Honda Motorcycles - FireBlades.org banner

1 - 20 of 24 Posts

·
Registered
Joined
·
4,011 Posts
Discussion Starter #1
below is my issues (well my issues for the linksys!) Now after settings are in I cannot ping either WAN static from outside the networks. Oh yea, it is a BEFSX41 on each side...

Router # 1: Main office!
Firmware 1.52.9


WAN STATIC: 123.456.789.1011
SN: 255.255.255.252
GW: 123.456.789.1

LAN: 192.168.1.1
SN: 255.255.255.0


DHCP server is off - Windows Server 2003 is doing that.

IPSec pass through = enabled
PPPoE pass through = enabled (but not using)
PPTP pass through = enabled (but not using)

Tunnel 1 (VPN NAME)
VPN Tunnel: Enabled

Local Secure Group: Subnet
192.168.1.0
255.255.255.0

Remote Secure Group: Host


Remote Security Gateway: IP Addr.
Router 2's WAN address

Key Managment: Auto. (IKE)
PFS: Disabled
Pre-shared Key: whatever (but it does not matter it is off)
Key Lifetime: 3600 (off as well)

Under advance only settings checked are:

Operation mode = Main Mode (default)
Other settings: NetBIOS broadcast

________________________________________________________________

Router #2 Remote office
Firmware 1.52.9


WAN STATIC: 321.654.987.1110
SN: 255.255.255.0
GW: 321.654.987.1

LAN: 192.168.1.1
SN: 255.255.255.0


DHCP server is on...

IPSec pass through = enabled
PPPoE pass through = enabled (but not using)
PPTP pass through = enabled (but not using)

Tunnel 1 (VPN NAME)
VPN Tunnel: Enabled

Local Secure Group: Subnet
192.168.1.0
255.255.255.0

Remote Secure Group: Host


Remote Security Gateway: IP Addr.
Router 1's WAN address

Key Managment: Auto. (IKE)
PFS: Disabled
Pre-shared Key: whatever (but it does not matter it is off)
Key Lifetime: 3600 (off as well)

Under advance only settings checked are:

Operation mode = Main Mode (default)
Other settings: NetBIOS broadcast

______________________________________________________________

Any help would be great...
 

·
Registered
Joined
·
10,531 Posts
Yeah, check and see if you have a "Stealth Mode".
Oh, and it would help if you had proper IP addresses assigned. :p
Try tracing to it. If you can get there, you're just blocking Pings - which is a good thing.
 

·
Registered
Joined
·
10,531 Posts
showmethebombs said:
I can get online at both locations - but I cannot get the VPN to establish. :(
Alright, so your real issue is that you can't get a tunnel up? VPNs can be tricky, but where you're using two identical pieces of equipment it should set up pretty easy. Does Linksys have a quick setup guide? I know that most of these low-end units have some sort of easy set-up.
Why do you have the pre-shared secret turned off? What authentication are you using?
Without first-hand knowledge of those in particular, I would say to enter a pre-shared secret, you don't need perfect forward secrecy, but just type something like Test1ng into both configs at pre-shared secret, and keep the key lifetime at 3600. They have to be set the same on both ends and they are necessary.
Once you have the pre-shared and lifetimes set try your tunnel again.
 

·
Registered
Joined
·
806 Posts
showmethebombs said:
ok, that is the only thing I was guessing about....
Yeah, with a remote VPN it'll actually try to route IP vs. bridging it so you'll need different subnets! Not sure if that alone will fix it or not, but it's all about the baby steps... ;)
 

·
Registered
Joined
·
8,271 Posts
southpark460 said:
Yeah, with a remote VPN it'll actually try to route IP vs. bridging it so you'll need different subnets! Not sure if that alone will fix it or not, but it's all about the baby steps... ;)
and the extra integer in the IP address . . .
 

·
Registered
Joined
·
10,531 Posts
southpark460 said:
I just figured he changed the last octet to keep us geeks out... :D
I think it's more along the lines of he just started counting from 1 and ended with 11 rather than 10 for some reason. I also figured he was just leaving the internal addresses a basic which is why I didn't mention anything specific other than what I did in my first post.

I'd bet if he did post or PM the actual addresses and passwords the tunnel would have been set up rather quickly. :D
 

·
Registered
Joined
·
3,586 Posts
southpark460 said:
Won't work... You have the same internal IP range at both locations. You need to change one side or the other...
bingo

Also you might need to turn off the IPSEC pass though so the router accepts the IPSEC requests......but the routers might work that way not sure no experience with Linksys

Enable the PFS see if that helps.....seemed to make my netcomm happy.
 
1 - 20 of 24 Posts
Top