Shared experience - VPN and RV082

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by perak, Aug 12, 2005.

  1. perak

    perak Network Guru Member

    Hi all,

    I would like to share my experience about the RV082 and VPN connections now when it seems to work. Some more extensive testing of the type “any thing that possibly can go wrong will go wrong†will be preformed by my colleges soon :|, we’ll see then.
    I am just an interested user and not a network technician or computer engineer so some of this might give you some laughs.

    We are running a small office with Win2000 server with active directory, DNS and DHCP, a WinNT server as fileserver and laptops win WinXP and Win2k. We have one RV082 (fw connected to IN through an ADSL modem to a fixed IP.

    After some major help from this forum I finally got QuickVPN to work. But unfortunately no seamless connection to the mapped drives and not possible to ping “names†translated by the DNS-server. Setting the DNS server IP in the network device properties did resolve the ping problem but not the mapping of drives. Also when some of my colleges were at home or at a client’s office the QuickVPN did not connect (…verifying network…hangs…the well known problem). It seems that the QuickVPN is not working very well with some hardware including some modems, which might have some limited FW functionality.

    Then I tried the Greenbow VPN client which crashed my laptop (WinXP) completely resulting in tiresome reinstallation of everything :(. Managed to save my files by using a Knoppix boot CD :).

    Then I tried the SSH VPN client (1.4.1) and after input from the Routerworld configuration examples (Sticky in this forum) I got it working. On the RV082 the connection shall be configured as a Microsoft VPN client in the GroupVPN client to gateway setup.

    Comparison between QuickVPN and SSH VPN clients:
    The SSH connects for me in 2 seconds when it for the QuickVPN takes about 10 sec, so about 5 times quicker at startup. On the other hand, SSH took me 100 times longer to configure compared to QuickVPN, so I suppose this is what quick is referring to for Linksys.

    The SSH was after connection having the same problems with mapping and ping as the QuickVPN, so I guessed the problem where not the client itself. Most of the VPN testing has been made from a connection to a dynamic IP behind another RV082, which also confirms that RV082 (fw1.1.6.11) supports NAT-T which was used by the SSH client. This might also have given me some unexpected benefits or problems.

    Both VPN clients also had problems with the soft-firewall installed on the laptops (F-secure client security 6.0). It was not enough to approve all the connections asked by the F-secure FW. I had to manually configure the FW to allow ESP (Encapsulation Security Payload protocol) in both directions for any IP (this I suppose can be narrowed). After this I had no problem with the soft-FW.

    After much testing and as we have WINS running on the server, what finally gave a seamless connection over VPN was to enable NetBIOS over IP and configure WINS IP for the network adapter. In addition I needed to make portforwarding of DNS to the DNS server IP in the RV082. DNS IP of the LAN is not necessary to configure for the network device. I still do not know if these settings are just working for our setup or if others have the same experience??
    And yes, I also have the following error messages in the RV082 log when DNS portforwarding is enabled:
    Aug 12 02:11:30 2005 NAT configuration failed
    Aug 12 02:11:30 2005 RNAT configuration failed
    Aug 12 02:11:30 2005 Error in RNAT configuration Local Servers
    Aug 12 02:11:30 2005 Failed nat control SIOCADNAT - Success
    It seems to work anyway.

    A few more things were required. The active directory has a user login-script like this:
    net use * /d /y
    net use T: \\servername1\foldernameX
    net use U: \\servername2\foldernameY\%username% **remark – personal folder
    net use V: \\servername2\foldernameZ
    net use /persistent:yes

    I add the last line to make the folders exist when startup outside the LAN and before connecting with VPN, which shall be made manually by the user. As a backup I have the same script as a BAT-file on the desktop if the folders are missing anyway. Also note that after connecting with SSH it can take some minutes before the connections and the DNS is completely resolved. If you run the BAT script before this you will get Error 53 message. Then just wait a little longer, Outlook will connect to Exchange without any delay.
    I do not know if this delay is something typical for our system’s updating interval.

    I have not tested everything with QuickVPN as we went for the SSH because of the connectivity problems at some locations. But the mapping, ping and Outlook/Exchange connection I could establish with QuickVPN installed on my homePC, which never have been a member of the domain, using my username as domain\username or username@domain.xx and the password.

    Hope this can help some.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice