cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4524
Views
0
Helpful
14
Replies

RV042 - VPN Connection Issues

ASTechPCLLC
Level 1
Level 1

So I setup a vpn tunnel and am having an issue connecting. I have two seperate networks that I tested with. In both cases I am using the quick vpn client to connect. One network running a regular xp workstation connects fine. The other is running windows 2003 server r2 and cannot connect using the quick vpn client.

Here is the log from the router

Nov 4 10:26:26 2009     VPN Log    [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet 
Nov 4 10:26:26 2009     VPN Log    initiating Aggressive Mode #96 to replace #95, connection "ips0" 
Nov 4 10:26:26 2009     VPN Log    STATE_AGGR_I1: initiate

My VPN router/network is 192.168.1.x  . Neither of the remote networks are in that subnet. You will have to forgive me as I am working with a software vendor to get a vpn setup between our networks and I do not have direct access to the networks or machines connecting to ours. I apologize for any lack of information, pleaes feel free to ask and I will attempt to get whatever is needed.

Regards

Andrew

14 Replies 14

ASTechPCLLC
Level 1
Level 1

UPDATE:

Got the quickvpn log from the client

2009/11/04 15:29:03 [STATUS]OS Version: Windows XP

2009/11/04 15:29:03 [STATUS]Windows Firewall is OFF

2009/11/04 16:29:03 [STATUS]One network interface detected with IP address 10.x.x.x

2009/11/04 16:29:03 [STATUS]Connecting...

2009/11/04 16:29:03 [STATUS]Connecting to remote gateway with IP

address: 96.x.x.x

2009/11/04 16:29:09 [STATUS]Remote gateway was reached by https ...

2009/11/04 16:29:09 [STATUS]Provisioning...

2009/11/04 16:29:14 [STATUS]Remote gateway was reached by https ...

2009/11/04 16:29:14 [STATUS]Provisioning...

2009/11/04 16:29:14 [WARNING]Failed to connect!

Please contact Cisco Small Business at 866-606-1866 we can assist you.

Thanks

rayyoun
Level 1
Level 1

We can assist you at Cisco Small Business Support Center please call us at 866-606-1866

Thank you

I apologize but I do not have the ability to call during business hours so I need to resolve this on the forums.

I am working on setting this up with the microsoft VPN client connecting from Server 2003.

I have configured the machine I am connecting from (server 2003) as 192.168.38.x and the routers network is 192.168.1.x

I set the protocol in the client to l2tp. Remote gateway is set to allow the ip of the server 2003 (Client)

agressive mode is off.

I am getting the following errors in the log

Nov 9 10:09:36 2009     VPN Log    (NATT)Initial Main Mode message received on 96.x.x.x:500 but no connection has been authorized. Please check your tunnel endpoint (gateway) setting 
Nov 9 10:09:36 2009     VPN Log    Dynamic VPN client in Main Mode is only supported for Microsoft VPN client, please use Aggressive mode instead.

Not sure where to go from here, I AM using the Microsoft VPN client so I am not sure why it is telling me to use agressive mode, (also tried checking agressive mode but get the same error)

daviddun
Level 3
Level 3

The SBSC is open 24*7*365 fro your convenience, please feel free to call in for support

1-866-606-1866

have a great day :)

but the clients office is closed, I do mostly remote support. so I need to figure this out remotely. That IS what this forum is for correct?

So I managed to get close using the ms client.

I setup a group vpn with remote client as windows client

group2

3des

sha1

(settings as ms states for defaults)

set that for both phases, I get through main mode fine, but then it goes to quick mode and its telling me Quick Mode I1 message is unacceptable because it uses a previously used Message ID

any suggestions?

Have you made an exception in the firewall of the server to allow for Quick VPN Client? Also, what version of Quick VPN Client are you using? Just so you know, the only supported vpn client for the Small Business routers is the Cisco Small Business Quick VPN Client. It can be found here:

http://tools.cisco.com/support/downloads/go/DownloadCart.x?imageGuId=80152298E077B4886C02D46616826BF308C2CAFA&action=d

The setup is very easy. Please post your results.

Bill

I am actually attempting to use the MS VPN client as that is a requirement by the software vendor. I only have the default firewall access rule which is set to allow all traffic. I figured since I was using the vpn tunnel in the router I would not need to create any access rules for that.

I am stuck on getting this error: Quick Mode I1 message is unacceptable because it uses a previously used Message ID

As I mentioned, we only support the Quick VPN Client with our routers. The other vendor's software (yes, even microsoft) is considered best effort as we have no way to design our systems to be compatible with all vendors/software. I apologize that we are not able to find a workable solution for you.

You may want to just try the QVPN client to see if the tunnel will connect at all. If it does connect, then you know the issue is not with the router, but with your server. If it does not connect at all, then you have at least something to bring back here to troubleshoot.

Bill

problem is your quickvpn does not support server 2003 R2 does it?

You are correct with that statement. You also did say that it worked from an XP machine. This should give, at least, some hope that the RV042 is working properly. I think the fact that it is not supported is more a liability issue than a functionality issue. It might not hurt to try. Good luck with it.

Bill

we could use another rv042 as the other endpoint though?

You are correct that you could use 2 RV042s (one on each end) to configure a Gateway to Gateway IPSEC tunnel that would stay up constantly, and not use resources on the server. In my opinion, this is the optimal way to setup your network. This would eliminate any port forwarding (for the sake of the tunnel) that would need to be done.

Bill

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: