn't be installed on a production router.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice