I hope that you can help with this hot potato.
Router is a version 1.1 running with sw version V1.1.13-ETSI
Quick VPN is sw version Ver 22.214.171.124
The issue is that I can't connect due to that i cant ping the internal IP, get this error message in the QVPN log [WARNING]Failed to ping remote VPN Router!
I have tried to do what is suggested in this thread http://homecommunity.cisco.com/t5/Wireless-Routers/User-based-VPN-access-using-a-WRVS4400N-and-QuickVPN-quot-remote/m-p/236334 and with this work arround QVPN can connect.
I have disablet the "Block WAN Request" and it is possible to ping the router on the external site.
So as I see it, the router blocks for ping on the internal IP via QVPN, what have I done wrong ?
Does the normal traffic pass through the tunnel before you modifying the remotelanip in the vpnserver.conf file?
I dont know if this is what you are asking for, if not please clarify
Output from the QVPN log file:
2010/07/29 17:06:00 [STATUS]OS Version: Windows XP
2010/07/29 17:06:00 [STATUS]Windows Firewall is ON
2010/07/29 17:06:00 [STATUS]One network interface detected with IP address 192.168.15.106
2010/07/29 17:06:00 [STATUS]Connecting...
2010/07/29 17:06:00 [DEBUG]Input VPN Server Address = 126.96.36.199
2010/07/29 17:06:00 [STATUS]Connecting to remote gateway with IP address: 188.8.131.52
2010/07/29 17:06:05 [STATUS]Remote gateway was reached by https ...
2010/07/29 17:06:05 [STATUS]Provisioning...
2010/07/29 17:06:11 [STATUS]Success to connect.
2010/07/29 17:06:11 [STATUS]Tunnel is configured. Ping test is about to start.
2010/07/29 17:06:11 [STATUS]Verifying Network...
2010/07/29 17:06:18 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:21 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:25 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:28 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:32 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:35 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
I have also tried with the Windovs firewall turned off, no changes observed.
>2010/07/29 17:06:18 [WARNING]Failed to ping remote VPN Router!
The above showed that QuickVPN Client was not able to ping the remote router's LAN IP. What's the LAN IP of the WRVS4400N that you were trying to connect to? While the QuickVPN Client showing "Verifying Network...", could you test if you can ping the PC in the LAN of WRVS4400N?
The Lan IP of the router is 10.10.0.1
I cant from the external site ping a PC on the inside lan side of the router, it seems thats the problem and the reason for QVPN cant conect
The remote client PC IP is 192.168.1.6
I have tried it from work, which is a big infrastructure, with no luck
Then I have tried it from the neibóurgh, on a LinksysC230 connected to a DSL line, still with no luck
It might be a good idea to contact the Small Business Support Center so more toubleshooting can be done. Common issues include
Windows IPsec service not started, third party firewall blocking the ping, or firewall in front of the QuickVPN Client blocking the IKE, etc.
Here you can find a list of phone numbers to call.
OK I will do that
But to answer your question, I have tried the following:
Windows IPsec service not started - Checked, service is running
Third party firewall blocking the ping - I can ping the WAN side of the router, how do I check if my ISP has blocked for ping ?
Firewall in front of the QuickVPN Client blocking the IKE - I have tried booth with windows firewall switched on and off
>Firewall in front of the QuickVPN Client blocking the IKE
Some companies block IKE/IPsec at work. At home, some ISP blocks IKE. This will require packet capture analysis to find the root cause.
Had the same problem and just wanted to post my solution.
Im using a firewall named Windows 7 Firewall Control, and for that reason I did disable and stop the Windows 7 naitve firewall, and that was what caused the problem.
Reading this thread, the second last posting by, helped me fix the problem:
Windows Firewall need to up and running, so make sure it is.
Then, click the Windows orb, in the "search programs and files" field type "firewall"
Click on "Windows firewall with Advanced Security"
Then click "Outbound Rules"
Remote Assistance WSD Out
and Network Discorvery WSD Out
I'm running Quick VPN Client version: 184.108.40.206, WRVS4400N firmware version: V220.127.116.11-ETSI, Win7 pro 64bit
Hope that some Cisco tech can explain why it is necessary to have the Windows 7 firewall running for this to work?
And would it be possible that you could update the installer for the Quick VPN client, so that it is not necessary
to click yes to the UAC alert every time the Quick VPN client is started.
I got the same Problem. about 3 months ago when i bought 2 of these WRVS4400Nv2 Routers: site2site vpn and client2site vpn worked fine.
Now i can't connect to both of them any more via quick VPN Client. - I tried from the same machine it worked already 3 months ago. - Since some days i get the error at verifying Network - The remote Gateway isn't responding, and if i wanna wait....
I also updated now to the newest version on the router 18.104.22.168-ETSI - no change same error.
I'm running Quick VPN Client version: 22.214.171.124, WRVS4400N firmware version: V126.96.36.199-ETSI, Client: Win7 Enterprise 64bit
I've read that the Win7 Firewall is the problem..in my company the Win7 Firewall is deactivated in the Domain, but it worked already 3 months before....didn't change anything in the win7 Fw....the win7 firewall was already deactivated 3 months before (in the domain), thats a domain wide configuration of my company.
So i tried from outside my company (from home, same client), then the win7 firewall is enabled (private network, no domain) - still no change same error.
I also tried from a new different computer, Win7 Enterprise 64bit - this host is in no domain, still no luck. tried win7 FW on and off, no change.
To the 2 rules:
Remote Assistance WSD Out
and Network Discorvery WSD Out
I already enabled "Network Discorvery WSD Out" on the Win7 Firewall in the domain (even that the win7 fw is disabled i the domain) and for private networks. - no change same error.
-> on both pc's i can't find a rule "Remote Assistance WSD Out" - so what port(s) do i have to enable when i add this new rule?
And confusing is, it worked already 3 months before without doing anything else then configuring the Router and installing Quick VPN on the client, so why should i need to enable these 2 rules Jacob wrote, when it already worked without doin this 3 months ago?
What else can i do to get this Quick VPN Client working again with my 2 routers?
client log output: 2012/02/20 14:20:18 [STATUS]Success to connect. 2012/02/20 14:20:18 [STATUS]Tunnel is configured. Ping test is about to start. 2012/02/20 14:20:18 [STATUS]Verifying Network... 2012/02/20 14:20:24 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:27 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:30 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:33 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:36 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:39 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect. 2012/02/20 14:20:40 [STATUS]Disconnecting... 2012/02/20 14:20:48 [STATUS]Success to disconnect.
UPDATE: I even tried an allow rule on the router which allows ping to the internal IP(192.168.0.1) from any....makes no change. So the only thing what really changed since 3 months where client VPN already worked is windows itself (trough updates). I only updated the router firmware cause this was not working, but it made no change if i use 188.8.131.52 or the new one 184.108.40.206. -> didnt change anything on the router neither on the quick vpn (same version). Really cofusing why its not working any more.
Some things to be aware of...
Microsoft XP SP3 (until 2014)
Windows Vista/ 7
The QuickVPN Utility is just a front end interface that allows for a user friendly interface on configuring the Microsoft IPSec service to connect to the router. (That’s why it doesnt work on any operating system but Microsoft.)
First the client connects using SSL to the router and looks for a certificate.
If you are using a certificate it in needs to be installed or you can click no and bypass the certificate warning.
The next step authenticates the user name and password supplied to the router. Only one client per username can be logged in at one time. Once the user authenticates the IPSec tunnel will negotiate and establish. (Up until this point if anything fails you will get the 5 error message screen.)
At this point the client sends an ICMP Echo Request through the tunnel to the internal IP address of the router. (Yes, if you look the user is connected in the status of the routers interface for the tunnel.) The inside IP address determined during the authentication phase. The router sends an ICMP Echo Reply back through the tunnel to the client. (If this fails you will get the error Remote Gateway not responding.)
Out of the server thousand QVPN issues I have trouble shot it is 90%, or more the client’s windows firewall. The other 5% is third party software or firewall, 3% is customers using the same IP subnet on both sides of the tunnel, and the last 2% is configuration issues on the router. Once in a great while an ISP will be blocking ports but it is rare.
Software like Windows Defender and other Antivirus and software will modify the TCP/IP stack and the security of the operating system. Some of these software’s will run in safe mode and others modify settings that even if removed from the computer will continue to prohibit the QuickVPN process. Domain systems use Group Policy to control firewalls of workstations in the domain. Network based antiviruses will create Domain policies to distribute those settings.
Since XP, Microsoft has continued to make their operating systems more secure. The more secure you make something the more user unfriendly, and more productivity prohibiting it becomes. We all want our environment secure, but everyone’s environment is different, and manually changes must be made to allow traffic that we want to work through this added security.
I would recommend if you are not able to connect from your machines you can call into the call center at 1-866-606-1866 and create a case. From there we can test from our lab which doesn't have any domain or antivirus rules to test. We use these computers to test everyday and can verify that the ISP is not blocking and that the router is properly working.
Cisco Small Business Support Center
CCNA, CCNA - Security
Thanks for the fast answer!
I solved the problem with switching back to an older System Recovery Point (2 weeks ago, i installed the Anyconnect client for a customer) - changed back before this install and QuickVPN login works again with both of my WRVS4400N.
So in my case it was not the win7 firewall i guess - it seems the VPN clients on my client disturbed each other (6 different VPN clients atm, the 7th was too much it seems, too many virtual adapters)
Thanks for all.
I have seen that before, sorry for not posting on that. One thing that has been reported to help is to reset the tcp/ip stack. I found a kb on Microsoft for this.
Hope this helps,
Cisco Small Business Support Center
CCNA, CCNA - Security
I got it working, but now some IP's in the network does not respond correctly.
I have spoked Adrian on the phone and he has got the some problem on one device.
Here is a linkg to my post: https://supportforums.cisco.com/message/3591646
Need to set all devices on DHCP, so getting automatic IP from the DHCP server.
Still it is a bug, because when i set the same settings as manual (IP, subnet mask, gateway and DNS) then it will not work.
I have the same Problem just had no time to post it here - Danny informed me - thx!
-> Got a site2site tunnel between my 2 WRVS4400N where all is working fine:
I can ping my internal server on sideA with the ip 192.168.0.9 from sideB (10.0.0.0/24 subnet.)
All is working like im in the same subnet, so vpn working like intended.
But when i connect trough quickvpn i can't reach the server neither per ping nor by netshares. - But i can reach other hosts in the LAN per ping and browser....But i didn't check if all static hosts are not pingable,i will test this next time.
Its not possible for me to put this server onto dhcp, that makes no sence -I mean i could put it on dhcp for testing and reserve the ip for the server with the MAC Adress, but that can't be a solution its only a workarond i would say.
It would be nice if you could fix that problem in the next software.
I had the same problem. I found that the system Time of the router was out of sync. I used my Domain Controller as the NTP server and the time as synced properly. The VPN is now working perfectly.
You should verify the Router Local Time.