Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

quickvpn connects but cannot access remote LAN

I am running a RV 120W wireless N router here in Japan on an ADSL circuit from Softbank BB. I have set the interal IP address range of the router away from default to be 192.168.11.0/24. Below are the VPn Deafult settings.

PN Wizard Default Values for IKE:
Gateway PoliciesClient Policies
Exchange Mode:MainAggressive
ID Type:Local WAN IPFQDN
Local WAN ID:Local WAN IPlocal.com
Remote WAN ID:N/Aremote.com
Encryption Algorithm:3DES3DES
Authentication Algorithm:SHA-1SHA-1
Authentication Method:Pre-Shared KeyPre-Shared Key
Key-Group:DH-Group 2 (1024 Bit)DH-Group 2 (1024 Bit)
Lifetime:8 Hours8 Hours
VPN Wizard Default Values for VPN:
Encryption Algorithm:3DES
Authentication Algorithm:SHA-1
Lifetime:1 Hours
PFS Key Group:DH-Group 2 (1024 Bit)
NETBIOS:Enabled (Gateway Policies)
Disabled (Client Policies)

IKE Policy

General
Policy Name:jmXXXXXXX
Direction / TypeBoth
Exchange Mode:Aggresive
Enable XAUTH Client:
Local Identification
Identifier Type:Local Wan IP
Local Wan IP:221.41.36.18
Peer IKE Identification
Identifier Type:FQDN
Local Wan IP:remote.com
IKE SA Parameters
Encryption Algorithm:3DES
Authentication Algorithm:SHA-1
Authentication Method:Pre-shared key
Pre-Shared Key:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Diffie-Hellman (DH) Group:2
SA-Lifetime:28800 Seconds

System fireware = 1.0.0.12

I updated tp the latest firmware which is RV120W_FW_1.0.1.3 and that made things even worse as I could not ;longer PING the external IP address even with the Firewall's basic settings turned all to "off". Since I was unaable to remote into the router I reverted back to version 1.0.0.12.

When I remote inusing QuickVPN I am not on the same subnet as the router. I am able to connect, establish the vpn tunnel, and remote access the router; but I am unable to see any resource computer or otherwise.

Below is an exerpt from the IPsec VPN log

2010-11-15 14:55:09: INFO:  Received unknown Vendor ID
2010-11-15 14:55:09: INFO:  For 202.213.133.102[500], Selected NAT-T version: RFC 3947
2010-11-15 14:55:09: INFO:  NAT-D payload matches for 221.41.36.18[500]
2010-11-15 14:55:09: INFO:  NAT-D payload does not match for 202.213.133.xxx[500]
2010-11-15 14:55:09: INFO:  NAT detected: PEER
2010-11-15 14:55:10: INFO:  Floating ports for NAT-T with peer 202.213.133.xxx[4500]
2010-11-15 14:55:10: INFO:  ISAKMP-SA established for 221.41.36.18[4500]-202.213.133.xxx[4500] with spi:33a0aa37181469aa:abab0fc0aa120f7a
2010-11-15 14:55:10: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-11-15 14:55:10: INFO:  Responding to new phase 2 negotiation: 221.41.36.18[0]<=>202.213.133.xxx[0]
2010-11-15 14:55:10: INFO:  Using IPsec SA configuration: 192.168.11.0/24<->10.19.73.xxx/32
2010-11-15 14:55:10: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)
2010-11-15 14:55:11: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 202.213.133.xxx->221.41.36.18 with spi=127988341(0x7a0f275)
2010-11-15 14:55:11: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 221.41.36.18->202.213.133.xxx with spi=4139774728(0xf6bff308)

I have created a Self Activatedcertificated and loaded it successfully into the trusted certificates table. I have loooked into issues with port 500 as a possible cause but I am unable to get the port fully open on any computer connected to or remoting into the RV 120W. This router will be relocated to my customers site who is using PPPoE authencation on a shared fiber line later this week. Any assistance to resolve or mitigate this issue would be appreciated.

Regards,


Scott

  • Small Business Routers
2 REPLIES
New Member

Re: quickvpn connects but cannot access remote LAN

Hi Scott

It seems you are having very similar issues to me!

It also seems that Cisco seem reluctant to come up with an answer.

Tomorrow I'm going to start looking for something else to swap this unit out, my customer's patience is starting to wear thin. I recommended this product to my customer because it had  a good name.

Let's hope that they come up with an answer for you PDQ!

Regards

Barry

New Member

Re: quickvpn connects but cannot access remote LAN

Hello Barry,

  I called Cisco in the USa and raised a ticket with them. The Cisco engineers we very helpfull and they were able to login using QuickVPN to my router. We were able to figure out that if any PC on the remote LAN that has a firewall running on it musteither be disabled or create some rulles as follows:

open Inbound TCP port 50, 445, 500, 4500.

open Inbound ICMPv4 that will allow you to PING the remote LAN IP address.

This worked for me.

1915
Views
0
Helpful
2
Replies