Unanswered Question
Feb 23rd, 2010
User Badges:

Recently i purchased and setup a WRVS4400n for vpn access.  I am able to connect from my home PC (XP) using the quickvpn client.

2 Questions.

1.  is there a quickvpn client for MAC and if not, any ideas what my options might be?

2.  is there a way to connect using vpn without the quickvpn client (I do this with 2 other routers using pptp - RV042 and RV016).

Thanks you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Diesel3737 Tue, 02/23/2010 - 11:00
User Badges:

Can the RVoxx series of routers which support pptp service MAC clients using native MAC tools (as in Windows) or does a pptp connection through a MAC to a RV0xx router require a client?


Diesel3737 Fri, 03/26/2010 - 10:20
User Badges:

Unfortunately I cannot connect via a MAC client.  Multiple errors received.  So, i"m certain its somewhere in the configuration between the router and the client:

Info from Log:

Initiated connection CISCO
phase2 negotiation failed due to time up waiting for phase 1.  ESP 76.67.xx.xx{500}-> 10.196.XX.XX

Does the WRVS4400n support any MAC vpn client (either shareware or purchased) that does not have a configuration such as this.  I cannot figure out where I have inputted the incorrect data.

Diesel3737 Fri, 03/26/2010 - 13:07
User Badges:

After some more attempts, I believe i'm getting closer, yet I am now recieving this error:

IKE error that "none message must be encrypted

Any thoughts?  Thanking everyone in adavnce.

Alejandro Gallego Sun, 03/28/2010 - 22:39
User Badges:
  • Cisco Employee,

I need to clean up the documment because it is not as clear as I thought originally.

Make sure you go to page 7 and follow the instructions from there on. 

You will give your Mac an IP address that is not valid on either network, so choose wisely. DO NOT give your client an IP from the network you wish to access.

If you still have problems after following the steps from page 7 - 12 post again with errors and we will get you connected.

Diesel3737 Mon, 03/29/2010 - 06:58
User Badges:

Thank you for responding.  I used as in your example as it different from the LAN ip's at home or the office.

Local Side:
Endpoint Mode: (i used this address is it is not on my network at work or home)

Remote Side:
Network: What is to be entered here? (Should this be my internal lan at the office? - the internal IP of the router is
Netmask: 24


Alejandro Gallego Mon, 03/29/2010 - 07:03
User Badges:
  • Cisco Employee,

sorry i meant to answer that directly. Yes, in the Network section you will enter the network ID of your remote network as you stated, net mask 24.

Diesel3737 Mon, 03/29/2010 - 07:07
User Badges:

I will try it shortly.

For the Remote Side:

Can I use the ddyns name or do I have to put in an ip address?

Remote IP Sec Device: jrint.gotdns.com (this is the FQ name - i am using ddyns)

Also, if I use a FQDN, do I have to configure the tunnel any differently (on the WRVS4400n).

As in Page 8 of your documentation and put IP plus FQDN or leave it as IP only for Local Security Gateway type.


Alejandro Gallego Mon, 03/29/2010 - 07:35
User Badges:
  • Cisco Employee,

You can use the FQDN, on IPSecuritas of your WRVS. You should also change the tunnel mode from Main mode to Aggressive, but do not make the same change on the router. Setting the mode to aggressive will give the application more time to resolve the name and connect without timing out.

Diesel3737 Tue, 03/30/2010 - 07:16
User Badges:

By default Aggressive mode on the router was checked.

Should it be unchecked?  Should NetBios Mode be checked or niether?

Remote Group Setup

Remote Security Gateway Type:IP OnlyIP + Domain Name(FQDN) AuthenticationAny
Domain Name:
IP addressIP by DNS Resolved
. . .

This Gateway accepts requests from any IP address.
Remote Security Group Type:IP Addr.Subnet
IP Address:
. . .
This Gateway accepts requests from any IP address.
Subnet Mask:
. . .

IPSec Setup

Keying Mode:IKE with Preshared KeyManual
Phase 1:
Authentication:MD5 SHA1 
Key Lifetime:

Phase 2:
Authentication:MD5 SHA1 
Perfect Forward Secrecy:DisableEnable
Preshared Key:
Key Lifetime:
Encryption Algorithm:
3DES  (3DES: 24 ASCII)
Encryption Key:
Authentication Algorithm:
MD5 SHA1  (MD5: 16 ASCII SHA1: 20 ASCII)
Authentication Key:
Inbound SPI:
           (HEX 100-FFFFFFFF)

Outbound SPI:
           (HEX 100-FFFFFFFF)




Aggressive Mode
NetBios Broadcast

Alejandro Gallego Tue, 03/30/2010 - 12:53
User Badges:
  • Cisco Employee,

ok, first off; do you have the DynDNS auto updater isntalled on a network conputer or enabled on the router?

two; under General (IPSecuritas) you are going to specify your FQDN (jrint.gotdns.com) for Remote Device and set MODE to Aggressive, under ID the remote identifier will be set to FQDN and enter your FQDN.

On the router,

aggressive should not be checked because we are trying to trick the router to be a responder, not an initiator.

from the log file, it looks like you are not resolving your domain name (jrint.gotdns.com). since you are on DHCP make sure your FQDN is updating properly.

right now "jrint.gotdns.com" is not resolving to an IP address.

Diesel3737 Tue, 03/30/2010 - 13:17
User Badges:

My dydns is actually "gtkint37.gotdns.com" and it is working because I can connect to it for manageability.  So, the dydns is working and it is configured on the router properly.

I will check the other 2 on the client and update accordingly.

Thanks again

Diesel3737 Tue, 03/30/2010 - 13:35
User Badges:

Just to note ... I can use the gtkint37.gotdns.com when connecting via QuickVPN

Alejandro Gallego Tue, 03/30/2010 - 13:47
User Badges:
  • Cisco Employee,

if you are still not able to connect export the IPSecuritas settings and send them to me via IM. Please also post when you give this another go.

Alejandro Gallego Wed, 03/31/2010 - 11:39
User Badges:
  • Cisco Employee,

From the looks of the screenshot, we are not resolving the name or the router is not configured correctly. Take a look at the document again and try again. You can send the config files via IM here in the forums, just click on my avatar and send an email.

After you take a look at the router configuration let me know and we will go from there.


This Discussion