WRVS4400N VPN Problem.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Electroinvestigator, Jan 9, 2008.

  1. Electroinvestigator

    Electroinvestigator LI Guru Member


    I am having probelms establishing a VPN tunnel (Quick VPN or LAN-LAN) on the WRVS4400N.

    I have the router connected to a ADSL line via a AM200 modem. As the half bridge mode VIA DHCP mode apears to (still) not work on the latest firmware (It sets all the correct external IP adresses but give an incorrect internet subnet mask) and i cannot set my setting static on the WRVS becase it seems to require that the internet IP and gateway are in the same subnet, I am using the DMZ workaround.

    So, the WAN port on the WRVS has a local ( address.

    Does this stop the VPN negotiating correctly?

    With the qucik vpn client i get the checking network lockup, and with a lan to lan connection the log says "no setting for connection from Ip

    I can buy another modem on which half bridge mode actually works, but it would be great if someone could confim this is in fact a problem.

    Thanks, in advance,

  2. Electroinvestigator

    Electroinvestigator LI Guru Member


    Is it safe to assume that everybody with a working VPN to a WRVS4400N has their internet IP on the router wan port with no upstream NAT?


  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    Come again????

    Is your WRVS4400N behind another router? If it isn't, then the WAN port should have the WAN ip address assigned to you from your ISP. If your WAN port has a 192.168.xx.xx address, it's behind a NAT router, non? :)

    I've had tunnels running from a WRV200, WAG54G, and WRV54G (all tunnels NAT enabled) and there hasn't been too many issues making the connections.

    Ideally, your LANs "should not" have the same LAN ip's. Example: LAN for tunnel A could be 192.168.1.xxx and the LAN for tunnel B could be 172.16.5.xxx.

    What are the tunnel ip's for your current LAN's?

  4. blake_

    blake_ LI Guru Member

    I can't see an option for NAT traversal in the VPN settings, if your WRVS4400N is behind another NAT device then this is probably the option you are looking for.
  5. Electroinvestigator

    Electroinvestigator LI Guru Member


    Fist, thank you both for your replys and sorry for not being clear.

    The wrvs is behind another router, an linksys am200 modem. As such it does not have the WAN ip address on its WAN port. This is beacuse i am unable to get the AM200 working properly in half bridge mode.

    So, the WAN port of the wrvs has a ip of, which has been set as the dmz in the am200. The firewall of the am200 is also disabled.

    I understand that NAT transversal is required, and this is listed in the features of the wrvs, however i also can find no setting for this.

    so, my question is:- Is the vpn not connecting due to the NAT in the am200 adsl modem.

    Many thanks for your help and patience.

  6. Electroinvestigator

    Electroinvestigator LI Guru Member

    Sorry DocLarge,

    In response to your question, all lans are on different subnets. I.e 192.168.XX.


  7. blake_

    blake_ LI Guru Member

    In the RV082 NAT-T is an option under advanced VPN settings.
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    Have you enabled NAT-T as blake suggested? Also, if you're using the "192" subnet range, are you ensuring the LANs are broken up as such:

    Site A -
    Site B -
    Site C -

  9. Electroinvestigator

    Electroinvestigator LI Guru Member


    Although NAT transversal is listed as a feature, there are no settings for it in the firmware. It is not on the VPN page or under advanced VPN. I have seen this feature on other linksys vpn routers, but is is absent here.

    I can confirm that your IP adressing example is indeed the case. There are no subnet conflicts that i can see.

    In the absence of a NAT transversal feature i have concentrated on getting my internet ip on the wan inerface of the router.

    I now have a modem which works properly in half bridge mode, however the wrvs will not accept my internet settings.

    If i try to set them manually, the router says that gatway must be in the same subnet as the interent address (it is not)

    If i set the router to dhcp the settings fom the modem then the default gateway is left blank.

    If i use a laptop set to dhcp direcly from the modem, everything is fine, i get

    82.69.71.XX mask

    and gateway

    ( DNS is fine)

    My isp says the mask should be (which seems more right to me, but this will not work if set as statc on my test computer, and the router will not accpet this ether, same error)

    So to claify, The WRVS router will not accept, ether staic or dhcp, my internet settings, as obtained by connecting a computer set to dhcp and conected directly to a modem in half bridge mode and doing an IPCONFIG /ALL.

    Am doing something wrong here or is this a "freature" of the firmware.


  10. DocLarge

    DocLarge Super Moderator Staff Member Member

    Unless I'm missing something (which does happen) is a broadcast address, therefore I don't see why your ISP said that's what your mask should be.

    What are you using as a modem? Once that device is bridged, it should be routing all of your traffic to your WRVS4400N. If it's not, then this may mean your modem is still handling your routing, which appears to be the case if you can connect your pc directly to it and get out to the internet.
  11. Electroinvestigator

    Electroinvestigator LI Guru Member

    Ok, I have made some progress :)

    I had not previoulsy considered using full bridge mode as the wrvs does not support ppoa, however i was missing something.

    If your isp is ppoa, but you put your modem in bridge mode then the ppoe setting works on the router.

    so, after trying to get half bridge mode working for ages, full bridge mode is now implimeted and i have my internet address directly on the router.

    Now to try the VPN......

    And yes, it does have a mask, which i believe it needs as my ISP's gateway is on a totally diferent subnet.

    I will post back when hopefully i get the VPN to connect.


  12. DocLarge

    DocLarge Super Moderator Staff Member Member

    Good stuff!!

    I had to run my WRV54G behind a linksys adsl2mue that was in "bridge mode" so I could get the ip on the 54g. VPN tunnels ran great, however quickvpn was a loss because the firewall on the 2mue was still live to include the SPI firewall on the 54g(blocked the IPSEC packets therefore I got the dreaded "verifyng network" error).

    I'm still curious about your subnet mask though...
  13. mstombs

    mstombs Network Guru Member

    The full netmask means the IP address is on its own at the end of the tunnel, no subnet. You cannot enter it manually in windows, but it is understood when passed by dhcp (by windows or recent Linux Os's), many routers don't like it as they expect the Gateway to be in the local network, so some modems have modes where they 'spoof' the netmask and/or gateway and hide this.

    WRONG! you cannot bridge PPPoA like this, this means your ISP also supports PPPoE (UK BT routed ISPs are often like this but unbundled LLU are often PPPoA only).

    There are a couple ADSL modems that will convert PPPoA to a new PPPTP tunnel (various Speedtouch and "Draytek Vigor 100 true ADSL Modem" for example) .
  14. DocLarge

    DocLarge Super Moderator Staff Member Member


    I'll have to chime back in on this one. YES!!!! You "can" set a modem to bridge mode (if it is on a PPPoA connection) and then set an ethernet router (i.e., WRV54G, WRV200) to PPPoE and enter the ISP's credentials into the router and successfully negotiate data transfer from the ISP.

    As I stated before, I have done this with success. My Linksys ADSL2MUE was my initial device I used to connect to the internet when I moved to London, UK 3yrs ago. I plugged my laptop into the USB port for a while; when someone "hipped" me to bridging the MUE in order for me to use my WRV54G, I was told to then set my 54g to "PPPoE" and enter my ISP's credentials (ie., username/password). Additionally, I had to "manually" type in my WAN ip settings (ip address, subnet mask, gateway) in order to make the connection; fortunately for me, I had a static ip address.

    So, yes, you can bridge a modem running on a PPPoA connection and then set your ethernet router to PPPoE and connect to the internet (at least in the UK, per my experience :) ). Now, there does exist the possibility that not every linksys router can do this.

    Oh, I'll also again add that I was able to set up IPSEC VPN tunnels and negotiate back and forth successfully.

  15. Electroinvestigator

    Electroinvestigator LI Guru Member

    Hi all,

    To clarify, for others wanting to go this way.

    My ISP is Zen. I was using a Linksys AM200 Modem but the bridge/half bridge mode on this modem/router does not apear happy to work with the WRVS4400N.

    Since I changd to a speedtouch 516 V6 Full briged mode workes well.

    I still cannot get the Quick VPN to connect though. I still get the verifying network error.

    Looks like i have another problem somewhere.......... :confused:

    The investigation continues......

    Best regards to all,

  16. DocLarge

    DocLarge Super Moderator Staff Member Member

    Quickvpn may be failing for the same reason my attempts did also... Even the I had my Linksys adsl2mue in bridge mode and my wrv54g was connecting to the internet (along with having vpn tunnels established), the MUE's firewall was still opertational. "This" is where I believe the quickvpn problem arose due to the packet hitting the MUE's firewall and then trying to connect to the wrv54g.

    Try downloading a copy of "wall watcher" to see what happens when you make the connection the next time...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice