RVS-4000 and its subnet mask settings error (remote security group and...)

Unanswered Question
Jul 27th, 2009

Hi there,

Internet connection is ok, but VPN doesn't go through.

The VPN log states "Invalid_ID_Information". I understands this as incompatible IP-address and/or subnet mask.

Jul 25 02:14:28 - [VPN Log]: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}

Jul 25 02:14:28 - [VPN Log]: "xxxxxx" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK+UP {using isakmp#4}
Jul 25 02:14:28  - [VPN Log]: "xxxxxx" #4: ignoring informational payload, type INVALID_ID_INFORMATION
Jul 25 02:14:28  - [VPN Log]: ""xxxxxx" #4: received and ignored informational message
Jul 25 02:14:39  - [VPN Log]: "xxxxxx" #4: ignoring informational payload, type INVALID_MESSAGE_ID
Jul 25 02:14:39  - [VPN Log]: "xxxxxx" #4: received and ignored informational message
Jul 25 02:14:45  - [VPN Log]: packet from xxx.xxx.xxx.xx:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA

Headquarter requires us to set up VPN via IPSec with the IP range of the headquarter (192.168.0.0/16, thus 192.168.0.0; 255.255.0.0)

Since our local network is in the network range 192.168.5.x, I try to configure RVS-4000 VPN settings to 192.168.5.0; 255.255.255.0.

RVS-4000 gives an error: "Remote Security Group and Local Security Group can not be in the same network"

So I change the local configuration to "IP only" 92.168.5.0 from "IP with subnet", the rvs4000 seems to send a signal as 192.168.5.0/24 which is equivalent to 255.255.255.0, but still no avail.

Is there any suggestion to solve this VPN connection problem?

TIA,

go4ecs

RVS-4000 is behind Thomson 510i ADSL modem. The Thomson ADSL is configured to DHCP Spoofing so that WAN address is mapped to VPN router RVS4000. The RVS4000 VPN configuration page shows the correct WAN address for VPN connection.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
David Carr Tue, 07/28/2009 - 06:33

All linksys routers have a product limitation that limits them to class c addresses.  I looked at a number of our vpn routers and they all come up the same with the subnet being class C.

go4ecs2009 Tue, 07/28/2009 - 15:20

Thanks for your reply.

If all VPN routers from Linksys limited themselves to Class C addresses, why my configuration was accepeted?

Remote: 192.168.0.0 (255.255.0.0) => Class A?

Local: IP only 192.168.5.0

but not Local: 192.168.5.0; 255.255.255.0

Anyway I shall inquire the headquarter whether they can adjust their IP ranges "192.168.0.0; 255.255.0.0" to such as "192.168.2.0; 255.255.255.0"

thank you.

go4ecs

Actions

Login or Register to take actions

This Discussion

Posted July 27, 2009 at 3:34 PM
Stats:
Replies:2 Avg. Rating:
Views:3440 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard