WRVS4400N Troubles with VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Diggit2001, Feb 29, 2008.

  1. Diggit2001

    Diggit2001 LI Guru Member

    Hello there. I was previously working with 2 WRV54G routers and had my site to site VPN working great. I did find the LAN DHCP server/scope options extremely limited so I decided to get 2 WRVS4400N routers to replace them since I saw that the DHCP scope options were much more configurable. Well, I can't establish my VPN anymore, and it's starting to get a bit frustrating. I have everything connected the same way that I had the WRV54Gs but I notice that the configuration in the WRVS4400N is slightly different. For one, I now see this Local and Remote "Security Gateway Type" which I did not see on the old routers. On my headquarters router (I have 1 at HQ and one at a remote branch office site) I have "IP only" selected for both local and remote and the IP address for the local side defaults to the IP I assigned to my WAN side. Under the remote side (still on HQ router), I have "IP address" selected from the dropdown but in the field next to it, I'm not positive which IP I should be putting in there. Underneath that, for "Remote Security Group Type", I have "any" selected as there will eventually be more than one branch office connecting in with another WRVS4400N. I have verified that the IPSEC settings are the same on both routers and I have not touched anything under Advanced Setup.

    On the remote router at the branch office, I have the following set:

    Local group setup:
    Local Security Gateway Type - IP Only
    IP address - this is defaulted to the static WAN ip of this router
    Local Security Group Type - Subnet
    IP Address -
    Subnet Mask -

    Remote Group Setup:
    Remote Group Gateway Type - IP Only
    IP Address - (WAN IP address of HQ router)
    Remote Security Group Type - Subnet
    IP Address - (This is my HQ subnet)
    Subnet Mask -

    Oh yeah, I am running firmware version 1.1.03 on both routers.

    Does anyone have any idea what I'm doing wrong here? I'm so confused! :confused:.

    Thanks! I appreciate the help.
  2. Diggit2001

    Diggit2001 LI Guru Member

    OK, I at least got the VPN tunnel established but I had to change my HQ router settings. I now have this in my "Remote Group Setup":

    Remote security Gateway Type - IP Only
    IP Address - (WAN ip address of remote site router)
    Remote Security Group Type - Subnet
    IP Address -
    Subnet Mask -

    I wanted this router set up to accept connections from "any" since I'm planning to roll out a bunch of remote sites that will talk to it, but with stuff configured like this, obviously it only accepts from that single address. Is it possible to configure it to accept from "any"?

    I appreciate any information anyone can provide.
  3. Diggit2001

    Diggit2001 LI Guru Member

    So does anyone know if it's possible to configure the WRVS4400N to accept VPN connections from any other remote site? I did this with the WRV54G successfully, but can't make it work with this 4400.

  4. Diggit2001

    Diggit2001 LI Guru Member

    OK, so under "remote Group Setup" on my HQ router, I changed the drop down box to "IP by DNS resolved" and put in the full DNS name of this router and changed the "Remote Security Group Type" to "Any". My VPN tunnel went down and won't come back up. I am hosting my my own DNS and I verified that a record exists for this router.

    Am I on the right track here, or am I getting colder?

    You ever get the feeling you're talking to yourself?
  5. Diggit2001

    Diggit2001 LI Guru Member

    If it helps, this is the log at my remote site when I hit connect:

    I have verified that all IPSec settings are the same on both ends......
  6. Diggit2001

    Diggit2001 LI Guru Member

    And this is the VPN log on the HQ router:

    Any insight is greeted with open arms. A big bear hug, actually.
  7. DocLarge

    DocLarge Super Moderator Staff Member Member

    Sorry for the silence. I'm in the middle of moving house.

    Take a screenshot of the page(s) that you use to configure the vpn tunnnels. This will give us a start...
  8. Diggit2001

    Diggit2001 LI Guru Member

    Thanks very much for the response. I was getting lonely in here. :biggrin:

    OK, this is how I configure the router on my HQ side to accept connections from "any". The status of the tunnel remains down with it like this.


    If I change the tunnel's Remote Security Group Type to subnet and specify the LAN of one of my remote sites, the tunnel comes up fine.

    Thanks for the help.
  9. Diggit2001

    Diggit2001 LI Guru Member

    I would like to clarify/expand on something. We already have 20-30 remote sites up and running. Each one has its own internet connection provisioned from a local cable/DSL provider. Very few of them have static IP addresses. Each site is using a different subnet. I just want to get a site to site VPN working from each site back to HQ.

    Someone on the Linksys main forums told me that the WRVS4400N will only support up to 5 tunnels and that I'd need to run a "bank" of these routers to accommodate all the tunnels. Does this sound right? If so, I'm going to have to look at other options.

    Thanks much.
  10. Diggit2001

    Diggit2001 LI Guru Member

    OK, like an idiot, I assumed that, since the WRVS4400N was more expensive than the WRV54G that it would do everything that the lesser router would do plus a few other handy features. You know what they say about assuming......

    It looks like the WRVS4400N supports 5 VPN tunnels and the WRV54G supports 50. This makes absolutely no sense to me but since this information is spelled out specifically on the different routers' data sheets, I can only blame myself.

    What I've decided upon is putting a WRVS4400N at each remote site and putting a WRV54G at Headquarters. I only need to create a single tunnel at each remote site, so this sounds like it will work perfectly. The WRV54G is easy to set up to accept connections from "any" and I knew that all along so this solution seems pretty obvious. Not sure why I didn't think of this sooner, to be honest. In my testing, I have been able to create the tunnel between a remote site and the branch office, but for some reason, it only remains up for about an hour at the most, then it goes down and I have to disable the tunnels on each router, restart them, start up the tunnel on the HQ router, then start the tunnel on the remote router. This seems to do the trick about 50% of the time. The other 50%, I repeat the process or try mixing up the order of this process and it eventually comes up. Sometimes.

    This configuration is definitely not ready for prime time but I'm still working on it. Hopefully I can figure out what the problem is. I know it's probably unreasonable to continue to ask for help from the forum since there really hasn't been much help up to this point, but I will continue to post my progress in the hopes that some other poor soul will have this same problem in the future and happen upon this thread.

    Thanks. or Not.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice