RV120W - VPN behind DSL modem

Unanswered Question
Sep 16th, 2010

Hello to anyone who can help,

I'm trying desperately to get my RV120W to establish a VPN connection.  The goal is to let clients access via VPN client - do not need to do anything site to site.

Due to constraints at the site, our only option is to place the RV120W behind a DSL modem, which is an Actiontec PK5000 provided by Qwest.

Nuts and bolts of what I've done so far;

  • DSL modem has its own LAN side, obviously - its living at 192.168.0.x.  LAN side of the RV120W is 192.168.3.x
  • enabled IPSEC passthrough in the DSL modem to the RV120W's IP address (192.168.0.2)
  • used the VPN Wizard to create the IPSEC policies, including a shared key. 
  • Created a username/pw
  • attempted to connect to the VPN through QuickVPN client (from Win7-64bit, for what its worth).  Failed to connect.  Firewall is enabled, so its not an issue of IPSEC being disabled.
  • Enabled RIP v2 on the DSL modem (as suggested by the modem configuration in situations where there is a gateway behind the dsl modem)

So - I'm not sure what I'm doing wrong, or if I'm battling a situation where it simply cannot be done.  This seemed like a pretty simple configuration - I'm kind of perplexed as to why I'm having so much trouble with it.

I've attached screenshots of what my IPSEC policy settings are.  I've left everything at the defaults (this was at the suggestion of the telephone support from Cisco).

Some questions that I'm not able to understand from the documentation - in the policy settings, the remote endpoint defaults to a FQDN, then enters remote.com - is that simply a placeholder text that should be replaced with the actual FQDN of my site?  Or, should I be using "Local WAN IP" since I'm behind the DSL modem?

Hopefully that's enough to get started with what the situation is - I would greatly appreciate anyone who can help me walk through this.  Definitely hit one of those walls where its beyond the knowledge that I had in my head.

Sincerely,

Ryan Tow

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
youpiyeah Fri, 09/24/2010 - 23:45

Hello!

I have the same problem. It's been hours and hours that I'm trying to make it work...

Please, give us all the information on how to configure the router rv120w with a real example

In other words, what to put exactly in every field just to create a basic VPN connection.

I just want to access to the network that has that router from my Windows 7.

Thank you so much!

davbarre Mon, 09/27/2010 - 06:56

Hi Ryan,

Is it possible in your situation to put your DSL modem into "Bridge Mode"?  This will essentially turn your DSL modem into a pass through modem and pass the Public IP address over to the RV120W.  This is how we resolve these issues here at the Support Center.

The problem with the RV120W recieving a private IP address is that address is not publically routable on the internet.  If your client tries to connect to 192.168.0.2, the ISP on that remote side is going to drop the outbound attempt due to the fact that the private IP scheme is not publically routable.

Some ISP's and Modem vendors have also tried to resolve this by port forwarding these requests to the WAN side of the router.  What we have found is that that works in some instances but is not reliable so we do not recommend it and persue putting the modem in Bridge Mode.

Another thing you can do to try and determine why it's not connecting is a port scan.  Connect a PC directly to the modem and then go to https://www.grc.com/x/ne.dll?bh0bkyd2  Click on the Proceed button.  The following screen will have a link that says All Service Ports.  Click on this link.  This will now scan port 1-1025.  Use the key at the top to determine if ports 443 and 500 are being blocked via your ISP.  If they are, you will need to contact your ISP and have these unblocked.  Stealth or Filtered ports can also cause issues.  What stealth means is that the port doesn't respond to a connection with a Source IP address outside your network.  It functions similar to a firewall in that "unknown" or "unsecure" requests are denied.  However if the traffic initiates on your LAN, outbound it will allow the traffic to pass.

Lastly, if you are still having trouble please feel free to contact us at anytime at 1-866-606-1866.

Thanks

ryan.tow@gmail.com Mon, 09/27/2010 - 07:15

Putting the DSL modem into bridge mode is what I was able to do about a week ago that finally worked.  I had my ISP assign an static IP, and things work well now.

One concern I had is that even after doing this, I was unable to get the Cisco QuickVPN client to connect (on Win7 x64).  The document in the FAQ seems to point to the Greenbow client, so I installed that and was able to get it to work very well.  I guess I was wondering if using an external IPSEC client is how Cisco would recommend connecting, or if I should theoretically be able to connect with the Cisco client.

Thanks for the suggestion on Bridge mode.  FWIW - that seems like it would be extremely valid advice to put in the documentation of the RV120W - as a device that is sold to small businesses, I'd say that 50% or more of small businesses are going to have DSL modems as their primary source of connectivity.

davbarre Tue, 09/28/2010 - 13:32

Ryan,


I'm glad to hear you got it working.

In regards to the Cisco Quick VPN software and Windows 7 x64, it should work.  With Win 7 and Vista, the IPSec service has to be started and running on the PC and the windows default firewall should also be enabled.  If the service is disabled, or the firewall is off you will not be able to connect.  Please also make sure to upgrade to the latest QVPN client for x64 support.

If all else fails, please do not hesitate to call in for support at 1-866-606-1866.

I will certainly pass along your suggestion as well for the documentation of DSL modems in bridge mode.

Dave

ryan.tow@gmail.com Wed, 09/29/2010 - 19:39

Dave -

Thanks for the help.

I would very much like to get the QuickVPN thing working - as I hadn't planned on a per-client cost for this project.

So - could you point me to the page with the download for QuickVPN?  I've been all over Cisco's site, and can't find anything but the firmware update for the RV120W when I search by product.

Thanks,

Ryan Tow

Eric Moyers Thu, 09/30/2010 - 06:13

Hi Ryan, My name is Eric Moyers. I work in the Small business Support Center with Dave. If you will go to the Cisco.com website and in the search bar in the upper RH corner input "QVPN 1.4.1.2" then click search, it will bring you back several results that say Download Software for ************* Router:QVPN_UTIL_1.4.1.2.zip. (Where ************* is several of our routers) you can actually download any of these, does not have to say RV120W because the same QVPN works on all of our routers.  Hope this helps. Let us know if you encounter any problems.

Eric

Actions

This Discussion

Related Content