WRV200 QuickVPN – Certificates, Mapping Drives, Vlans and Wireless

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Detail_PT, May 15, 2007.

  1. Detail_PT

    Detail_PT LI Guru Member

    Hi to all,

    WRV200 Fw with:
    - ADSL PPoE
    - LAN IP range 99.99.x.0 (DHCP Off)
    - DDNS enabled;
    - Https enabled for remote access;
    - IPSec, PPTP and L2TP Enabled
    - VPN Clients created and active;
    - New certificate generated;
    - New client certificate exported.

    QuickVPN v. 1.1.00 @ WinXP Pro SP2
    - Default certificate deleted;
    - New client certificate pasted in c:\program files\linksys\linksys vpn client\
    - Correct user names, passwords, server address and port set to Auto

    A) The remote Clients results after pressing Connect are:

    A.1) Warning Message – “Server's certificate doen't exist on your local computer. Do you want to quit this connection?â€
    But, if the client press NO ... policy activation ... and the connection is sucessfuly established !!!
    If the new client certicate is instaled whats the meaning of this message???

    A.2) A few seconds later an Info Message - “The remote gateway is not responding.â€
    Let it stay or press Ok as we can see after... just remember that the connection is established!!!
    Why this message popup???

    B) Mapping Network Drives in the remote client Pc's – a few senerious:

    B.1) LAN shared folders @ NAT File Servers not firewalled - Success!!!

    B.2) LAN shared folders @ WinXP SP2 with XP Firewall OFF – Success!!!

    B.3) LAN shared folders @ WinXP SP2 with XP Firewall ON – No success!!!
    I saw this http://www.linksysinfo.org/forums/showthread.php?t=38431, harryfrank is right and this update http://support.microsoft.com/kb/889527/en-us is installed on every remote and internal machine running XPProSP2. But if one user wants the firewall On what are the key ports to forward at the XP Firewall???

    C) VLANS, Wireless and VPN

    Two VLANS, two SSID's, one for internal wired desktop and laptop access via SSID1 and other for the clients just with WAN acess ... everyting works but vpn,

    We would like to establish wireless VPN conections for the internal laptops, we can make the connections via QuickVPN at SSID1 and 2 but we cant map any shared folders and we already tried to disable firewalls but with no success ... any clues?

    And we have to manual disconnect in the router the internal VPN clients connections, wired and wireless, already disconnectd in QuickVPN.

    Sorry for the bad english and tanks,
  2. Detail_PT

    Detail_PT LI Guru Member

    Four days and no reply to the questions!!!?¿ :(
  3. ifican

    ifican Network Guru Member

    Sometimes it just takes a little while for the right person so see it, and sometimes we just dont know. In this case i know a little:

    A) This is an issue that has been reported, and i have not heard a fix as of yet. Also from what i have read if you press "ok" when that second message pops uWep it will disconnect the session.

    B)I have no idea what ports get used for file sharing, but if you input the subnet or the ip of the machine connecting as a trusted ip or subnet then it should work.

    C)My guess is you are trying to map the folder via the name and not the ip, Qucikvpn has an issue passing netbios traffic. So try it with the ip/foldername, this we know works.
  4. Detail_PT

    Detail_PT LI Guru Member

    A) We dont knew if this is an isolated case but if we press "ok" when the second message pops the session stays connected. But in this case i'll recomend a "let it stay and do nothing" for the second message.

    C) We always map with the UNC of the share "\\99.99.x.x\sharedfolder", with no success from the LAN side!!!
    Another strange behavior in the LAN side is the fact that, we can establish the session's from the LAN's laptops, but we can't map any shares, we close the session in quickvpn but if we check in the router's GUI the user connection is still active and we have to manual drop it. Note that from the WAN side the users can establish the sessions, map drives (not firewalled) and the router automatically drops the session when the quickvpn user end's it.

    Tanks for the reply ifican!
  5. ifican

    ifican Network Guru Member

    Ok i had to re-read this several times but it sounds like you are trying to create the quickvpn sessions initiated from the lan machines so you can access the other vlan. Is this correct?
  6. Detail_PT

    Detail_PT LI Guru Member

    VLAN1 - Internal Wired machines and SSID1 for internal laptops.
    VLAN2 - SSID2 for clients/visitors laptops (vlan2 clients just have wan/web access and dont see vlan1 machines)

    We are trying to create quickvpn sessions, in VLAN1, from the internal laptops connected through SSID1.
    We are just trying to create extra secure vpn/wireless transmissions for the internal laptops.
  7. kingvj

    kingvj Network Guru Member

    creating VPN tunnel through the same router for different VLANs? I dont think that'll work. If yes, then its way over my head..!!!
  8. grimbeaver

    grimbeaver LI Guru Member

    I'm not a pro here but I'll throw out some thoughts...

    This seems like a routing nightmare. So basically your laptops have two IP addresses in the same range on VLAN1, the normal IP via wireless and the VPN IP. I have to wonder if using the VPN client in this way is screwing up some routing tables on your client, perhaps turning your connection into a loopback of sorts. Either way it sounds like you loose your path to the router (and network) which I assume is why disconnecting QuickVPN doesn't show the client disconnected on the router. Perhaps someone who knows Windows routing tables could help more.

    So if you connect a laptop to SSID1 and don't start the VPN can you connect to the shares?

    Where are the shares located? A server (win svr, linux, etc) or another networked computer (win xp, vista, 2k pro)?

    Not sure if this will help but it shows that file sharing for WinXP is on port 445:

    If you are looking at the XP firewall exemptions list there is usually an entry for File and Print Sharing.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice