Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1772
Views
0
Helpful
9
Replies

RV016 won't allow QuickVPN to connect

tchilders
Level 1
Level 1

‎10-18-2010 02:17 PM

Current firmware (3.0.0.19-tm)

QuickVPN ver. 1.4.1.2

RV016 shows client connected, Client says there is a wrong Username, Password, IP, or something(?).

If I turn off the firewall on the RV016, I can get a good connection, then turn the firewall back on.

My remote users are not allowed to do this and are reluctant to call me to do it for them (thankfully, since they work all hours of the night).

I know the client works, and the RV016 works, since I can connect when the firewall is down, and stay connected when the firewall is turned back on.... but I can't seem to find the right hole to punch in the firewall to make it work.

Labels:
0 Helpful
9 Replies 9

davbarre
Level 1
Level 1

‎10-18-2010 02:46 PM

Hi Tom,


Can you please explain to us in a little more detail about your configuration?  Any port forwarding rules in place?


Also, is this an outbound attempt?  Meaning the client trying to initiate a Quick VPN connection is behind the RV016 trying to connect to another router, or the other way around, the RV016 is terminating the Quick VPN session?

Thanks!


Dave

David L. Barrett, Jr.
0 Helpful

tchilders
Level 1
Level 1
In response to davbarre

‎10-18-2010 02:51 PM

Sure.  The connection attempt is from outside the LAN.

I do have a number of port forwards... for server client connection (1180), for ftp(22), for individuals connecting to desktops via Remote Desktop Connections(3385-3399).

I can connect via a PPTP VPN account, turn off the firewall, disconnect the PPTP VPN, then connect on QuickVPN.

I'm using Windows XP and always leave the firewall on.

Thanks,

TC

0 Helpful

davbarre
Level 1
Level 1
In response to tchilders

‎10-19-2010 01:26 PM

Hi Tom,

When you say you use XP and always leave the firewall on, are you referring to the Windows firewall?  If so, that could very well be the issue.

With Quick VPN, Win XP needs to have the firewall turned off, and Vista and Win7 have to have the Firewall turned on.

Do you have any of the ports, 443, 500, 4500 or 60443 being forwarded?

Thanks!

Dave

David L. Barrett, Jr.
0 Helpful

tchilders
Level 1
Level 1
In response to davbarre

‎10-19-2010 02:22 PM

That's right, I have been leaving the Windows XP firewall up on the client machine.... I'll try turning it off tonight.

I'm not forwarding the ports you list, and I set the QuickVPN port to 'Auto'.

Thanks!

TC

0 Helpful

davbarre
Level 1
Level 1
In response to tchilders

‎10-19-2010 02:31 PM

Thanks for the reply Tom.

Please keep us posted on the progress.  Keep in mind too that any 3rd party firewalls can also have an affect on Quick VPN functioning.

Thanks!

Dave

David L. Barrett, Jr.
0 Helpful

tchilders
Level 1
Level 1
In response to davbarre

‎10-19-2010 07:22 PM

I turned off the Windows XP firewall and all my antivirus (Trend's services) and still it would not connect.  But as soon as I disable the RV016 firewall it makes the connection.  It doesn't seem to matter what I do on the laptop/client machine.  Then I can turn the RV016 firewall back on and the connection remains good... I've left it up for as much as 18 hours.

I tried just disabling SPI, just DoS, just Block WAN request, nothing I change lets me connect except to disable the RV016 firewall.

I tried setting up an access rule to allow it thru, but I'm not sure what I should be allowing (or denying)... any suggestions there?

Thanks,

TC

0 Helpful

davbarre
Level 1
Level 1
In response to tchilders

‎10-20-2010 02:59 PM

Hi Tom,


Can you please message me a sample account I can test with along with your WAN IP information?

Thanks!


Dave

David L. Barrett, Jr.
0 Helpful

tchilders
Level 1
Level 1
In response to davbarre

‎10-21-2010 07:55 AM

Dave, I hope you received the account info I sent....

Taking the advice from "RVS4000 will not accept QuickVPN connection" I went to www.grc.com and ran Shields Up!.  It reports that ports 443 and 60443 are open, but 500 and 4500 are 'Stealth'.

I called our ISP and was told that their equipment is "wide open", that we have everything available so if there's a restriction it has to be in our equipment.

I'm not forwarding 500 or 4500, and the Firewall 'Access Rules' lists:  "Allow", "IPsec 500", "WAN1", "Any" source, "Any" destination, "Always".

I turned off the Windows XP Firewall and Trend services on a couple of machines here and tried both.... I get the same results every time.  Is the RV016 somehow restricting those ports?  We had 'disconnect issues' before the last firmware update, but then this started about 4-6 weeks after I installed the latest firmware.

Thanks!

TC

0 Helpful

davbarre
Level 1
Level 1
In response to tchilders

‎10-21-2010 08:02 AM

Hi Tom,

I have not recieved your private message as of yet.

In regards to the ISP and ports, if that port is in stealth mode, most times that means they are allowing connection that have a source of your network, to the WAN.  However if a connection is coming from the WAN over on those ports, they are filtered or blocked.

I won't know for sure until I get your private message with your WAN IP address.  If you could also provide me a test account I can attempt with here that would be great as well.


Thanks!


Dave

David L. Barrett, Jr.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents