Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Befvp41 to Befvp41 VPN

Status
Not open for further replies.
Lee528

Lee528

MIS
Joined
Dec 12, 2003
Messages
3
Location
US
I installed 2 Linksys Befvp41s - 1 at each location about 2 miles apart. After setting the local and remote groups, vpn tunnel, shared key, etc., I finally go the vpn tunnel connected via 2 cable modems with static IPs.
The problem:
At Location 2 (192.168.6.x), I can only ping 2 remote machines and nothing else on the Location 1 network (192.168.1.x). These 2 remote machines are the internal ip of the vpn router (1.5), and a test NT 4 server plugged directly in to the router (1.23). All other machines at location 1 are on a hub that's connected via crossover to the vp41. When at location 1, I cannot ping anything remote, but can ping everything else on the 1.x network.
I updated both firmwares on the routers, checked every possible setting (I think!) and am now stuck. On the vpn screen, it says connected. I checked the cable company and they said they don't block any ports, etc. Any ideas??
 
Sort by date Sort by votes
Thanks for your reply. Here's more info:
Location 2 (in Kentucky):
Linksys befvp41 is dhcp server giving IP 192.168.6.101 to test win98se laptop wired into port 2. Desktop win98xp is pulling IP 192.168.6.102 also wired in to linky.

Location 1 (in Kentucky):
Linksys befvp41 is not dhcp server. All desktops (win98se or XP pro) machines have hard-coded IPs (192.168.1.x/255.255.255.0). There is a PIX box that connects this network to our main office via full T-1.
PIX box is 192.168.1.1 and connects to Main office in Ohio.

I mainly work at the main office in Ohio and am just trying to get the two KY locations talking to eachother, then will tackle the issue of Location 2 talking to main office - particularly running telnet sessions on our Unix box. When I get to work tomorrow, I'll have our MIS guy in KY to get the logs from the Linkies.
 
Upvote 0 Downvote
Here's the log from the Linky in Location 1. I truncated it since this same thing repeats (except for the time). I replaced the last octet with XXX, but it is the WAN IP of Location 2's Linky. Thanks for any suggestions:

18:03:30 IKE[1] Tx >> MM_I1 : 65.173.143.XXX SA
18:03:30 IKE[1] Rx << MM_R1 : 65.173.143.XXX SA
18:03:30 IKE[1] ISAKMP SA CKI=[e4d50ac6 daf6a1cc] CKR=[d2d3f919 a6c9628e]
18:03:30 IKE[1] ISAKMP SA DES / SHA / PreShared / MODP_768 / 28800 sec (*28800 sec)
18:03:30 IKE[1] Tx >> MM_I2 : 65.173.143.XXX KE, NONCE
18:03:30 IKE[1] Rx << MM_R2 : 65.173.143.XXX KE, NONCE
18:03:30 IKE[1] Tx >> MM_I3 : 65.173.143.XXX ID, HASH
18:03:31 IKE[1] Rx << MM_R3 : 65.173.143.XXX ID, HASH
18:03:31 IKE[1] Tx >> QM_I1 : 65.173.143.XXX HASH, SA, NONCE, ID, ID
18:03:31 IKE[1] Rx << QM_R1 : 65.173.143.XXX HASH, SA, NONCE, ID, ID
18:03:31 IKE[1] Tx >> QM_I2 : 65.173.143.XXX HASH
18:03:31 IKE[1] ESP_SA DES / MD5 / 3600 sec (*3600 sec) / SPI=[b465c014:20872f21]
18:03:31 IKE[1] Set up ESP tunnel with 65.173.143.XXX Success !
18:03:31
18:05:30
18:05:30 IKE[1] Tx >> MM_I1 : 65.173.143.XXX SA
18:05:30 IKE[1] Rx << MM_R1 : 65.173.143.XXX SA
18:05:30 IKE[1] ISAKMP SA CKI=[b04d3385 6dbb2d85] CKR=[8fc99f61 dd475ae1]
18:05:30 IKE[1] ISAKMP SA DES / SHA / PreShared / MODP_768 / 28800 sec (*28800 sec)
18:05:30 IKE[1] Tx >> MM_I2 : 65.173.143.XXX KE, NONCE
18:05:30 IKE[1] Rx << MM_R2 : 65.173.143.XXX KE, NONCE
18:05:30 IKE[1] Tx >> MM_I3 : 65.173.143.XXX ID, HASH
18:05:31 IKE[1] Rx << MM_R3 : 65.173.143.XXX ID, HASH
18:05:31 IKE[1] Tx >> QM_I1 : 65.173.143.XXX HASH, SA, NONCE, ID, ID
18:05:31 IKE[1] Rx << QM_R1 : 65.173.143.XXX HASH, SA, NONCE, ID, ID
18:05:31 IKE[1] Tx >> QM_I2 : 65.173.143.XXX HASH
18:05:31 IKE[1] ESP_SA DES / MD5 / 3600 sec (*3600 sec) / SPI=[621e0f78:efcfb30d]
18:05:31 IKE[1] Set up ESP tunnel with 65.173.143.XXX Success !
 
Upvote 0 Downvote
1. the log looks good.
2. Do you select subnet for local and remote secure groups?
3. use tarcert remoteip command at location 1 and then check the log again. Please also post both results of the log and tracert here.

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at
 
Upvote 0 Downvote
Your VPNs are fine, but that is just the first step. Once your VPN works, you have to check out your IP routing.

If both LinkSys devices are the default gateway, it should work, but if not, you will have add a static route or use a routing protocol (LinkSys supports RIP) on whatever else is doing your routing.

In fact, maybe you have RIP turned on on the one LinkSys and your NT server, but not your gateways or individual PCs (Win9x does not have RIP, but XP and maybe 2000 have a RIP listner, although I'd say just update your default gateway or routers). That would explain why you could ping that one device besides your LinkSys.

Remember, you have to be able to route to the remote network, and the remote network has to be able to route back to you. If either is missing, you won't be able to ping or anything else.

Tom
(It looks like I'm in your geographic location.)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question Question
How to Create an site to site VPN
Replies
1
Views
897
sircles
sircles
sarahz2
  • Locked
  • Question Question
Best vpn safe and fast
Replies
4
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question Question
Built-in Windows 10 VPN
Replies
1
Views
936
Joon Smith
Joon Smith
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F

Part and Inventory Search

Sponsor

Back
Top