WRV54G site to site VPN problem

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by EyeWallInc, Feb 21, 2006.

  1. EyeWallInc

    EyeWallInc Network Guru Member

    I have purchased two WRV54G's for a client and intend to set up a site to site between his office and home. I have them on my bench with the WAN ports connected via a crossover cable, and a laptop to a LAN port on each router (Simple layout below). After entering all the pertinent VPN stuff the tunnel came up perfectly, however, I cannot hit either LAN net from the other or from the other router, via ping. I have no client firewall sswr running on either laptop, and I have disabled all fw features in each Linksys, no luck. I do have the gateway option enabled on the office router, because the client wants remote VPN access as well. I would think that the local and remote subnet configs tell the router what traffic to put through the tunnel, right? it doesn't seem to be doing this. Anyone run into a similar problem or have any suggestions?

    I work with CheckPoint firewalls and VPN's for a living and have set up S2S VPN's between my checkPoint and every other imaginable device, even Linksys, so I'm not a rookie, but I am dumbfounded and so was the Linksys tech (probably not surprising). It took me 20 minutes to explain the crossover cable and back to back WAN connection to the Linksys tech. Her best/only suggestion was to reset both routers to factory defaults and try to reconfigure, notwithstanding the VPN tunnel shows connected on both sides... GRRRRR

    Thanks in advance for any help...

    Router A

  2. TazUk

    TazUk Network Guru Member

    You have Remote Secure Group set to Subnet on both routers?
  3. EyeWallInc

    EyeWallInc Network Guru Member

    Yes, both ends are subnets with the proper masks. I noticed through forum searches that folks are disabling the VPN Gateway option, in S2S configs. Is that necessary for S2S?

    If i'm having this much trouble "back-to-back" I dread moving these things to two different locations.

  4. TazUk

    TazUk Network Guru Member

    Having the VPN Gateway option selected forces all trafic through the VPN tunnel rather than just the traffic destined for the remote LAN.

    Can you do a screen dump of both routers VPN config, making sure to hide the last octet of the public IP's ;)
  5. EyeWallInc

    EyeWallInc Network Guru Member

    can't do a screen dump now, I'm actually delivering one box to the client today. Reason being, after talking to Linksys suport, in all their infinite wisdom they told me it wouldn't work because the two routers were connected back to back, via a crossover cable. It didn't matter to them that the tunnel was established and simply wouldn't pass traffic, they/he said they have to actually be on the internet at two different connection points. Unless some new developments were made in IPSEC I didn't know that it was an internet routable only protocol and could not work if both endpoints werren't actually connected to the internet itself. GRRRR!!

    Here's what I have from my documentation...

    Enabled/diabled ---tried both

    VPN Tunnel
    vpn tunnel enabled
    vpn gateway disabled --tried both

    Remote secure group ---opposite in other router

    Local secure group ---opposite in other router

    Remote secure gateway
    IP addr. <- private net (crossover cable)

    Key Mgmt
    Encryption 3des
    authentication MD5

    PFS enabled --tried both
    preshared ****** --matches on both sides

    Advanced settings..

    DF group2 1024

    bottom section all checked --tried unchecked as well

    Also, See attachment... (Okay nevermind, won't let me upload)

    thanks for your reply...

  6. TazUk

    TazUk Network Guru Member

    That should be ;)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice