Connecting Linksys Remote Router to Symantec 200R

[JoeDallas]

I am getting the following message when I try to "connect" from the VPN screen within the Linksys Router:

00:04:00
00:04:00 IKE[1] Tx >> MM_I1 : XXX.XX.XXX.XXX SA
00:04:00 IKE[1] Rx << MM_R1 : XXX.XX.XXX.XXX SA
00:04:00 IKE[1] ISAKMP SA CKI=[d8247eff 39838269] CKR=[6aa1768c ccacad2a]
00:04:00 IKE[1] ISAKMP SA DES / MD5 / PreShared / MODP_768 / 480 sec (*480 sec)
00:04:00 IKE[1] Tx >> MM_I2 : XXX.XX.XXX.XXX KE, NONCE
00:04:01 IKE[1] Rx << MM_R2 : XXX.XX.XXX.XXX KE, NONCE
00:04:01 IKE[1] Tx >> MM_I3 : XXX.XX.XXX.XXX ID, HASH
00:04:02 IKE[1] Rx << Notify : INVALID-ID-INFORMATION
00:04:02 IKE[1] **Check your Local/Remote Secure Group settings !
00:04:30

I don't have IP's setup for Remote security gateway or gateway to gateway tunnels...

What am I doing wrong.

I just need the linksys (at home) to keep a connection open to the office. Is there an easier way to get an IPsec connection set up?

Joe

 

[apeasecpc]

Have you searched looked through Symantec's site for setting up a linksys to the 200R?

Since you don't have static IPs, have you set up dynamic DNS?

Invalid ID information is typically due to either a mismatched shared secret or IP address in the settings.

 

[JoeDallas]

I have search the Symantec site, but found nothing of use, of couse it could be user error.

The office (the 200R side) has a static IP, the house has dynamic ip.

Do I need dynamic dns set up?

any "configuration guides" you guys have seen?

 

[Rebsbox]

Hello JD

You don't need Dynamic DNS to get a connection but it will help it to stay up.

One thing is that if you are initiating on the linksys (connect) it can't go anywhere without a remote secure gateway setting. On the linksys this will be the static address assigned to the symantec on the other end.


I have a Linksys BEFVP41 connecting ok, static both ends and initiated through the linksys. I've also setup other devices to connect to the 200r including ones with dynamic IPs (we have a dynamic address at home).

Settings on the linksys:-

*Local secure group settings*
--- The subnet or address of the network/computer on the linksys side of the tunnel

*Remote secure group settings*
--- The subnet on the symantec side

*Remote Security Gateway*
--- The static address (WAN) of your symantec

*Encryption*: DES
*Authentication*: MD5
(these are what I'm using)

*Key Sharing*: AUTO(IKE)

*PFS*: Unticked

*Pre-shared Key*: 432112344321 (whatever)
*Key lifetime*: 3600

-----------------------------------------------------

Symantec settings

I suggest getting working by putting your IP address in for now for the remote gateway, get that working first then take it out again for client to gateway with 0.0.0.0

Under VPN>Dynamic Key

*Phase 1 negotiation*: Main Mode

*Encryption and Auth Method*: ESP DES MD5

*SA Lifetime*: 480

*Data volume limit*: 0

*inactivity timeout*: 0

*perfect forward secrecy*: disable

*Local security gateway*
------------------------
*ID Type*: IP ADDRESS
*Phase 1 ID* (leave blank)

*Remotesecurity gateway*
------------------------
*gateway address*: The dynamic address of the linksys
(- I would hardwire it initially to get it working, then perhaps take it back to 0.0.0.0 for client to gateway when its working)

*ID Type*: IP ADDRESS
*Phase 1 ID* (leave blank)

*preshared key*: 432112344321 (whatever matches the linksys)

*netbios broadcast*: enable
*global broadcast*: disable

*remote subnet IP1* fill in the subnet behind your linksys
(shouldn't be needed eventually)

Its probably a good idea to restart the symantec after you've configured it.


Hope that helps a little
Becky