Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Lancerguy, Feb 21, 2006.

  1. Lancerguy

    Lancerguy Network Guru Member

    OK, here we go, problems with VPN just like everyone else :) I'll explain the WHOLE THING to you first.

    Site A HAD Cox Cable Dynamic IP (but it NEVER changed)
    Site B has a static IP address.

    Site A has BEFSX41 w/ 1.50.18 firmware.
    Site B has WRV54G w/ 2.37 firmware.

    Site A initiates the VPN to Site B, Site B being the one needing to accept the connection.

    This configuration worked fine. Set up for specifying Remote Subnet and Remote Gateway IPs with default settings for everything else (DES, MD5, PFS enable, 3600s life)

    Site A has moved to DSL. I couldn't get it to work, so we are now paying for a static IP with Centurytel DSL. Centurytel's Static IP settings are supposed to be as follows they say:
    Subnet Mask:
    And NO, that is NOT a typo. Wierd huh? So I told them my BEFSX41 won't do that, and they said essentially said sorry, nothing we can do.

    I unplugged the router and hooked directly to the DSL modem (Netopia) so the PC gets a 192.168.1.x FROM the modem, and the modem has the external address. Centurytel claims this setup works fine for all their other customers using VPN and it is just something I have set up wrong.

    At this point, I have tried setting up QuickVPN, but it wants me to change the IP settings on the WRV54G end to a 10.x.x.1, and i can't do that with the UNIX server that is set up there as it is pre-configured and we do not have access to any settings. So I downloaded Greenbow, and am still having no success after following the Greenbow setup guides that are stickied.

    Any advice, i think I gave you all the information i could think of.
  2. TazUk

    TazUk Network Guru Member

    That wont work as site A is the one trying to initiate the tunnel :( It will send packets out using what it thinks is it's public IP, but because it's behind the DSL modem it will be a 192.168.1.x address. The WRV54G will then try and send a reply back to this 192.168.1.x address but will of course fail.

    Can you not have it with site B initiating the connection?
  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    In addition to what Taz has already said, you need to change the lan ip of the wrv54g as soon as you take it out of the box

    Everyone generally leaves their router at the default lan ip setting at the time of purchase. To eliminate any possibility of one vpn endpoint router having the same internal lan ip as another (thus effectively killing any chance of a successful vpn connection), Linksys took this into consideration, thus, when you enter your first vpn client "while maintaining the default lan ip," it forces the change of your lan ip scheme to guard against this.

    In short, change your lan ip to whatever ip range your unix box is running on, and you won't be prompted to change it again when you add your first vpn client.

  4. Lancerguy

    Lancerguy Network Guru Member

    Well, I was working at site A, with the DSL, and I ended up removing the BEFSX41, and using the Modem as my router, and then I started back at QuickVPN. I set it up exactly as follows the guide, but couldn't get it to work. I went through all the troubleshooting and firewall tips, made sure there was no other VPN software, etc. Finally, I was browsing the Linksys Support section and I found the troubeshooting QuickVPN section. The things that I added were the Domain Name (it said anything.com or .net etc will work) and I lowered the MTU on the recieving WRV54G router to 1400, and it worked. I don't know which thing fixed it, as I am contracted on a per hour, and they were happy to see me go as soon as it was fixed :-P

    As for the subnet, it HAD to be 192.168.1.x because of the pre-configured unix box on that segment, so, what I did was change the IP, add the user, then change the IP back to it's original setting and it worked fine. I then made sure the other end's IP was on 192.168.2.x so it wouldn't interfere. Works like a charm!

    Just wanted to let you know what I got working. Thanks for the help though!

  5. DocLarge

    DocLarge Super Moderator Staff Member Member

    Nice one!! That's my fault; I forgot to include the domain name portion in the guide (80% of what's on Linksys's quickvpn troubleshooting page came from the quickvpn setup guide). Thanks for the reminder... :thumb:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice