... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.dcom.vpn

VPN protocols, clients, awesomeness

2,348 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 2,133 of 2,348

Fred Marshall to Roy Hills

Re: Setting up site to site VPN with RV0

22 Apr 07 16:39:44

   From: fmarshallx@remove_the_x.acm.org   
      
   "Roy Hills"  wrote in message   
   news:v4cn239chkn63ctnl4gkv21grijp66v3do@4ax.com...   
   > On Sat, 21 Apr 2007 11:21:52 -0700, "Fred Marshall"   
   >  wrote:   
   >>I'm working to set up a VPN between sites using RV042 at each end.  I've   
   >>set   
   >>up a "lab" that emulates a simple version of the intended setup   
   >>   
   >> [snip]   
   >>   
   >>The VPN tunnel doesn't "connect" even under these simple circumstances.   
   >   
   > There are many possible issues here, but there are in essence two ways to   
   > solve the problem:   
   >   
   > a) The "black box" method: get some example router configs that are known   
   > to work, adapt them to your situation, and see if that works; or   
   >   
   > b) The investigative method: see what's going wrong and try to fix it.   
   >   
   > If you want to understand what's going on, then option (b) is by far the   
   > best.  However, if you just want to get it working and don't care how,   
   > then   
   > option (a) might be faster if you can lay your hands on some sample   
   > configs.   
   >   
   > That said, I'm going to give you some basic advice for option (b), which   
   > should help you to narrow down the problem if you go down this route.   
   >   
   > Your first step should be to determine where it is failing.  There are a   
   > number of possible points, depending on how far the VPN connection process   
   > gets along before something fails:   
   >   
   > 1.  There is no IKE communication at all between the routers;   
   > 2.  IKE Phase-1 (Main or Aggressive Mode) fails;   
   > 3.  IKE Phase-2 (Quick Mode) fails; or   
   > 4.  IKE Phases 1 and 2 complete, but no ESP traffic flows.   
   >   
   > I'd set up a sniffer on the hub that connects the two VPN devices (and   
   > make   
   > sure its a hub and not a switch so you can see the traffic), and watch the   
   > communication between them to see how far it gets.   
      
   Roy,   
      
   Thanks!  Well, at this stage I have the VPN connecting and can ping through   
   it.   
   However, I can't map drives using the IP addresses of their hosts.   
      
   All I see on the hub are pretty much ISAKMP Informational packets of 126   
   bytes each - going one way and then the other.  Occasionally there's a ping   
   from one VPN device public address to the other VPN device public address -   
   and a reply.   
      
   Fred   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]