Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

REASONS YOU CANNOT CONNECT WITH QUICKVPN

Hey everybody

I found an interesting document in the web, you could download it here and also take a look on this document https://supportforums.cisco.com/docs/DOC-29399

                                  QUICKVPN CONNECTION FOR WRV54G/RV0XX SERIES ROUTERS 

NOTE:  There may be variances in some areas of web interface, but this document is proven to work!  •J •J

ON THE WRV54G/RV0XX ROUTERS:

1) Setup Page

Internet Connection Type: Automatic Configuration (DHCP)

MTU: Auto

DHCP Server: Disable

Time Setting: (GMT) England   [Obviously set this to your own zone or leave at default]

NOTE:  If your ISP has recently changed from “data” to “ipstream” you may have to change the MTU from “auto” to “manual” in order to allow vpn data transfer.  A common symptom of change in Ethernet technology is when you try to transfer information across a tunnel and you get “Network is no longer available.”  In this instance, the MTU is set “too high” (i.e., 1492) and isn’t able to “pass through” the segment at the distant end.  Think of a 6 foot tall man trying to fit through a door made for a 4 foot child.  By adjusting the MTU to suit the situation, you now have a means of assuring data gets through. (Doc/1 Aug 05)


2) Security ---> VPN Page

Ipsec: Enable
PPTP: Enable
L2TP: Disable

NOTE: This goes away from previous advice I’ve given but we’re trying something new. People were able to connect before, so this slight change really shouldn’t alter that much.  Furthermore, the 50 vpn tunnels that come with the WRV54G/RV0XX routers are designed to work with third party vpn clients (i.e., SSH Sentinel, Greenbow, Logmein, etc...) and "not" with quickvpn.  Quickvpn handles all aspects of negotiation by itself (now that the mystery is solved, it's a clever little tool to me :))

Also, in the WRV54G/RV0XX manual, where it shows you how to create an IPSEC policy, if you're using quickvpn, this, by default of installation is already done for you by Quickvpn (look in the Program Files\Linksys\Linksys VPN Client directory on your computer and you will see this.)  If you are "not" going to use Quickvpn, you could try this (yes, some people have been able to do it). Also, as noted by Chris Watts (a..k.a. Chris547), quickvpn uses a randomly created pre shared key everytime it connects.  I think I may love quickvpn now...

Remaining settings on this page should be disabled.

3) Access Restrictions:

- Start off by using a simple name and password combination such as

username: test
password: tester

4) Apps & Gaming

"NO" vpn port forwarding settings of any kind (500, 1701, 1723, etc...) are required for quickvpn to work. It establishes its own tunnel.

Additionally:

- Try using firmware 2.37.13, 2.38 (you can download 2.38 from linksysinfo.org), or 2.38.6.  I’m currently using the 50 user license upgrade from Linksys (firmware version 2.37E) and it works perfectly!

- SNMP & UPNP are disabled.

- Make sure the ipsec service under settings is started.  If you’ve ever loaded SSH Sentinel, SSH knocks ipsec offline and you never even know it unless you happen to be checking services to see why your tunnel doesn’t come up (I found this information out surfing forums).

- "DO NOT" have any other vpn application "LOADED" on your machine other than quickvpn; even if you have another vpn application loaded and its process is shut off in the back ground, quickvpn still "will--not--run" if it's loaded.  If you happen to be able to do this, you're quite fortunate, otherwise, load quickvpn only to avoid conflict.

- Disable any firewall that you currently have running for the moment (again, we're establishing a baseline). I use Norton Internet Security 2003 and can connect to Dave's vpn segment with my firewall up so you might want to consider a new firewall in the event you can't connect with your current firewall running. Incidentally, when I’m at a wireless internet café, I have to drop my firewall on my laptop to make the connection to vpn, but I’m sure this is just something to do with how the router policies of that local business’s router are enforced.  Other than that, I connect to a remote vpn host (from my home”) with my firewall up.  Once you’ve made the connection, just turn your firewall back on.

- Copy and paste this link into your browser to get your WAN IP address if you don’t know it for sure (http://remote.12dt.com/rns/) to place in quickvpn's "Server Address" field.

Here's one more thing. Copy and paste this link into your browser (http://www.dslreports.com/drtcp).  This application will allow you to adjust the MTU setting of your NIC "on the fly" if you bump into a problem with the MTU causing tunnel drops.  Make your MTU setting "On The Client" 1458 “if” there are problems with tunnel connectivity.

                                                      REASONS YOU CANNOT CONNECT WITH QUICKVPN (NEW)

1) The quickvpn client is not the only vpn client loaded on the client machine.

2) MTU on the WRV54G you are connecting to isn't set at "auto" and/or the packets being sent from the client computer are too large (should this be the case, download "DrTCP" and set the MTU of the client's NIC to 1458). Additionally, it doesn't hurt to check and see if the MTU on the client router is set at "auto" also.

3) You are trying to connect through a dialup or ISDN connection.
NOTE: I have never been able to connect from a dialup/ISDN connection with quickvpn. More power to those who can.

UPDATE: Recently, someone was able to connect over dialup in a highly "unusual" manner   Basically, when connecting over ISDN, quickvpn hangs at “verifying network” but it will still negotiate the ip security portion and allow you access to your LAN.  The only way to close the connection is to terminate it through task manager.

4) The firewall software on your computer is registering the "ACK" conversation from the distant-end device (wrv54g) as an "Invalid ICMP Type." In this instance you can either "shut down" the firewall for the session or, as I've done, uninstalled my firewall software (NIS 2004) and quickvpn, then reinstalled both (Norton first followed by quickvpn). After that, launch quickvpn, and once Norton detects it, it establishes all the proper rules to allow it to pass through the firewall. Hopefully your firewall software should do the same.

In the case of #4, I never caught this until I noticed after reloading one of my computers, I had to drop the firewall on one of them to access "the same damn share" as the others, but I didn't have to bring the firewall down on any of the others except that one particular machine.

5) IPSEC Passthru is not enabled on the client/distant end router.

6) You have communication software loaded that is preventing quickvpn authentication with the wrv54g router

Note: I loaded software from motorola cellphone that installed its own "liveupdate" software that blocked quickvpn from talking to my wrv54g router. I knew there was a program I'd recently loaded that was most likely the problem because I had just used quickvpn an hour prior.

7) You have installed two nic’s on the client computer and quickvpn is trying to utilize the connection that is not assigned an ip address. Simply disable the card that is not being used.

8) IPSEC is not running on the client computer you’re connecting with.  To remedy this, go into control panel, administrative tools, then click on services.  If IPSEC isn’t started, set it to automatic and start the service.  If you’ve ever used ssh sentinel, this knocks your ipsec out and you have to go into windows services to restart it.

9)  The user account and password is not created or has not been typed in correctly. 

10) Large downloads will disrupt the routers tables causing quickvpn to not respond every so often.

11) Quickvpn terminates in the middle of a quickvpn session.  Just like #10, this hoses up the routing tables for vpn.  The answer is to delete all existing accounts and recreate them (don’t create the same username and passwords twice) or reset the router to factory default and start from scratch.

These configurations are just what I’ve noticed when having quickvpn problems.  People world wide have been following this guide with and have had success with the WRV54G, RV042 and the RV082 routers.  Again, this is just a baseline.  When you figure out what you need, just vary things as needed.

Thanks.

Johnnatan Rodríguez Miranda.

Cisco Network Support Engineer.

Version history
Revision #:
1 of 1
Last update:
‎05-21-2013 08:21 AM
Updated by:
 
Labels (1)
Comments
New Member

In Windows 8 Quick VPN won't be able to ping remote gateway unless Quick VPN will be run as an administrator.

Thank you for all the frustration and endless hours of troubleshooting cisco .